PDA

View Full Version : smitfraud-c toolbar888



zero3
2007-05-03, 20:29
I recently purchased a USB wireless router adapter for my pc. The model is Planex GW-US54Mini2. After installing the software, Spyboy pooped up a message saying that install.exe is a smitfraud-c toolbar888 and automatically terminated the process. My new USB wireless adapter would not work without the software. I think this a false positive. Since other spyware programs did not detect anything on it. Please fix this problem. Thanks.

PS: here is the website of Planex
wxx.planex.net

md usa spybot fan
2007-05-03, 21:54
If you are sure that the software is not infected:
Execute the "install.exe".
When you receive the following message:


Spybot - Search & Destroy

Spybot - Search & Destroy has encountered and
terminated a process that is listed as part of a
malicious software.

Process ID: ????
Filename: install.exe
Found in: ????
Identified as: Smitfraud-C.Toolbar888

If Spybot - Search & Destroy encounters this process again…
● Inform me again.
○ Automatically kill this process.
○ Allow this process to run (NOT RECOMMENDED).

■ Delete the associated file. [?] [OK]
Check "Allow this process to run (NOT RECOMMENDED)."
Uncheck "Delete the associated file".
Click "OK"
Execute the "install.exe" again.
After the product has been installed:
Submit an email to detections#spybot.info (replacing the # with @). The email should contain:
A reference to this thread:
smitfraud-c toolbar888
http://forums.spybot.info/showthread.php?t=13437
And an attachment of a zipped copy of the "install.exe" file in question.

zero3
2007-05-04, 16:27
file sent with reference to this thread.

Carol
2007-05-06, 02:56
Was smitfraud-c toolbar888 confirmed as a false positive? I see a few reportings, but no confirmations. :sad:

tashi
2007-05-06, 06:38
Was smitfraud-c toolbar888 confirmed as a false positive? I see a few reportings, but no confirmations. :sad:

Hello.

A forum search shows these topics from January 2007.

http://forums.spybot.info/showthread.php?t=10349

http://forums.spybot.info/showthread.php?t=10184

http://forums.spybot.info/showthread.php?t=929

http://forums.spybot.info/showthread.php?t=10688

Hope that helps. :)

Carol
2007-05-06, 22:13
Thanks Tashi. I was specifically referring to, as of the updates on 5/2. I'm presuming it wasn't another false detection of the smitfraud-c toolbar888, otherwise it would have been stated as such.

Thanks again..
Carol

tashi
2007-05-06, 22:56
Ok and if in doubt:


Open SpyBot.
Check for problems.
When finished, right click and choose copy results (not the full report) to clipboard and post that into topic.
:)

Yodama
2007-05-07, 10:17
hello,

the reported install.exe is a false positive the dection rules are being corrected, they will be effective with the next update. Teatimer will need to be restarted as well.

Until then please follow md usa spybot fans instructions for allowing the file to execute.

Carol
2007-05-07, 15:35
Yodama...

Thank you for your reply. I suspected it might be the case, but was not sure and thought it best to check here.

Thanks again,
Carol

md usa spybot fan
2007-05-07, 15:46
zero3:
Carol:
Et al:

If you followed my instructions to bypass the termination of the "install.exe", I suggest that after the next set of updates you go into TeaTimer's "White & Black List" and remove the entry that was created. To do that:
Right click on the TeaTimer system tray icon and select Settings. This will bring up TeaTimer's "White & Black List". There are four (4) Buttons across the top of the "White & Black List":

Allowed processes
Blocked processes
Allowed registry changes
Blocked registry changes
Click on the "Allowed processes" button.
Remove the entry associated with the "install.exe" by clicking on the scripted black "X" to the right of the entry and then clicking the "OK" button.

zero3
2007-05-20, 12:26
Thank you very much for your support. Spybot Rocks!!!!:bigthumb:

user67
2007-05-20, 15:35
Hello,

I have the following message:

Category - "Global Browser Toolbar",

Change - "Value deleted", Entry {9FB3908C-6565-4CB0-...}

Could you please let me know - what do I need to do "Allow" or "Deny" ?

Also, the "Black & White List" is Empty. Although, I did many times "Blocked Registry Changes".

Please see the attachment: msg1.zip

Regards,

User67.