View Full Version : LSP False Positive as ShotAtHome

2007-05-30, 22:29
I am developing an LSP (Layered Service Provider) based on an example written by Microsoft. My LSP Is identified by SpyBot as ShopAtHome. Obviously the "authors" of ShopAtHome based their code on the same example. I have changed the GUID but still my LSP is identified as ShopAtHome. What is the criteria that SpyBot uses to detect ShopAtHome? What changes do I need make in order to different enough?

2007-06-01, 13:42

could you submit a log of the scanresult?
It may be possible that ShopatHome used the example provided by Microsoft, it would not be the first malware writer who did that.

To be on the safe side you should try to create your unique IDs for your LSP, so that it does not get confused with other LSPs

2007-06-07, 23:52
Following is a log file of my scan.

I have changed the GUID of my LSP but still it is identified as ShopAtHome.

What other criteria does SpyBot use?

2007-06-11, 10:54

Spybot also uses the filename and the name of the lsp.
I think there may be a false positve with the naming of the lsp.
If you sent me your email address via pm, I can sent you a modified hijackers.sbi so you can check if the issue is resolved. Otherwise just wait until the update scheduled for wednesday.

2007-06-14, 22:11
Yo Yodama,

I have changed both the LSP name and file name but the result is as I described.

Please excuse my ignorance but how do I send you a private message?

2007-06-15, 08:20

Please excuse my ignorance but how do I send you a private message?

Click on Yodama's name above the avatar.

A drop down menu appears.

Choose > Send a Private Message. :)