PDA

View Full Version : Blindman.exe a Trojan Horse?



BloomKitty
2007-05-31, 19:16
Hello,

(Forgive me if this is posted in the wrong place. I'll be happy to re-post to correct forum once I know which.)

Yesterday, my Norton AV did a live update and downloaded new AV definitions. Immediately afterwards, it scanned and found blindman.exe within the Spybot program files, and it's calling it a Trojan Horse. NAV was not able to remove blindman.exe, so it quarantined it, instead.

From reading about blindman.exe, I see that normally it is a benign program that does nothing. I'm worried that now it's not so benign, and so am leery of attempting to run Spybot.

Has anyone else seen this? Is Norton over-reacting, or do I really have a quarantined Trojan Horse on my system that I should try to eliminate?

Thanks in advance for any words of wisdom.

-Mary

md usa spybot fan
2007-05-31, 19:29
Please see the following thread:
Norton Anitvirus labels spybot/blindman.exe as trojan?
http://forums.spybot.info/showthread.php?t=14308

BloomKitty
2007-06-01, 00:40
So, just to be clear -- that's definitely a false-positive by Norton Antivirus? There are no incidents of a Trojan replacing blindman.exe with a more malicious but same-named program?

If it truly is a false-positive, and that little program has now been quarantined by Norton, will I have problems running Spybot S&D in the future?

md usa spybot fan
2007-06-01, 01:14
So, just to be clear …
Just to be clear, you should be dealing with Symantec to determine if the problem is a false positive within Norton Antivirus.

The attributes of the legitimate blindman.exe for Spybot-S&D 1.4 are:
C:\Program Files\Spybot - Search & Destroy\blindman.exe
Size: 47256
Version: 1.0.0.1
CRC-32: CDC6DFAE
MD5: 816949D965391B642DF2BD90A2A3B06D
SHA1: 372313DA2CCEB18AD93A74B73589539FF8DF6F78
Modified date: Tuesday, May 31, 2005 2:04:00 AM
File version: 1, 0, 0, 1
Company name: Safer Networking Limited
Comments: Dummy zur Verknüpfung mit nicht zu öffnenden Dateien.
Legal copyright: © 2002-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
Product name: Spybot - Search & Destroy
Product version: 1, 4, 0, 3