Killer
2005-11-01, 08:00
Smitfraud-C False Positive?
Earlier tonight I got my first ever TeaTimer popup notification regarding a detected spyware. The exact log info is below:
10/31/2005 8:39:27 PM Encountered and terminated Smitfraud-C. in D:\fps\Quake III Arena\quake3.exe!
The 1st popup displayed a spyware alert message and blocked the program. Subsequently, I can launch and play the game without receiving an alert message but a new entry is added each time to TeaTimer's log.
I've been playing Quake 3 for 5 years and using Spybot for at least 2 years without issue. So I would like to take this seriously but I'm not sure if I should.
Neither my router firewall or McAfee Enterprise FW yield anything suspicious in the logs or permissions. I've checked my WinXP processes and services without detecting anything.
A complete scan with the latest updated version of Ad-Aware also did not find anything. In addition, I use Spyware Blaster, only use FireFox 1.07, and a complete scan with the latest updated Spybot SD yielded only the results below:
----------
Windows Security Center.FirewallDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0
Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0
Windows Security Center.UpdateDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify!=dword:0
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-06-09 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-10-28 Includes\Cookies.sbi (*)
2005-10-28 Includes\Dialer.sbi (*)
2005-10-28 Includes\Hijackers.sbi (*)
2005-10-28 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-10-28 Includes\Malware.sbi (*)
2005-10-28 Includes\PUPS.sbi (*)
2005-10-28 Includes\Revision.sbi (*)
2005-10-28 Includes\Security.sbi (*)
2005-10-28 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-10-28 Includes\Trojans.sbi (*)
----------
Ignore the Windows Security Center items as I use far better replacement products (McAfee AV 8.0i anf McAfee FW 8.5 Enterprise editions).
No mention about quake3.exe or Smitfraud-C. How is this possible that TeaTimer says it's an issue but Spybot SD indicates no problem?
Consequently, I plan to ignore TeaTimer at this time but watch any further development closely. However, if this is a confirmed false positive, it would be nice if it could be corrected so that TeaTimer doesn't log it.
Earlier tonight I got my first ever TeaTimer popup notification regarding a detected spyware. The exact log info is below:
10/31/2005 8:39:27 PM Encountered and terminated Smitfraud-C. in D:\fps\Quake III Arena\quake3.exe!
The 1st popup displayed a spyware alert message and blocked the program. Subsequently, I can launch and play the game without receiving an alert message but a new entry is added each time to TeaTimer's log.
I've been playing Quake 3 for 5 years and using Spybot for at least 2 years without issue. So I would like to take this seriously but I'm not sure if I should.
Neither my router firewall or McAfee Enterprise FW yield anything suspicious in the logs or permissions. I've checked my WinXP processes and services without detecting anything.
A complete scan with the latest updated version of Ad-Aware also did not find anything. In addition, I use Spyware Blaster, only use FireFox 1.07, and a complete scan with the latest updated Spybot SD yielded only the results below:
----------
Windows Security Center.FirewallDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0
Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0
Windows Security Center.UpdateDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify!=dword:0
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-06-09 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-10-28 Includes\Cookies.sbi (*)
2005-10-28 Includes\Dialer.sbi (*)
2005-10-28 Includes\Hijackers.sbi (*)
2005-10-28 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-10-28 Includes\Malware.sbi (*)
2005-10-28 Includes\PUPS.sbi (*)
2005-10-28 Includes\Revision.sbi (*)
2005-10-28 Includes\Security.sbi (*)
2005-10-28 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-10-28 Includes\Trojans.sbi (*)
----------
Ignore the Windows Security Center items as I use far better replacement products (McAfee AV 8.0i anf McAfee FW 8.5 Enterprise editions).
No mention about quake3.exe or Smitfraud-C. How is this possible that TeaTimer says it's an issue but Spybot SD indicates no problem?
Consequently, I plan to ignore TeaTimer at this time but watch any further development closely. However, if this is a confirmed false positive, it would be nice if it could be corrected so that TeaTimer doesn't log it.