False Positive for win32.small.of

Elmer

New member
We have found that the Win32.Small.Of is identifying a legit product as a trojan.
The company is http://ppc.thomson.com. They have all their products going into the HKEY_LOCAL_MACHINE\SOFTWARE\PPC registry. The Spybot software apparenty assumes that all ppc entries are the same as bad Ppc entry in the registry.
Currently we have the customer restore the entry and then go in an ignore the win32.small.of item so it doesn't happen again.
Appreciate any help on this.
Here is the log

Win32.Small.Of: [SBI $72649B53] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Ppc


--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-06-18 unins000.exe (51.41.0.0)
2007-09-19 unins001.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-09-19 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-09-19 Includes\DialerC.sbi (*)
2007-08-29 Includes\Hijackers.sbi (*)
2007-09-19 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-09-19 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-09-12 Includes\Malware.sbi (*)
2007-09-19 Includes\MalwareC.sbi (*)
2007-09-05 Includes\PUPS.sbi (*)
2007-09-19 Includes\PUPSC.sbi (*)
2007-09-19 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-09-19 Includes\SecurityC.sbi (*)
2007-09-12 Includes\Spybots.sbi (*)
2007-09-19 Includes\SpybotsC.sbi (*)
2007-08-21 Includes\Tracks.uti
2007-09-12 Includes\Trojans.sbi (*)
2007-09-19 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll



Here is little of the PPC entry that is used for the products.

[HKEY_LOCAL_MACHINE\SOFTWARE\PPC]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\PPC\ElectronicWorkpapers]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\PPC\ElectronicWorkpapers\Commercial]
"LatestYear"="20060501"
"Title"="Small Business Audits"
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\PPC\ElectronicWorkpapers\Commercial\2005]
 
thank you for reporting,

this fp has been fixed and will be effective with the update scheduled for the middle of next week.
 
Back
Top