View Full Version : Fixed: unvise32.exe Spybot-S&D 1.5.1
Hallo,
Spybot-S&D 1.5.1 reports a problem with the file 'unvise32.exe' located inside windows directory:
Firma: Spytech Software
Produkt: SpyAgent
Bedrohung: Keylogger
According to this side:
http://www.mindvision.com/winvise_faq.asp?Action=Q&ID=283
this file is part of the vise installer.
Best regards,
VV
Hi there.
Both malware and legit programs utilize unvise32.exe.
Please post the log of the actual detection by Spybot-S&D.
Run another scan.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Then paste (Ctrl+V) those results to a new post in this thread.
Best regards.
--- Search result list ---
SpyAgent: [SBI $CB6A2BAE] Ausführbare Datei (Datei, nothing done)
C:\WINDOWS\unvise32.exe
--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---
2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-09-04 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2007-09-26 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-09-26 Includes\DialerC.sbi (*)
2007-08-29 Includes\Hijackers.sbi (*)
2007-09-26 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-09-26 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-09-12 Includes\Malware.sbi (*)
2007-09-26 Includes\MalwareC.sbi (*)
2007-09-05 Includes\PUPS.sbi (*)
2007-09-26 Includes\PUPSC.sbi (*)
2007-09-26 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-09-26 Includes\SecurityC.sbi (*)
2007-09-12 Includes\Spybots.sbi (*)
2007-09-26 Includes\SpybotsC.sbi (*)
2007-08-21 Includes\Tracks.uti
2007-09-12 Includes\Trojans.sbi (*)
2007-09-26 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll
philfollower
2007-09-27, 00:20
Hi -- can SpyBot S&D tell me when the SpyAgent was installed on my computer? How would I access that information?
When I moused-over the original unvise32.exe file in Windoze XP (before running the latest update of SpyBot, today), the unvise32 install date was November 2005 ... but that doesn't seem possible, does it??
Is the update that catches SpyAgent new, as of today? or has SpyBot been able to catch it for a long time now?
If SpyBot's always been able to catch SpyAgent, then it's just recently been installed on my computer -- I'm probably going to survive. If the SpyAgent catcher is new, then I have no idea how long SA has been running on my computer.
If SpyAgent was running on my computer since November 2005, sending all my stuff to an unknown e-mail address, that's scary as hell. I concluded my scan and told SpyBot to destroy it.
I'm presently following your advice to the last guy, and I ran a second SpyBot S&D scan -- it produces "No threats." Does this mean that it's too late to find out how SpyAgent was installed on my computer?
Thanks ... Phil
Hello philfollower,
This thread was started in the False Positives forum, which is why I asked vvoss for a short log.
A detective will respond later in the day.
Best regards.
philfollower
2007-09-27, 00:59
Hi, Tashi -- actually, I initially began to write the post in that thread because I was wondering if by chance this "was" a false positive. The 11/2005 date for unvise32 seemed so far out of line for it to be SpyAgent. I re-wrote the post a few times before sending it, and got lost in the other questions.
So sorry for having driven the thread off track, I'll try to be more careful in the future. I'll post my questions elsewhere.
Cheers -- Phil
So sorry for having driven the thread off track, I'll try to be more careful in the future. I'll post my questions elsewhere.
Hi there and no need, just saying I don't have an answer until a detective assesses if this is a false positive or not.
Best regards. :)
It´s a false positive.
@philfollower As vvoss already guessed, it´s part of MindVision. So there is no need to be worried about an Spyagent infection. It will be fixed with next week´s update.
Same here. I think this is a FP as well.
http://www.virustotal.com/resultado.html?5fc3872f3bdaa3e6a76e4b6594d3f750 and http://virusscan.jotti.org/ say clean. Let me know if you need a copy of my file and log. I assume no since it is a known issue and I did not remove it.
No, but thanks anyway! :bigthumb:
Zoonishii
2007-09-29, 03:22
Could I get a quick verification of this being a false positive too? It's kinda freaking me out...
Here are my scan results:
------------------------------------------------
SpyAgent: [SBI $CB6A2BAE] Executable (File, nothing done)
C:\WINDOWS\unvise32.exe
--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---
2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-09-28 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2007-09-26 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-09-26 Includes\DialerC.sbi (*)
2007-08-29 Includes\Hijackers.sbi (*)
2007-09-26 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-09-26 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-09-12 Includes\Malware.sbi (*)
2007-09-26 Includes\MalwareC.sbi (*)
2007-09-05 Includes\PUPS.sbi (*)
2007-09-26 Includes\PUPSC.sbi (*)
2007-09-26 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-09-26 Includes\SecurityC.sbi (*)
2007-09-12 Includes\Spybots.sbi (*)
2007-09-26 Includes\SpybotsC.sbi (*)
2007-08-21 Includes\Tracks.uti
2007-09-12 Includes\Trojans.sbi (*)
2007-09-26 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll
--------------------------------------------------
When I look at the file properties I get this under the copyright:
Copyright © MindVision Software 1995-2003
And it seems to have been created on March 31, 2007... I have no idea how that would have gotten there or what that might have been associated with...
Any help you can give would be greatly appreciated.
Yes it is a false positive.
How do i access the log? I already performed the removal but I am extremely worried (paranoid?) because i do all my banking and stuff on my computer and when i look up the file properties it said it was there since 2003!!!!! Does it mean I have had my ID stolen all these years? Please help?
Hello.
Does it mean I have had my ID stolen all these years? Please help?
Buster confirmed that the particular detection reported here by members in this thread, was a false positive, therefore not an actual threat. :)
md usa spybot fan
2007-10-03, 18:10
bud001:
To make sure that the detection you receive was the same as the other detections that were reported here and have been verified as being false positives, look at the Fixes.yymmdd-hhmm.log file that was produced when you did a "Fix select problems" on the detection.
By default there are two Checks.yymmdd-hhmm.log files produced during a scan. The second Checks.yymmdd-hhmm.log has the details of what the scan found. Also by default a Fixes.yymmdd-hhmm.log file is produced if you fix or attempt to fix something.
There are two methods to view logs from previous scans or fixes:
Method 1:
Go into Spybot > Mode > Advanced mode > Tools > View Reports > View Previous reports. Look for the Checks.yymmdd-hhmm.log or Fixes.yymmdd-hhmm.log file from the previous scan or fix that you are interested in, double click on it (or highlight by clicking on it and then an Open on it).
Method 2
The Checks.yymmdd-hhmm.log and Fixes.yymmdd-hhmm.log files are stored in the following folders:
Windows 95 or 98:
C:\Windows\Application Data\Spybot - Search & Destroy\Logs
Windows ME:
C:\Windows\All Users\Application Data\Spybot - Search & Destroy\Logs
Windows NT, 2000 or XP:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs
Windows Vista:
C:\ProgramData\Spybot - Search & Destroy\Logs
Using Windows Explorer, navigate to the correct Checks.yymmdd-hhmm.log or Fixes.yymmdd-hhmm.log file. Double click on it and it should open with Notepad.
_______________________
If your detection was the same as the others reported here, then consider restoring the detection the you fix by going into Spybot > Recovery and doing a "Recover selected items" on the object(s) that were removed during the "Fix select problems".
Crystal Sky
2008-05-24, 15:29
I am running a scan on my desktop and Spybot is detecting C:\Windows\unvise32.exe under the title of:
RegistryFixIt
(SBI $4837D47B Executable).
C:\Windows\unvise32.exe
Is this still considered an FP?
Thanks in advance.
Edit to add: XP - Running the latest update of May 21, 2008; Version 1.5.2.20
Also running a scan on my laptop (Vista) and it showing up there as well.