With the latest scan I get a TVICHW32.SYS file
showing up? Has anyone else gotten this?
it's found in c:\windows\system32\drivers file
When I do a search on Google, I get some Tiawan
company driver? <a href="http://www.entechtaiwan.net/dev/hw32/faq.shtm" target="_blank">
http://www.entechtaiwan.net/dev/hw32/faq.shtm This is all Greek to me. Is this a false positive?
If I have posted in the wrong place, sorry.

please follow the steps in this post (http://forums.spybot.info/showthread.php?t=19117)
for submitting a false positive to avoid many questions.

so but since you did not, I will have to ask you a couple of questions, ok, some would have been asked anyway :laugh:

If you follow the link you posted, you can see that the file in question is not a driver but a tool for accessing the hardware. Looking up the description for the product 'eSupport.FFBiosExt' within Spybot S&D will tell you that this file also came along an online check for the mainboard Bios. This was added to detection as PUPS (possibly unpopular software) because it failed to have an uninstall option while it installed a service.

Since the only thing you found is the file named above, it could be the case that the file is used by other software for hardware analysis. If you have such software installed please name it, so we can check if it is a false positive.

Attaching a Spybot S&D log to your next post will also help us determin if this is a false positive.

I've been using Spybot for a while now, and it has proven to be a great program. Today I did the latest update and then scanned my latop. This scan showed that I had this on my machine: eSupport.FFBiosExt. Naturally, I went ahead and fixed the 'problem.' But I just wondered if anyone could tell me a little more about this eSupport.FFBiosExt thing?

hi,

eSupport.FFBiosExt
is a Firefox extension that allows reading out the Bios information and helps finding an update.
Unfortunately it also installs the file and a service, because the vendor of this software did not supply an uninstall functionallity it has been labled as PUPS (Possibly Unpopular Software).

As it turns out the TVICHW32.SYS is also being used with other hardware analysis software, which may run, for instance with ATI software.

We will exclude detection on this file with the next detection update.

toolfortheman writes:-
With the latest scan I get a TVICHW32.SYS file
showing up? Has anyone else gotten this?

Yes, same here. File was written in January 2007 and I have had no trouble since then. Probably a false +ve.
Richard

Thanks for the info, Yodama.

So, I actually deleted that eSupport.FFBiosExt extension after Spybot identified it as a threat. Should I restore it?

Hello to all,


I've just proceeded a spybot 1.4 scan on my pc and I noticed this "eSupport.FFBiosExt" issue being pop up at scan time in threats results panel.
So I found this thread useful to get more relevant info about whether or not we should "destroy" this thing.
But before doing so, we, users, still need the confirmation from Yodama Sama:laugh::fear: on the "false positiveness" of this threat.
So Yodama San, what do you say? "false positive"or not?

:D::bigthumb:

Quote:
Originally Posted by Icaro View Post
So Yodama San, what do you say? "false positive"or not?
yes consider it a false positive , and restore the file if needed. The file is part of tools that access hardware, for instance hardware analysis tools.

*blush*
I have not been addressed with san for a while and do not remember to have ever been addressed with sama

I have the same detection as everyone else. Assuming that this isn't a new addition to the spybot scan, then I suspect that it has been loaded as part of the Dell support tools that I installed in the last week or so, as recommended by their 'Support agent' that keeps popping up.

i have this today the last thing i did was to run Nvidia's display optimization wizard.
It's possible this app uses it!

The reason i am checking it now is because i had my first problem with firefox for a long long time. Today it would not work for several minutes.
ie7 did work but i hate using it.

It was not on my system before that as far as i know, at least not yesterday!

Quote:

*blush*
I have not been addressed with san for a while and do not remember to have ever been addressed with sama

Hey, Yodama san, how are things going?

I'm glad to see you appreciate the way I show respect but I wouldn't have imagine you'd be so disturbed not to answer to what I requested.:oops::fear:

...So here you go again

So Yodama San, what do you say? "false positive"or not?

...So here you go again

oh, I am sorry , I forgot to repost part of my post, after the thread got split up.

So, yes we consider Tvichw32.sys as a false positive.
It will be removed from detection with the next update.

If you have hardware analysis software that requires the file, please restore the file.

There have been reports, that ATI software uses this file, so it could also be used by NVidia software to determine system information.

Ok. That Ati feed back would explain the erratic behaviour of my display features lastly.
My 3d card is an Ati one, so...

Anyway, everything now returned to normal.

thanks again Yodama.
See you around:D:

I updated all the definitions today and still got the false positive.

I updated all the definitions today and still got the false positive.

could you please follow the instruction in the sticky (http://forums.spybot.info/showthread.php?t=19117)
on how to report a false positive?

If it is found in Mozilla\Plugins\ that is still intended because it is otherwise not uninstallable. It is detected as PUPS which makes it a user choice to keep or delete.
If you want to keep it, set it to ignore from further searches.