Today's update, 12/26/2007, flags odd items...

system32\sqlite3.dll on one machine: XP MCE 2005 - IE7/Opera 9.25 - Spybot 1.5.1.15

http://img171.imageshack.us/img171/7937/fp1ek3.th.jpg (http://img171.imageshack.us/my.php?image=fp1ek3.jpg)

The Start Menu\Programs folder on a different machine: XP Home - IE7/Opera 9.25 - Spybot 1.5.1.15

http://img171.imageshack.us/img171/7449/fp2xa4.th.jpg (http://img171.imageshack.us/my.php?image=fp2xa4.jpg)

False Positives?

Hello.

I made a note for the team, thanks.

My PC reports the same trace. SQLITE3.DLL is a valid file, installed as part of the Python programming language used in many applications.

I suspect this is a bug, as the file appears to match the original found on my Poser 6 installation disc.

Thanks Guys! :bigthumb:

thank you for reporting this.
both item will be treated as false positves and removed from detection with the next update scheduled for next wednesday.

Thanks Yodama! :bigthumb:

Had not read about sqlite3.dll false positive. If I had I would probably not have accepted removal on Win2K SP2 system last night. Unfortunately I did accept and then shut down. When I attempted to boot this morning (Wed), got past splash screen first time then got background but never got to desktop. After several hours of fairly constant disk activity and seeing no desktop icons or taskbar, I rebooted in safe mode, disabled all startup entries using msconfig, rebooted and got desktop this time but still had unexplained disk activity and bizarre behavior with task bar moving from bot to top of screen and numerous instances of SDDelFile.exe failed to execute notifications and dialog boxes to accept. After OKing maybe 15 I was able to gain enough control thru CAD to shutdown and rebooted in safe mode again. Upon closer inspection I discovered hundreds of runonce entries in the registry to delete sqlite3.dll - 64 in HKEY_LOCAL_MACHINE and 597 in HKEY_CURRENT_USER hive. Details follow: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
had 64 entries of form
SpybotDeletingE3664 "C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe" "C:\WINNT\system32\sqlite3.dll_old"
The SpybotDeletingE... numbers vary of course.
AND in addition in
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce]
I found 597 entries of same form except with SpybotDeletingF... preceding each entry number.

Apparently one of these succeeded because there was no sqlite3.dll or sqlite3.dll_old to be found in \WINNT\System32.

This was the third time I had run Spybot on this system. Altogether I have run it only two other times on a WinXP system. So I am not what you would call an experienced Spybot user. I certainly never expected to encounter this kind of disaster. Any suggestions about what to do would be appreciated. I could just delete all the RunOnce entries in both hives but without having a theory about how they got there, why they multiplied and whether they would return even if deleted I am in a quandry. I sent a brief description of early symptoms to support using the web mailer with the same email address.

Can anyone help me out here?

Thanks

Additional Info:

The version of 1.5 I had installed was from Spybotsd15he-beta2.exe which TEAM Spybot provided to me on Ticket 183282213 to replace the released version which suffered from very slow and long startup time problems the first time I attempted to use it on the same Win2K SP2 system referred to in prior post.

In addition, Team Spybot has now responded to the first of two earlier preliminary webmail reports with Ticket 702980843 recommending deletion of HKEY_CLASSES_ROOT*shellsddelfile and referring to forums.spybot.info/showthread.php?t=20388

A subsequent web mail added more information and my post above contains the latest info. Have responded to Ticket 702980843 with reference to subsequent webmail and this thread asking whether the proposed solution still applies and asking what else should be done to eliminate reported large number of RunOnce entries which system will attempt to run when I reboot not in safe mode.

Thos

Spybot 1.5.1.15 still reports a false positive for c:\windows\system32\sqlite3.dll

Fortunately, I saw this thread before I quarantined the file.

Please disregard the above. After updating definitions the false positive went away. It's my fault. I've been spoiled by automatic updates and didn't notice that Spybot doesn't have one. All is well.