MarkST
2008-01-25, 22:39
Received the following after running a scan this morning:
Win32.Autorun: [SBI $DE8B4C73] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
This is new, as I've been running Spybot for years now. It's reporting a false positive. The software that I develop is what is actually triggering this false positive.
This occurred because I had my product (ComputerTime) installed on the machine.
http://www.softwaretime.com/
We modify the shell value in the winlogon. (I honestly don't think this is the best approach, and we would like to change this, but for the time being, it is how we operate. Why? Because we want to run before the shell does.)
Windows XP Pro
Not Browser Related (though I typically run Firefox 2.0.0.11)
Spybot 1.5.1.18, last update on 1/16/2008.
False Positive occurred during the scheduled weekly scan.
What we put into the Shell value in the registry is typically the path to our exe (ctmn32.exe) wherever it was installed on the system.
Win32.Autorun: [SBI $DE8B4C73] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
This is new, as I've been running Spybot for years now. It's reporting a false positive. The software that I develop is what is actually triggering this false positive.
This occurred because I had my product (ComputerTime) installed on the machine.
http://www.softwaretime.com/
We modify the shell value in the winlogon. (I honestly don't think this is the best approach, and we would like to change this, but for the time being, it is how we operate. Why? Because we want to run before the shell does.)
Windows XP Pro
Not Browser Related (though I typically run Firefox 2.0.0.11)
Spybot 1.5.1.18, last update on 1/16/2008.
False Positive occurred during the scheduled weekly scan.
What we put into the Shell value in the registry is typically the path to our exe (ctmn32.exe) wherever it was installed on the system.