RGT_1973
2008-05-17, 11:59
Hi,
Here's the system info:
Windows XP Professional SP1
FireFox v2.0.0.14
Spybot S&D v1.5.2.20
Latest detection update 2008-05-14
I found what I would consider to be a bug more than a false positive. It seems all one has to do to get Spybot to report a problem is have the following empty directory:
C:\Program Files\MW
It doesn't matter whether there is something inside the directory or not, which is why I would consider the hit to be a bug. Spybot should actually check for content and whether the content is harmful, and it doesn't. AFAIK, a directory by itself can not be harmful.
The "MW" directory was originally created for a TGA/ACE bitmap conversion program called "TGATool2A" which was written by M. Wright and was included with a program called "Route Riter" for "Microsoft Train Simulator" (MSTS).
However, I removed the contents of the "MW" directory and Spybot still flagged the empty "MW" directory as a nasty. Which means it had nothing at all to do with the "TGATool2A" program.
With a directory name like "MW" I can see that it might stand for Mal-Ware, but it could just as easily stand for "My Work" or "Merriam Webster" or one of the other 98 million hits Google brings up using "MW" as a search term. :laugh:
Spybot now calls it a "MalwareWipe", but I seem to remember Spybot calling it a "Smitfraud-C" just a few updates back.
In any case, I've already put the kibosh on it and have set up Spybot to ignore it. Hopefully a future update will take of this bug or false positive.
Here's the system info:
Windows XP Professional SP1
FireFox v2.0.0.14
Spybot S&D v1.5.2.20
Latest detection update 2008-05-14
I found what I would consider to be a bug more than a false positive. It seems all one has to do to get Spybot to report a problem is have the following empty directory:
C:\Program Files\MW
It doesn't matter whether there is something inside the directory or not, which is why I would consider the hit to be a bug. Spybot should actually check for content and whether the content is harmful, and it doesn't. AFAIK, a directory by itself can not be harmful.
The "MW" directory was originally created for a TGA/ACE bitmap conversion program called "TGATool2A" which was written by M. Wright and was included with a program called "Route Riter" for "Microsoft Train Simulator" (MSTS).
However, I removed the contents of the "MW" directory and Spybot still flagged the empty "MW" directory as a nasty. Which means it had nothing at all to do with the "TGATool2A" program.
With a directory name like "MW" I can see that it might stand for Mal-Ware, but it could just as easily stand for "My Work" or "Merriam Webster" or one of the other 98 million hits Google brings up using "MW" as a search term. :laugh:
Spybot now calls it a "MalwareWipe", but I seem to remember Spybot calling it a "Smitfraud-C" just a few updates back.
In any case, I've already put the kibosh on it and have set up Spybot to ignore it. Hopefully a future update will take of this bug or false positive.