Operating System (Windows XP Professional, Win95 ,etc.) WindowsXP sp2
Browser and Version (Internet Explorer 7, FireFox 2.0.0.7, etc) 6.0
Version of Spybot S&D and Date of the latest update v 1.6.2.46 2/18/09
where did the false positive occur Scan result

log file:

24.02.2009 07:39:59 - ##### check started #####
24.02.2009 07:39:59 - ### Version: 1.6.2
24.02.2009 07:39:59 - ### Date: 2/24/2009 7:39:59 AM
24.02.2009 07:40:01 - ##### checking bots #####
24.02.2009 07:44:24 - found: RegistryFix User settings
24.02.2009 07:44:24 - found: RegistryFix Uninstall settings
24.02.2009 07:44:24 - found: RegistryFix Program group
24.02.2009 07:44:24 - found: RegistryFix Link
24.02.2009 07:44:24 - found: RegistryFix Link
24.02.2009 07:44:24 - found: RegistryFix Program directory
24.02.2009 07:44:24 - found: RegistryFix Program directory
24.02.2009 07:44:26 - found: RegistryFix Executable
24.02.2009 07:44:26 - found: RegistryFix Executable
24.02.2009 07:44:26 - found: RegistryFix Program directory
24.02.2009 07:44:26 - found: RegistryFix Program directory
24.02.2009 08:02:46 - ##### check finished #####


I have been using the older version of SpyBot until last week, and finally upgraded to the newest one. My first scan showed 11 'malware' items. I've been using Registry Fix for a fairly long time, with no problems, and no worries.

also, Avast has shown no problems with this, which leads me to think this is a false positive.

Did you get your "RegistryFix" from "Marketflip Technologies"? In that case it is not a false positive.

quote from our description:


False positives and warning messages serve to make the user buy the software. This software is identical to ErrorClean which is also from Marketflip Technologies.

In other words it is useless and makes you pay for it.


If you have the software from a different vendor it was very unwise of this vendor to have chosen the same name for its software as a vendor of rogue software.

this is the URL for the site I purchased this program from

http://www.registryfix.com/

and I have been using it comfortably (but not blindly) since November of '07. It shows all of the bits it wishes to repair or remove, and not one of them is out of order or inconsistent with my activities on the computer. In other words, it shows me missing .dlls, bits of progams I have uninstalled officially (and we all know how effective THAT is), including, ahem ahem, all the older versions of Spybot which never are removed but just keep building up all over the registry.

Why I thought it might be a false positive is that this only happened after I installed the latest version of Spybot, and the first scan I ran picked this up immediately. Avast does not, nor does Asquared. I'm nor arguin', I'm just sayin'.

Just because avast! or other softwares do not have "RegistryFix" in it's database does not mean it's not harmless. Yodama just said it's useless.

...all the older versions of Spybot which never are removed but just keep building up all over the registry.
Uh... you uninstall it? Funny how it's such a simple task.
To me on Operating System's like Windows XP, registry "bloat" is not a problem. And I don't see how removing 'unneeded' entries speed up anything.

rarely uninstalls everything. I never bothered before, because I foolishly assumed the older versions of Spybot were being overwritten.

And Uninstall in Windows takes out the meat,l but if you trust it to remove the little fiddly bits of a program, you'll find yourself with all sorts of stuff floating around in the fishbowl. If you don't believe me, try uninstalling Yahoo, if you have it, and then go into the registry and search for it with "find". You'll find the entire program still there.

Rarely does a program respond to Uninstall the way we think it should, i.e., remove ALL of itself.

yes, dear, I know Yodama said RF was worthless. Then again, you said "Uninstall" works perfectly. And frankly I dont much like your tone. I asked a simple question, and you don't need to peer down your nose at me as if I were an errant and not very bright child.

I apologize for my tone. Please forgive.
It is true that Windows doesn't really do a good uninstall job because it leaves traces (three-quarters) of the time, including registry entries. Personally, I would use another (third-party) uninstaller besides the default one from the web.

For a complete uninstall of Spybot, I would suggest you uninstall, reboot, and delete the Program Folders.

As you may have noticed registryfix.com does not disclose its true identity anywhere on its website. The registrants of the domain also took the effort to register the domain over a service called domains by proxy thus hiding their identity. Basically it is not recommended to do business with unknown people, who would you turn to in case of a refund or similar? If you don't have their identity what could stop them from just ignoring issues?

Since we have the detection on RegistryFix in our database since december 2007 I think it odd that it got flagged on mittens' computer just after the recent update.

@mittens
Is it possible that you set your installation of Spybot S&D to ignore RegistryFix?
There has been a main update for Spybot S&D recently, it is just a guess, but it may be possible that this main update reset the ignore settings.


The other thing is, remaining uninstall entries in the registry are not nice to look at. It is kinda like a desktop with a lot of left overs. However these do not cause any kinds of system error. Windows does not do anything with these unless you enter the software uninstall screen they may not even get read. "Fixing" such registry settings does not speed up the computer nor does it improve system stability. It just restores some order in cleaning up leftovers. RegistryFix claims to improve system performance.

Things that slow down computers are in most cases programs that get started through the registry but have associated files, meaning that a registry cleaner will not remove these since the files are present.

Examples for such programs are printer/scanner monitors, quicktime starter, realplayer starter, office starters, itunes agent, winamp agent and so on. Each of these do not take a lot of system resources but in the sum they do, on top of that they are not very useful. The milliseconds they accelerate the starting of the main application they already waste in increasing the time for Windows to boot properly.

If you know that and know what RegistryFix is doing for you and what it does not, you can keep it since it does not harm your computer, just your wallet ^^;
You can set Spybot S&D to ignore the software, just right click the scan result and choose to ignore the product from further searches.

drragostea, apology accepted (putting the gun away :ninja:), and yes, Windows is famous for leaving bits around. As to Spybot I did indeed clean out everything after my first install of the newest version, and started from scratch.
I will say this, the new version runs much more smoothly and faster than the older ones, which tended to stick to the walls if you tried to move away from the running program.

Yodama, I have never been able to make the "ignore" function work properly, and consequentl just ignore it. any time I do delete cookies, etc, it cheerfully ignores my ignore choices and rolls right over everything.

I agree with you about the fiddly bits that get left, and one thing I do not have on my computer is quicktime. Trust me. I would rather see werewolves than quicktime and have spent a lot of quality time cleaning it out of all the burrows it builds for itself. It uses embedded links, and I HATE those.

But over a period of years the bits and pieces add up. I also run Asquared, Avast, Hijack this, and take a walk through Ztree about once a month.

Having been struck by a few viruses in the past I get paranoid about things I don't recognize. One thing RF does that Uniblue does not, (and I tried the free sample of Uniblue some time back) it does NOT make up scary registry entries and then offer to clean them out for you. I ran the sample test from Uniblue again a few days ago, just to see, and sure enough they found 123 "dangerous" items in the registry. sigh.

I will try the right click again, and see if it works this time. And thank you.

ps: just tried right click and all I got was a drop down menu that said "deselect" which means they do the unchecking for me--no 'ignore this item" anywhere.

Thanks.

I'll run a scan too to double-check if the "Ignore Product" option disappeared.

Last time I checked Registry Mechanic (I was playing with it) and it found roughly 956 'problems' lol.

most of the reg. scan programs will show you a huge number of "dangerous" files, and assume (usually rightly) that most people are utterly ignorant of what's really in the registry, (since we are warned to never never go there) and can make up an amazing number of fake names to scare the easily scared. but once I realized any of those names can be checked quickly in google, I did just that, and found that most of the Reg. Scan programs are blowin' smoke. The old shell game, and the pea was never under any of the shells at all.

900+. Im impressed. :)

Seems like there is such an option. It should work.
http://i189.photobucket.com/albums/z276/Shockwavesn1per/Spybot-2.jpg
-

i cant put a url in of the screenshot, but I can tell you
that the two middle commands, the exclude ones, are there but greyed out.
Not sure why. I'll go into the settings and see if something that should be turned on has been turned off.

mittens:

If you want to exclude the item from future detections:
Expand the detection if necessary (+ to the left of the detection).
Select the item (entry) that you want to exclude by left clicking on it to highlight it.
Then right click on highlighted detection.
Select from the list of options in the menu.
In other words left click to select then right click to display options. If you don't select (highlight) the item first the options menu is for the entire detection list.

I just ran another scan with spybot, to implement your suggestion, md, only this time there was no Registry Fix to ignore. Instead there was a nice green check mark.

Whatever happened, the Registry Fix malware seems to have gone.

Operating System (Windows XP Professional, Win95 ,etc.) WindowsXP sp2
Browser and Version (Internet Explorer 7, FireFox 2.0.0.7, etc) 6.0


Hi mittens,

please update Windows and Firefox! :grandpa:

Best regards,
-Matt-

but that was IE, 6.0

never had firefox.

but that was IE, 6.0

never had firefox.

Hi mittens,

then I don't know, why you mentioned it? :scratch: :)

You shouldn't use IE 6.0 which is... I don't know... 5 years old? :)

Best regards,
-Matt-

I was doing an answer to the original question and forgot to specify that it was IE and not firefox. :oops:

I use IE 6.0 because I like it. also, when 7 came out it was extremely buggy, and that made me leery of loading it at all. People I knew said it had given them more grief than it was worth, and in looking over some of the older comments I can see why. And as I understand it, 8 is for Vista users.

And I rather like 6.0. It works for me, and I dont ask a huge amount of it, so why should I change?

Well, back to the point of this thread. mittens, if you wish to continue using Microsoft Internet Explorer 6.0 despite -Matt-'s suggestions, feel free to do so. I respect that.

This seems a bit odd, very odd, because I can Ignore any products with no problems. Highlight the Registry Fix entry with the left click, still hovering over it, right-click on the entry (actually the entry in bold, not the subentries) and click "Exclude this product from future searches".

I went in and ran spybot again, one final time, to do just what you suggested. However, this time the search came up clean, no Registry Fix, no malware. just a big green checkmark.

I had also updated my spybot definitions (or whatever they're called) beforehand, so Im just wondering if in the process Spybot no longer sees Registry Fix as a threat.

I have not been able to implement your suggestion because there was no item to implement. If you follow me, here.

Whatever happened, it seems to be showing a clean slate. :D:

Seems like RegistryFix is still in the database. I think you successfully "ignored" the product. Either that or it was magic :santa:.