PDA

View Full Version : Fixed: CIADoor or false definitions?


Lavater
2009-03-15, 14:25
Hello,

Spybot S&D told me my PC has an CIADoor.

"14.03.2009 17:56:49 - ##### check started #####
14.03.2009 17:56:49 - ### Version: 1.6.2
14.03.2009 17:56:49 - ### Date: 14.03.2009 17:56:49
14.03.2009 17:56:50 - ##### checking bots #####
14.03.2009 18:01:06 - found: Win32.Ciadoor.cj Einstellungen
14.03.2009 18:01:06 - found: Win32.Ciadoor.cj Einstellungen

I checked my PC with GDATA Antivirus, Avast Antivirus, I checked the attacked file "XProtection.exe" with jotti and and other scanners - but no one could found this Trojan. Is it possible that SpyBot S&D is making a mistake?

Please can you help me.
Lavater
2009-03-15, 14:29
Hello,

Spybot S&D told me my PC has an CIADoor.

"14.03.2009 17:56:49 - ##### check started #####
14.03.2009 17:56:49 - ### Version: 1.6.2
14.03.2009 17:56:49 - ### Date: 14.03.2009 17:56:49
14.03.2009 17:56:50 - ##### checking bots #####
14.03.2009 18:01:06 - found: Win32.Ciadoor.cj Einstellungen
14.03.2009 18:01:06 - found: Win32.Ciadoor.cj Einstellungen

I checked my PC with GDATA Antivirus, Avast Antivirus, I checked the attacked file "XProtection.exe" with jotti and and other scanners - but no one could found this Trojan. Is it possible that SpyBot S&D is making a mistake?

Please can you help me.



Win32.Ciadoor.cj: [SBI $F8F7B198] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XPROTECTOR

Win32.Ciadoor.cj: [SBI $CD1A07CB] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\XPROTECTOR
Yodama
2009-03-16, 08:22
hello,

for the time being this does not appear to be a false positive.
To analyze this issue we will need more information, please do the following:

do a scan with Spybot S&D
at the end of the scan right click the scan result and choose to save a full report to your desktop
click on one of the blue registry icons on the right to the scan result for CIADoor HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XPROTECTOR
export the registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XPROTECTOR
attach the files including the xprotect.exe to your email to detections@spybot.info
make a reference to this thread in your email, you can write your email in german if that is more convenient to you