Running Spybot S&D 1.6.2 updated as of today (4/30).

Right click scan detects nothing found under Malware but does detect EBlaster under Heuristic for the majority of webpages I download and save as *.mht files.

I noticed that Eblaster detection was updated on 4/29; possibly falsepositive?

For example, I saved: http://www.safer-networking.org/en/spybotsd/index.html to my desktop today, and Spybot detected EBlaster (heuristic).

Following an upgrade today to Ver 1.6.6.32 Some but not all files with a png jpg and zip extention are showing EBlaster Infection on Heuristic Scan Only. When tested with Spyware Doctor all is ok.

I have searched for EBlaster Programs,Process's and the Registry with no sign of EBlaster Infection.

I have to admit I am thinking along the same lines however as a person that deals in facts and not fiction, I would like to know if other forum members are having issues as well or if Spybot can confirm this is a legitimate infection.

Let me add that I also have manually checked the files and registry entries that are listed in Spybot's "Manual Removal Guide for EBlaster" and everything is clean.

Likewise, scans with NIS-2009, Malewarebytes and SuperAntispyware are all clean.

Haven't updated to 1.6.6 and plan to hold off until this issue is sorted out. Don't want to jump from the frying pan into the fire! :)

I have files that are downloaded to me in zip archive. The archive has simply about 50 small text files and one .xml file. I test everything that is downloaded prior to opening and since 4/30 I too am getting the EBlaster alarm in heuristics.

Is it possible for me to send one of these zip files to Spybot and have them test it?

I refuse to extract the ones that show the infection until this matter is cleared up.


Thanks

Another bit of information.

Go to a trusted website; I picked "Microsoft.com".

After the site opens, consecutively save the screen in two formats:

1. Web Archive single file (*.mht)
2. Webpage complete (*.htm or *.html)

Spybot's rightclick scan on the "Microsoft Corporation.mht" archive detected EBlaster Heuristic.

However, rightclick scans on the complete webpage "Microsoft Corporation.htm" and the associated file "Microsoft Corporation_files" were both clean.

So, the sum of the archived parts has a problem, but each unarchived part is clean. Confusing?!

Following an upgrade today to Ver 1.6.6.32 Some but not all files with a png jpg and zip extention are showing EBlaster Infection on Heuristic Scan Only. When tested with Spyware Doctor all is ok.

I have searched for EBlaster Programs,Process's and the Registry with no sign of EBlaster Infection.

I have to admit I am thinking along the same lines however as a person that deals in facts and not fiction, I would like to know if other forum members are having issues as well or if Spybot can confirm this is a legitimate infection.

I've been having the same problems--right-click on a folder which has .zip files or .mse-set files [used for Magic Set Editor, a program used to design card sets] or .jpg files, and I get eblaster detected under heuristics. If I scan the complete harddrive through SB-S&D nothing is noticed out of the ordinary. Norton doesn't detect anything wrong. Ad-aware doesn't detect anything wrong. It's been driving me crazy and absolutely paranoid the last few days that someone has been tracking everything I type. :clown: I've gone into the registry and searched the harddrive looking for files/keys that fit the description for eblaster and found nothing. Any feedback on this would be appreciated. I've begun suspecting the presence of false positives . . . .

Hmmm, are those men with white coats and hug-me-jackets standing out on my front porch? muha:

* Operating System--Windows XP Professional (SP3)
* Browser--FireFox 5.0
* Spybot S&D 1.6.2.46 (04/30/09)
* right-click Heuristic scan result of Eblaster found on various .zip, .jpg, .png, .mse-set files and at least one .htm file, some of which were downloaded, others which I created within the last couple of months. I find no other indications of eblaster within the registry or files on the computer.

Thanks for any feedback.

Anyone have any further info on this?

Interestingly, the files I get on a daily basis, 2 came thru this afternoon; I tested and they were clean (these are zipped archives). 3rd one came late in the day and it shows as having EBlaster; so now I am really concerned that it isn't a false positive.

Is there anyway to scan the individual files within the zip? Maybe that would pinpoint something.

Following an upgrade today to Ver 1.6.6.32 Some but not all files with a png jpg and zip extention are showing EBlaster Infection on Heuristic Scan Only. When tested with Spyware Doctor all is ok.

I have searched for EBlaster Programs,Process's and the Registry with no sign of EBlaster Infection.

I have to admit I am thinking along the same lines however as a person that deals in facts and not fiction, I would like to know if other forum members are having issues as well or if Spybot can confirm this is a legitimate infection.

I'm finding the same thing in some .jpg files. It doesn't show up on the other scan either, and other programs don't detect it. Can anyone confirm that this actually is a false positive?

I have changed one of the (Infected) png files to a gif file using photoshop and retried the Heuristic test and it shows nothing found.

As the last update lists +EBlaster was added to the definitions list, how do I heal infected png,jpg and zip files that have failed the Heuristic test.

Following an update to Spybot Search & Destroy 1.6.2.46 several (not all) right-click scans of downloaded files show EBlaster. One was a .png, the other a .doc. Right click scans with AVG and Malwarebytes Anti-Malware showed nothing, as did a quick scan with SUPERAntiSpyware.

I have googled EBlaster and found it is computer and internet monitoring software. Is there a way of getting rid of it so I can safely open the file?

I have Windows XP SP3

Following an update to Spybot Search & Destroy 1.6.2.46 several (not all) right-click scans of downloaded files show EBlaster. One was a .png, the other a .doc. Right click scans with AVG and Malwarebytes Anti-Malware showed nothing, as did a quick scan with SUPERAntiSpyware.

I have googled EBlaster and found it is computer and internet monitoring software. Is there a way of getting rid of it so I can safely open the file?

I have Windows XP SP3

I so no way to edit this post. I just wanted to add that a regular scan with Spybot Search & Destroy does not find anything. Only the right click shows EBlaster in Heuristic.

Hi,

same problem here. I scanned the file gmer1015.zip and Spybot detected it as EBlaster while using its heuristic detection rules.

I have been experiencing the same problem since I updated Spybot yesterday. Previously, the same pdf files passed. They come from reliable sources; e.g., The New York Times Digest. Now, eblaster is shown in the heuristic test. Is this a false positive?

I did pretty much the same things as Highland Raider. I scanned the complete hard drive through SB-S&D with no problem. I ran Ad-Aware, which indicated no malicious stuff. I also ran a virus scan with no problem.

Only the right click shows EBlaster in Heuristic.

What to do? Please advise. Thank you.

When I do a folder scan. I have a lot of files that show in the Heuristic scan as EBlaster. Is there a way to get rid of these? Most of them are thumbs.db and pdf's. I have a lot of them.

Thanks for the help....

Hi elbee,


Is this a false positive?
Looks like a false positive, yes. I'm sure that TeamSpybot will fix it. ;)

This is a false positive. I get it too. Moreover, there is no such thing as JPG virus (except if you want to count Perrun: http://www.sophos.com/pressoffice/news/articles/2002/06/va_perrun.html). I believe someone is already working on this. :)

Thank you for your information on this false positive.
Corrections will be released with the next detection update scheduled for Wednesday 2009-05-06.

I updated Spybot today and the problem has been eliminated. I checked the files that previously showed a problem in heuristic and they are gone. Many thanks for the support and help.

Have a good day.

I have downloaded a couple of music files recently. They came with word docs, which happens sometimes. These have tested as having E Blaster. I think if is possible to hide something in a Word file (macros sometimes excite av software when downloaded).
Is it possible these were false positives? :confused:

Thanks to Team Spybot and the forum members who replied, all is well following the very latest update.


Russell C try the latest update and see how you go.

Hi oldwolfe, thanks for the suggestion.
I am pretty sure that prior to the scan I had updated Spybot, and received a message that there was no later update available. Also I have deleted the offending documents so now I have nothing to scan.
I had perhaps better make another post on another forum about false positives.
Thanks for the help though.
I was once advised, by a very savvy person, to google any malware before deleting it, and checking in with this forum would have been a good idea. Back when I was using AVG anti spyware (in the good old days when you could use their anti spyware on its own) I ran a scan with another AV app (one I didn't use usually but someone suggested it to solve some sort of problem I was having at the time). This identified a file AVG used to use for "benchmarking" as malware. I deleted it, then I googled, and found I had to reinstall AVG. :oops:
So it is good to check first.