View Full Version : Need User Feedback: stickies.exe (but not always)
Hi, xp sp3, latest spybot updates
Never had detection about this file in the last days, then suddenly
26/11/2009 18.06.53 Allowed (based on authenticode whitelist) value "itype" (new data: ""C:\Programmi\Microsoft IntelliType Pro\itype.exe"") added in System Startup global entry!
26/11/2009 18.06.53 Encountered and terminated RXToolbar in C:\Programmi\stickies\stickies.exe!
That stickies file, I think it was version 7.0a has been DELETED...
There is no quarantine, that .exe has been just deleted...
Installed stickies 7.0b, no detection, and then reinstalled 7.0a, same as before, without detection... !
I think there's something related to the "mixing" of intellitype and stickies..
stickies is clean also for virustotal...
And NOW, spybot does not detect it, I had only ONE detection...
What's happening ?
hello,
it looks like this is one of the TeaTimer false positives that appear to be a result of an unknown state of the computer.
In this case RXToolbar should not have been detected in the first place.
Did this appear after an update and/or do you use other real time protection software?
Not after an update, I update daily with command line parameters, this is update log, it checked for updates but last update is 25-11 :
22/11/2009 14.37.22 Downloaded update info file. (http://www.safer-networking.org/updates/spybotsd.ini)
22/11/2009 21.33.38 Downloaded update info file. (http://www.safer-networking.org/updates/spybotsd.ini)
23/11/2009 18.42.53 Downloaded update info file. (http://www.safer-networking.org/updates/spybotsd.ini)
24/11/2009 9.08.13 Downloaded update info file. (http://www.safer-networking.org/updates/spybotsd.ini)
24/11/2009 14.12.04 Downloaded update info file. (http://www.safer-networking.org/updates/spybotsd.ini)
24/11/2009 16.48.48 Downloaded update info file. (http://www.safer-networking.org/updates/spybotsd.ini)
25/11/2009 15.53.58 Downloaded update info file. (http://www.safer-networking.org/updates/spybotsd.ini)
25/11/2009 15.54.19 downloaded update Detection rules: Malware
25/11/2009 15.54.19 - URL: http://spybot.lfwd.org/updates/files/includes.malware.zip
25/11/2009 15.54.19 - Local file: C:\Programmi\Spybot - Search & Destroy\Updates\includes.malware.zip
25/11/2009 15.54.41 downloaded update Detection rules: Supplemental
25/11/2009 15.54.41 - URL: http://spybot.lfwd.org/updates/files/supplemental.zip
25/11/2009 15.54.41 - Local file: C:\Programmi\Spybot - Search & Destroy\Updates\supplemental.zip
25/11/2009 15.55.44 downloaded update Detection rules: Update
25/11/2009 15.55.44 - URL: http://spybot.lfwd.org/updates/files/includes.zip
25/11/2009 15.55.44 - Local file: C:\Programmi\Spybot - Search & Destroy\Updates\includes.zip
26/11/2009 18.03.19 Downloaded update info file. (http://www.safer-networking.org/updates/spybotsd.ini)
26/11/2009 18.35.45 Downloaded update info file. (http://www.safer-networking.org/updates/spybotsd.ini)
27/11/2009 8.54.03 Downloaded update info file. (http://www.safer-networking.org/updates/spybotsd.ini)
I use Spybot, Antivir and Outpost Firewall...
I think this can be related to the Intellitype install, however...
Stickies is clean , according to virustotal, spybot, antivir ...
Another thing, DELETE files can be a problem, please add something like a QUARANTINE... I just clicked OK in the window, and find that stickies.exe was deleted... I didn't read anything about file deletion in teatimer window...