I have been using these utilities for a while, only recently (as of Nov 30?) has Spybot (perhaps through TeaTimer) 'detected' Yobdam.ait within them.

Curiously the window popped up titled "Spybot - Search & Destroy", claiming "...has encountered & terminated a process ... listed as part of a malicious (SW)". I was the one to have closed these programs. The windows only popped up after closing the aforementioned utilities.

Dec 02 2011 9:27:26 AM Encountered and terminated Yobdam.ait
I am using WinXP-SP3, running FF8, Spybot 1.6.2.46, and both files have 'yobdam.ait' detected. I understand that these utilities were written using AutoIT from conversations with one author. In fact, it was through that conversation that Avira (potentially, technically malware itself - more later) corrected a false-positive of their own.

A listing of files alongside their results can be found below:
File ID Filename Size (Byte) Result
26330615 FindHwids.v3.2p.exe 416.99 KB FALSE POSITIVE
26336063 fshash.dll 69.35 KB CLEAN


Please find a detailed report concerning each individual sample below:
Filename Result
FindHwids.v3.2p.exe FALSE POSITIVE

The file 'FindHwids.v3.2p.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection is removed from our virus definition file (VDF) with the version: 7.11.15.210.

Filename Result
fshash.dll CLEAN

The file 'fshash.dll' has been determined to be 'CLEAN'. Our analysts did not discover any malicious content.
*Note: I only include the preceding quote for anecdotal reasons, as i cannot directly link to this report, as it uniquely identifies me.

1) UniExtract available here --> http://legroom.net/software/uniextract
2) FindHwids_v3.2p available here --> http://forum.driverpacks.net/viewtopic.php?id=3018

Through this experience, i have lost faith in TeaTimer/Spybot's ability to stop real malware. I still love the 'immunization' function, & I remember with fondness how Spybot found all that spyware in CreativeLabs' driver CD's (et al) years ago.

Thank you for your consideration.

Thank you for reporting this issue.
I can confirm this false positive and it will be fixed with our next detection update scheduled for Wednesday 2011-12-07.

Thank you kindly. :)

Hello,

Not fixed for UniExtract.exe

I don't understand why it isn't working for you, yet i can confirm that it's working for me.
I regularly update & immunize; perhaps... ???

Hi,

Forced new "Manual" update with http://www.safer-networking.org/updates/files/spybotsd_includes.exe.

I still have this in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Resident.log


09/12/2011 14:41:13 Encountered and terminated Yobdam.ait in .....\Universal-Extractor-1-6-1-R4-lupopensuite\UniExtract.exe!


Source of this UniExtract.exe: http://www.lupopensuite.com/db/universalextractor.htm

@nickW
have you tried restarting TeaTimer or rebooting your computer?
If not please give it a try.

To restart TeaTimer do the following:

start Spybot S&D and switch into advanced mode
navigate to Tools - Resident
uncheck the check box for Resident TeaTimer and wait a bit to make sure TeaTimer has completed its shutdown (you can check the Taskmanager to make sure TeaTimer.exe does not run anymore)
recheck the check box for Resident TeaTimer to restart the TeaTimer

Très bonne trouvaille, nickW!

It appears to have permission from the original author, Jared Breland, to redistribute.
http://www.lupopensuite.com/db/author/universalextractor.txt

the main exe has the same SHA1 hash: 35d0938928ed5986329c33a48cbaaf3a3c7e1d7f :rockon:

PS: this has been updated by gora
here --> http://www.ryanvm.net/forum/viewtopic.php?t=8201 :)