The following message has appeared on my desktop:

"Spybot-Search and Destroy has encountered and terminated a process that is listed as part of a malicious software.

Process ID: 1960
Filename: runservice.exe
Found in: C:\Windows\
Identified as: IRCBot.win"

It gives me 3 options to inform me again, to automatically kill or allow to run. I have it on inform me again, however the message is reappearing constantly every few seconds. Is it ok to just have it automatically kill it or should I be doing something else. The same message has also appeared on a laptop, however it only appeared once and has not come back.

Any help would be appreciated, thank you

update: the message is now constantly reappearing on my laptop now as well, with the only difference being the process ID is 1572

Hello jackharry,

Please open Spybot Search & Destroy > Help > About and let us know the version and the date of last definitions. :)

It is possible this is a false positive: http://forums.spybot.info/showthread.php?p=429478#post429478

If the pop ups continue you might want to disable the teatimer until that topic receives a response tonight when our detectives are back on-line.

Best regards.

Hi, thanks for replying. The version is 1.6.2.46 and the latest detection update is 8/8/12

The pop ups have now stopped as I clicked on the option to automatically kill

I see on the other thread that this has been identified as a false positive. I had already clicked on the option to automatically kill, which I have noticed from the log that it is happenning every minute or so. When this is sorted with the next update will I have to do anything? Thanks

Hello,

Please see Resident TeaTimer
http://www.safer-networking.org/support/tutorials/

Of course it is possible to revise each of your personal decisions. That could be necessary if you have denied some process which turns out as a good one later. You do so by right clicking on the TeaTimer symbol in the system tray – it is the blue one with the lock. (If you cannot see the symbol, it is probably hidden. Just click on the arrows in the system tray to show all hidden symbols.) A window appears where you have to click on Settings to modify your personal lists of registry changes and processes.

Best regards. :)

Thank you

I have applied the latest update today and then removed this from the list of blocked processes, however the messages then immediately started again started.

Never mind, rebooted and that seems to have sorted it