Detection ( is not ) [Archive] - Safer-Networking Forums

View Full Version : Detection ( is not )

backi

2013-12-04, 18:48

Hello. I think i got an easy Problem. The detection shows me some Problems with breaks ( is not ). I dont know what it means.
Perhaps you can explain me?

Backi

Zenobia

2013-12-05, 05:40

"Is not" just usually means that Spybot found something during your scan,and what it found is not equal to what it expects to be there,so if you press fix selected,it's going to change it to that.
I couldn't find any logfiles with Is not in them,so I'll just use this. :)

Microsoft.Windows.Security.InternetExplorer: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1579139565-534010669-2603711333-1006\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe!=W=1
The "!=",if I recall correctly,means the same as "is not".Later on,the != was changed to show Is not to avoid confusion.
So,basically what the above is saying is that iexplore.exe reg_dword is not equal to value data 1,so Spybot is going to change it to value data 1 when you press fix selected.

backi

2013-12-05, 17:23

Ok. Thank you! It is in the Version 2.0. I think i got around 15 entries with this message. I wasn't sure if it is dangerous. But thank you!

Best regards

Backi

Zenobia

2013-12-06, 01:05

You're welcome. :)

Ok. Thank you! It is in the Version 2.0.
Unfortunately,I don't know it as normal for the "is not" to be shown in the Spybot 2.0 version,so we may both be talking about 2 different things.
Would you like to show your Spybot logfile here,just to maybe figure out what it is?
If you'd like to do that,open Spybot start center,checkmark advanced mode,click Report Creator,click Show logs over to the left,then open the Checks logfile with the date of when you were seeing the 'is not's.
The checks logfiles are dated at the end of them,if that helps to find the one you're looking for,here's the name of one of mine from today,as an example....Checks.131205-0006.txt.
Once you find the logfile,you can doubleclick it,it will open in notepad,go to Edit,select all,then rightclick somewhere in the notepad window,select Copy,then paste it here. :)

backi

2013-12-07, 12:35

Search results from Spybot - Search & Destroy

04.12.2013 18:21:13
Scan took 00:13:06.
15 items found.

DownloadSponsor: [SBI $CC437C6B] Settings (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2174910466-2621421538-1860139024-1000\Software\OCS\lastPID

DownloadSponsor: [SBI $980DE8E4] Settings (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2174910466-2621421538-1860139024-1000\Software\OCS\PID

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2174910466-2621421538-1860139024-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2174910466-2621421538-1860139024-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2174910466-2621421538-1860139024-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Gen:Packer.Krucky.B.EeW@aq1f0Qk: [SBI $SpybotAV] Executable (File, nothing done)
C:\ProgramData\Kaspersky Lab\AVP13\QB\93f9e6b8ee097bc8.klq
Properties.size=507539
Properties.md5=A04582B073F6D8E38549BFF06FD5FAF2
Properties.filedate=1385929284
Properties.filedatetext=2013-12-01 21:21:24

--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---

2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-10-10 SDHookInst64.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2013-12-04 spybotsd2-installer.exe (2.2.25.0)
2013-06-19 spybotsd2-translation-frx.exe
2013-12-04 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-10-10 SDHook64.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2013-11-12 Includes\Adware.sbi (*)
2013-12-03 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2013-10-16 Includes\iPhone.sbi (*)
2013-06-25 Includes\Keyloggers.sbi (*)
2013-10-29 Includes\KeyloggersC.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-11-19 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-12-03 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2013-10-29 Includes\SecurityC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-08-06 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2013-01-16 Includes\Trojans.sbi (*)
2013-05-13 Includes\TrojansC-02.sbi (*)
2013-12-03 Includes\TrojansC-03.sbi (*)
2013-10-22 Includes\TrojansC-04.sbi (*)
2013-05-08 Includes\TrojansC-05.sbi (*)
2013-08-06 Includes\TrojansC.sbi (*)

Zenobia

2013-12-08, 03:23

Looks like Spybot picked up on a Kaspersky backup file in Kaspersky's quarantine:

Gen:Packer.Krucky.B.EeW@aq1f0Qk: [SBI $SpybotAV] Executable (File, nothing done)
C:\ProgramData\Kaspersky Lab\AVP13\QB\93f9e6b8ee097bc8.klq
Properties.size=507539
Properties.md5=A04582B073F6D8E38549BFF06FD5FAF2
Properties.filedate=1385929284
Properties.filedatetext=2013-12-01 21:21:24
You don't need to worry about fixing that,since it's a backup file for something Kaspersky removed.

I'm not seeing the breaks with (Is not) in your logfile.There are around fifteen (Registry Change, nothing done) or similar variations shown,is that what you meant? :)

backi

2013-12-08, 12:10

Yes. In the Programm it is called (is not ) and in the Logfile (nothing done).
Thank you for your efforts!

Backi

Zenobia

2013-12-09, 00:04

Aha,I see them now.I didn't have my location over enough to see the (is not) when I did a scan.Sorry about that. :)
The first explanation I posted above applies,then.And everything is as it should be.