PDA

View Full Version : Aldelphia DL in beta.sbi wrongly flags legit bookmarks



Rosenfeld
2006-10-13, 22:15
The latest beta.sbi (2006-13-10)

Flags three of my bookmarks under Adelphia DL:

http://users.adelphia.net/~suzshook/8scripts.htm
http://users.adelphia.net/~suzshook/
http://users.adelphia.net/~suzshook/10tips.htm

Suz is a highly respected and experienced user of Paint Shop Pro and these are bookmarks to her pages. They are perfectly legitimate and do not offer/download anything malicious, to the contrary she offers useful tips and scripts for paint shop pro users.

I rank this as a FP, whatever Adelphia DL is supposed to be.


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-06-01 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-10-13 Includes\Beta.sbi (*)
2005-02-16 Includes\Beta.uti
2006-10-13 Includes\Cookies.sbi (*)
2006-10-13 Includes\Dialer.sbi (*)
2006-10-13 Includes\DialerC.sbi (*)
2006-10-13 Includes\Hijackers.sbi (*)
2006-10-13 Includes\HijackersC.sbi (*)
2006-10-13 Includes\Keyloggers.sbi (*)
2006-10-13 Includes\KeyloggersC.sbi (*)
2006-10-13 Includes\Malware.sbi (*)
2006-10-13 Includes\MalwareC.sbi (*)
2006-10-13 Includes\PUPS.sbi (*)
2006-10-13 Includes\PUPSC.sbi (*)
2006-10-13 Includes\Revision.sbi (*)
2006-10-13 Includes\Security.sbi (*)
2006-10-13 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-10-13 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2006-10-13 Includes\Trojans.sbi (*)
2006-10-13 Includes\TrojansC.sbi (*)

md usa spybot fan
2006-10-13, 23:15
Rosenfeld:

It may be my system and/or my ISP, but I am getting "The page cannot be displayed" when I try to access your three (3) references:
http://users.adelphia.net/~suzshook/8scripts.htm
http://users.adelphia.net/~suzshook/
http://users.adelphia.net/~suzshook/10tips.htm
Regards,
md usa spybot fan

Zenobia
2006-10-14, 00:06
I can see them all,but they're in restricted sites.Maybe adelphia is in your hosts file.

md usa spybot fan
2006-10-14, 00:38
Zenobia, you're right!!!

I can't get to users.adelphia.net because it is in my HOSTS file. The entry in my HOSTS file was added by Spybot with the 2006-10-13 updates. There are three (3) entries containing "adelphia.net" among the 100 entries added to Spybot's HOSTS file with the 2006-10-13 updates:
users.adelphia.net
www.adelphia.net
adelphia.net
*************

ps: Added with edit.

The same three (3) sites were added to the restricted zone by Spybot's immunization process with the 2006-10-13 update:
users.adelphia.net
www.adelphia.net
adelphia.net

Rosenfeld
2006-10-14, 01:21
I don't use Spybot Hosts file (I use mvps.org hosts file); so the sites remain accessible to me.
I had not noticed that users.adelphia.net had been added to restricted site:

My question is why??

zorro
2006-10-14, 02:34
This is a big problem for millions of adelphia users. As most who use spybot will not know they have 3 new entries in their restricted zones preventing the site from working properly!!

Adelphia is looking into why they have been black listed.:oops:

Yodama
2006-10-14, 16:15
thanks for reporting,
it is a false positive with our beta detections, unfortunately this also went into the spybot hostsfile :oops:
product will be fixed and renamed with next update

so if someone added the spybot hostsfile and immunization with the latest update, he should check if adelphia.net is blocked within the hosts file and remove it from there

kaminikij
2006-10-14, 19:41
I dont have host files checked but adelphia was put in my restricted zone anyway. I cant even access my mail or helpfiles. The only thing listed in my host files says local. Should I remove that? Im so lost.

md usa spybot fan
2006-10-14, 21:52
If you want to remove the Restricted Zone entries for the following entries:
users.adelphia.net
www.adelphia.net
*.adelphia.net
Go into Internet Explorer > Tools > Internet options... > Security tab > click on Restricted Sites > click the Sites button > in the Web sites listing > scroll down to one of the entries > highlight it > click the Remove button. Highlight the second entry > click the Remove button, etc. When you are done, click OK,OK.

kaminikij
2006-10-14, 21:59
I cant find anything in there either . If I unimmunize all works fine. Right now I cant even load my firewall toolbar.

Rosenfeld
2006-10-14, 22:26
Yes, the domains in the restricted zone is added by the immunize, the Hosts file does not do that, it redirects a domain to your own PC, hence it becomes unavailable altogether.

In fact the way the restriction is done is not correct. There is a *Dword =4 in adelphia.net key in the domains key, that makes the two subkeys Users and www redundant (all *.aldelphia.net sites are restricted by that DWord). If the idea was only to restrict www.adelphia.net and users.adelphia.net, then there should be no *DWord in adelphia.net key, only the ones in www and users keys.

I've noticed a lot of the restricted domain entries from Spybot have the same error. Maybe someone should review these immunize entries.

md usa spybot fan
2006-10-14, 22:29
The Web sites listing is sorted by the second and third nodes (names beginning with numerics followed by alphabetic names). The following entries all appear together near the top of the listing:
users.adelphia.net
www.adelphia.net
*.adelphia.net
If you unimmunize the entries will be removed but so will all the other entries placed there by Spybot.

Rosenfeld
2006-10-14, 22:55
Interestingly, after I had deleted the adelphia.net key from domains keys (in all the places Spybot puts it), then checked immunize, it reported all were blocked: so it is not recognising that one has been removed. To double check, I deleted all instances of adelpphia in my registry (as it is not my home page or ISP I can do that). It still reported all known blocked.

radumetea
2006-10-20, 17:28
same here, although I do not use any of the real-time stuff. Just scan once a week.
So I ignored the adelphia.dl warning.

Rosenfeld
2006-10-21, 01:58
Fixed in latest updates.

antdude
2006-10-21, 07:58
Fixed in latest updates.Not fixed for me?

Weird, does anyone know why I got these results?

Adelphia.DL: Bookmark (Mozilla: ant) (Bookmark, nothing done)
Adelphia.DL: Bookmark (Mozilla: ant) (Bookmark, nothing done)
Adelphia.DL: Bookmark (Mozilla: ant) (Bookmark, nothing done)
Adelphia.DL: Bookmark (Mozilla: ant) (Bookmark, nothing done)

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-06-01 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-10-20 Includes\Cookies.sbi (*)
2006-10-13 Includes\Dialer.sbi (*)
2006-10-20 Includes\DialerC.sbi (*)
2006-10-13 Includes\Hijackers.sbi (*)
2006-10-20 Includes\HijackersC.sbi (*)
2006-10-20 Includes\Keyloggers.sbi (*)
2006-10-20 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-10-13 Includes\Malware.sbi (*)
2006-10-20 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-10-20 Includes\PUPSC.sbi (*)
2006-10-20 Includes\Revision.sbi (*)
2006-10-13 Includes\Security.sbi (*)
2006-10-20 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-10-20 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-10-13 Includes\Trojans.sbi (*)
2006-10-20 Includes\TrojansC.sbi (*)


Please note that I am using Mozilla v1.7.13 as my primary Web browser where the bookmarks are.

antdude
2006-10-21, 10:19
http://www.dslreports.com/forum/remark,17127241 mentions another user. :(

Yodama
2006-10-24, 15:46
with the latest updates the false positive should not appear anymore,
if Adelphia.DL still get flagged after a scan, please check for a detection update.

antdude
2006-10-24, 16:25
with the latest updates the false positive should not appear anymore,
if Adelphia.DL still get flagged after a scan, please check for a detection update.Here is what weird. I haven't updated since 10/20/2006, and I don't see these detected anymore. I didn't tell it to ignore it or anything. Weird.

Yodama
2006-10-24, 16:44
that is the exact update where the changes became effective ;)

antdude
2006-10-24, 16:59
that is the exact update where the changes became effective ;)Uh, that update showed me those Adelphia.DL results. Maybe I was supposed to restart Spybot?

Yodama
2006-10-24, 17:17
actually yes, some updates (like sbs files) require Spybot to be restarted , there are plans ongoing to make Spybot include those updates automatically without the need to restart Spybot, but for now restarting manually is required. :rolleyes:

antdude
2006-10-24, 17:22
actually yes, some updates (like sbs files) require Spybot to be restarted , there are plans ongoing to make Spybot include those updates automatically without the need to restart Spybot, but for now restarting manually is required. :rolleyes:Ah hah! That's why. I always NEVER restart Spybot from these updates. You should force it like those core program updates. Or at least notify users to restart Spybot to use the latest definitions.