Two Alleged False Positives - Yobdam.ait
I have been using these utilities for a while, only recently (as of Nov 30?) has Spybot (perhaps through TeaTimer) 'detected' Yobdam.ait within them.
Curiously the window popped up titled "Spybot - Search & Destroy", claiming "...has encountered & terminated a process ... listed as part of a malicious (SW)". I was the one to have closed these programs. The windows only popped up after closing the aforementioned utilities.
Quote:
Originally Posted by From 'Resident.log
Dec 02 2011 9:27:26 AM Encountered and terminated Yobdam.ait
I am using WinXP-SP3, running FF8, Spybot 1.6.2.46, and both files have 'yobdam.ait' detected. I understand that these utilities were written using AutoIT from conversations with one author. In fact, it was through that conversation that Avira (potentially, technically malware itself - more later) corrected a false-positive of their own.
Quote:
Originally Posted by AviraVirusLabResponseTeam
A listing of files alongside their results can be found below:
File ID Filename Size (Byte) Result
26330615 FindHwids.v3.2p.exe 416.99 KB FALSE POSITIVE
26336063 fshash.dll 69.35 KB CLEAN
Please find a detailed report concerning each individual sample below:
Filename Result
FindHwids.v3.2p.exe FALSE POSITIVE
The file 'FindHwids.v3.2p.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection is removed from our virus definition file (VDF) with the version: 7.11.15.210.
Filename Result
fshash.dll CLEAN
The file 'fshash.dll' has been determined to be 'CLEAN'. Our analysts did not discover any malicious content.
*Note: I only include the preceding quote for anecdotal reasons, as i cannot directly link to this report, as it uniquely identifies me.
1) UniExtract available here --> http://legroom.net/software/uniextract
2) FindHwids_v3.2p available here --> http://forum.driverpacks.net/viewtopic.php?id=3018
Through this experience, i have lost faith in TeaTimer/Spybot's ability to stop real malware. I still love the 'immunization' function, & I remember with fondness how Spybot found all that spyware in CreativeLabs' driver CD's (et al) years ago.
Thank you for your consideration.