False positive with todays update
Updated today and done a scan, getting the following result. I purposely disabled system restore myself, this hasn't been reported before today's update either.
Quote:
Ertfor.bho: [SBI $C41D8ED7] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-03-07 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-09-07 advcheck.dll (1.6.4.18)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-09-22 Includes\AdwareC.sbi (*)
2009-09-22 Includes\Beta.sbi (*)
2007-11-06 Includes\Beta.uti
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-09-22 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-09-22 Includes\HijackersC.sbi (*)
2009-09-22 Includes\Keyloggers.sbi (*)
2009-09-22 Includes\KeyloggersC.sbi (*)
2009-08-19 Includes\Malware.sbi (*)
2009-09-22 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-09-22 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-09-22 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-09-22 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-09-15 Includes\Trojans.sbi (*)
2009-09-22 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Ertfor.bho from 9/30/2009 updates.
Hello.
I think this is a similiar issue with yesterday's 9/30/2009 updates.
From Saved SpybotSD.Results.txt:
--- Search result list ---
Ertfor.bho: [SBI $C41D8ED7] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR
...
From Checks.090930-2002.log:
30.09.2009 20:02:00 - ##### check started #####
30.09.2009 20:02:00 - ### Version: 1.6.2
30.09.2009 20:02:00 - ### Date: 9/30/2009 8:02:00 PM
30.09.2009 20:02:04 - ##### checking bots #####
30.09.2009 20:11:13 - found: Ertfor.bho Settings
...
From Checks.090930-2027.txt:
--- Report generated: 2009-09-30 20:27 ---
Ertfor.bho: [SBI $C41D8ED7] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR
...
Exported my updated Windows XP Pro. SP2's registry key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR"=dword:00000001
"DisableConfig"=dword:00000000
I believe this is a false positive since I never had this in the past before 9/16/2009 updates.
Thank you in advance. :)
