adobe flaggged as virtumonde by teatimer
* Operating System-Windows 7 beta (it was flagged in windows xp though also)
* Browser and Version-Internet Explorer 7, Firefox latest version
* Version of Spybot S&D and Date of the latest update: latest spybot and teatimer, latest update: March 11th 2009
Teatimer about says: version 1.6.2.0 system settings protector 1.6.6.32
* where did the false positive occur:
o Teatimer message when a program was executed
See screen shot for details.
This happened when installing the latest update for adobe reader that has come out recently. The options are the ones i selected when i took the screenshot, because i knew it was a FP. Those were not the default selections when the window popped up.
http://bw38fg.bay.livefilestore.com/...adobe%20fp.jpg
thanks for getting back....
Quote:
Originally Posted by
Yodama
I currently have no good news on this issue. Only a couple more similar reports.
These Teatimer false positives appear to be random. We may be needing a new version of Teatimer which gives us a bit more output, for instance the SBI ID.
Hmm interesting....I hope we can figure out what is going on here...
False Positive with Keepass's Plugin KeeForm
Windows Vista Ultimate 64bit
Internet Explorer 7, Maxthon 2.5.1 (uses IE as a base), FireFox 3.0.8
Spybot S&D 1.6.2.46, Last update 3/25/2009
Teatimer message when using the plugin KeeForm with Keepass to auto-enter login info website.
Log for teatimer contains:
Code:
3/28/2009 10:16:24 AM Encountered and terminated Spambot.mib in D:\Program Files\KeePass Password Safe\KeeForm.exe!
3/28/2009 10:27:35 AM Encountered and terminated Spambot.mib in D:\Program Files\KeePass Password Safe\KeeForm.exe!
Picture of false positive:
http://i6.photobucket.com/albums/y21...tivespybot.jpg
Keepass v1.15
Link to Keepass website: http://www.keepass.info/
Plugin: KeeForm v2.01
Link to KeeForm: http://keeform.sourceforge.net/
false positive?: erunt\autoback.exe
Hi, I use erunt 1.1j for a long time, teatimer never found anything.
I updated S&D yesterday (rules from 24.06.2009). Today I got a teatimer-message (autoback starts with a batch file and following command line:
C:\Programme\ERUNT\AUTOBACK.EXE %systemroot%\ERDNT\#Date#_#Time# /days:3 /alwayscreate /noconfirmdelete /noprogresswindow)
29.06.2009 09:45:15 Encountered and terminated Win32.Agent.Bbzv in C:\Programme\ERUNT\AUTOBACK.EXE!
My OS is windows XP home SP3. I send you autoback.exe attached as a zip file.
False positive? Google Toolbar Updater
Hi
TeaTimer found this.
Log:
Quote:
"03-10-2009 22:05:18 Allowed (based on user decision) value "swg" (new data: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe") Changed in System Startup user entry!
03-10-2009 22:05:18 Encountered and terminated MorpheusToolbar in C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe!
03-10-2009 22:05:35 Allowed (based on user decision) value "swg" (new data: ""C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"") Changed in System Startup user entry!"
JR
Teatimer 1.6.6.32 False Positives
Hi Yodama
Spybot S&D was updated. I had just made a reinstall of Spybot S&D, and rebooted, a few hours earlier (keeping app-data). I didn't delete the file and I haven't had any warnings later.
The program, GoogleToolbarNotifier.exe, has a valid certificate. That is why I think it was a false positive.
JR
Teatimer 1.6.6.32 False Positives
Hi Yodama
First I apologize for mixing up two programs. As I wrote in my first post it was "GoogleUpdaterService.exe" not "GoogleToolbarNotifier.exe" that caused the warning.
I have just sent the program to you.
If anything like this should happen again with another program, wouldn't it be easier just to send the certificate instead of the program? If so, which format would you prefer?
JR