Search:

Type: Posts; User: roberto; Keyword(s):

Page 1 of 2 1 2

Search: Search took 0.01 seconds.

  1. Replies
    2
    Views
    2,681

    Fixed: Confirmed. We will remove this rule

    Hello MikeSW17,

    Confirmed. This typelib rule is a FP, we will remove this item from the signature database this week on Wednesday.
    Thanks for reporting.

    Kind regards,
    roberto.
  2. Hello Tika, what Windows version are you...

    Hello Tika,

    what Windows version are you running? Is there any update log available?


    C:\ProgramData\Spybot - Search & Destroy\Logs\updates.log

    Kind regards,
    roberto.
  3. Fixed (Heuristics): Resolved with updates from 2018-11-28

    Hello Karmar,

    we updated the signatures for Win32.Small.azl today. RogueKiller64.exe should not be triggered anymore.

    Thanks for reporting this issue.

    Kind regards,
    Roberto.
  4. Update is scheduled for 2017-05-10

    Hello Hankt,

    I could reproduce this behaviour. So we have updated the detection signatures for "Win32.Qhost.ahnj". The new rules should solve your scanning problem. We will publish this update on...
  5. Replies
    2
    Views
    25,801

    Possible URL Spoofing (Cross Site)

    Hello Kolobokk,

    this is not a genuine FP. The domain oldoctober.com is not blacklisted. Live Protection detected this URL as a 'Possible URL Spoofing (Cross Site)' and displayed a warning.
    A user...
  6. Replies
    1
    Views
    6,794

    Fixed: Reviewed and identified as FP

    Hello nespony05,

    we can confirm, that flagging this key...



    without other SpySheriff items found is a fp (false positive). We will fix this in the next update. Thanks for reporting this.
    ...
  7. Replies
    10
    Views
    10,499

    Please check event logs and download directories settings

    Hello,

    Ad.FLVPlayer rules are part of the first signatures that are tested. If the scanner does not progress, it is possible the scanner service crashed. This should be visible within the...
  8. Please submit sample or log(s) to out detection lab

    Hello yellowspoon,

    We cannot reproduce this issue. We need either the Rule-ID or the sample itself. Please commit the scanner logs and/or the mentioned VisualBasic6 program to fp@spybot.info for...
  9. Thread: Win32.Palevo

    by roberto
    Replies
    1
    Views
    18,992

    Fixed: Fixed with update on 2015-04-01

    Hello,

    this FP (Win32.Palevo, Trojans-006, Rule id: C5E0F385) was caused by the use of an undefined environment variable. It was fixed with the updates on 2015-04-01.

    Thanks for reporting this...
  10. Fixed: Nothing found (2015-01-06)

    Hello,

    tested the latest "NoVirusThanks Anti-Rootkit" installer with our antispyware and antivirus engines. Nothing found with our 2015-01-06 signatures. Please update your scanners and retry.
    ...
  11. Replies
    10
    Views
    10,499

    Ad.FLVPlayer will be updated

    Hello,

    we checked the Ad.FLVPlayer rules.

    Your scenario was not reproducible in our environment. I tweaked one Ad.FLVPlayer rule to enhance the scan performance and added some more to...
  12. Please update and rescan...

    Hello GraceG,

    we added signatures for a few 'dosearches.com' variants to our database on 2013-11-20. Please update and rescan your system. E.g. Win32.Agent.exq should be triggered on your system....
  13. Replies
    5
    Views
    10,489

    Please rescan...

    Hello drghughes,

    thanks for checking this. We did not add detection rules for the installer, since the installer contains also legit files. The adware and PUPS files are optional. We extracted the...
  14. Replies
    5
    Views
    10,489

    Thanks for reporting. Added this variant.

    Hello drghughes,

    no there is no known fingerprint problem. You just found an installer with an unknown OpenCandy variant.
    This installer contains an OCSetupHlp library from 2012 which is dropped...
  15. Replies
    2
    Views
    3,159

    JDownloader is PUPS, ElectroLyrics is Adware

    Hello tekel,

    JDownloader is classified as PUP/PUPS, a potentially unwanted program. You may restore your installation from the recovery/quarantine archives.

    I decode your post as a 'Request...
  16. Replies
    4
    Views
    2,065

    Thanks for reporting

    Hello,

    thanks for reporting this issue. I will write a bug ticket for our development team. Do you have a more detailed 'Autorun' example?

    Tested the 'Jump to location' feature on Win 8.1-64...
  17. Thread: Help

    by roberto
    Replies
    2
    Views
    6,824

    File operation failed errors

    Hi,

    I checked your log. We are sorry. There are some failed copy procedures in the log: 'File operation failed ...'. We posted the log to our development team together with a bug report ticket.
    ...
  18. Replies
    8
    Views
    12,141

    Vorschlag weitergereicht; rechte Maustaste?

    Hallo Mops21,

    danke für deinen Vorschlag. Wir haben den Wunsch nach Vereinheitlichung an die Entwicklungsabteilung weitergereicht. Aktuell wird an einer 2.3 Version gearbeitet.

    Beta Updates und...
  19. Replies
    1
    Views
    1,794

    Thanks for reporting

    Hello,

    thanks for reporting the large font issue. I will add a feature request to our bug/issue tracking system.

    Kind regards,
    Roberto.
  20. Replies
    12
    Views
    16,406

    Is our av update server contactable?

    Thanks for reporting this issue. This is a bug. We will investigate the issue. Are you able to reach http://av.safer-networking.org or to ping av.safer-networking.org from your PC? Maybe something is...
  21. Fixed: A Tarma Installer package is not malware, but its content may be malware

    Hello,

    the 'Tarma Installer' is a software package to create Windows Installer packages (MSI) or proprietary Tarma installer packages. Anyone can use an installation creator like 'Tarma Installer'...
  22. Thread: Anchor.hss

    by roberto
    Replies
    2
    Views
    3,914

    Fixed: Fixed since 2013-07-11.

    Thank you very much for reporting this issue. We have updated our PUPSC database.
  23. Thread: Hotspot Shield

    by roberto
    Replies
    3
    Views
    9,974

    Fixed: Confirmed. This issue will be fixed on 2013-09-11.

    Thank you very much for reporting this issue. We have updated our MalwareC database. It will be published today, 2013-09-11.
  24. Replies
    4
    Views
    3,216

    Thanks for reporting this issue

    I wrote a bug ticket for our development team.
  25. Replies
    1
    Views
    1,563

    Updates postponed to 27/12/12!

    Hello,

    we are sorry. Updates are postponed one day because of the holidays.

    Happy holidays,
    roberto.
  26. Replies
    1
    Views
    1,349

    Updates for 26/12/12 will be published on 27/12/12

    Hello,

    we are sorry. Updates are postponed one day because of the holidays.

    Happy holidays,
    roberto.
  27. Replies
    1
    Views
    2,158

    Hallo, keine Sorge. ACL bedeutet Access...

    Hallo,

    keine Sorge. ACL bedeutet Access Control List/Zugriffssteuerungsliste. Fehlende Adminrechte können auf eine Sicherheitsverletzung hinweisen. In deinem Fall zeigen sie lediglich auf...
  28. Replies
    34
    Views
    20,237

    Hello, Please verify the status of your...

    Hello,



    Please verify the status of your "Close this window after opening link" check box within Start Center.



    Broken means they were outdated after an itegrity check?
  29. Replies
    4
    Views
    7,460

    RootAlyzer 2.0.3 will be published

    Hello henriette,

    you' re using the latest public version which can be download from

    http://forums.spybot.info/downloads.php?id=8

    Of course, we are working on a new rootkit scanner. Our...
  30. Replies
    143
    Views
    71,729

    Thanks. We got your sample for analysis. The file...

    Thanks. We got your sample for analysis. The file is using kernel functions but at this moment we are not sure, if this really is a rootkit. This could be a part of a legit software. We give this...
  31. Replies
    2
    Views
    3,183

    Hi Matt, bitte pruefe einmal die Regel/ ...

    Hi Matt,

    bitte pruefe einmal die Regel/
    please check the following rule:


    File:"<$FILE_EXE>","SYS32DLL"

    Dem File ist kein Pfad zugeordnet, zudem fehlt die Dateiendung/
    There is no file...
  32. Replies
    5
    Views
    6,695

    Hallo Matt, Du kannst auch gern auf...

    Hallo Matt,



    Du kannst auch gern auf Deutsch schreiben, aber dann verstehen dich halt weniger Menschen hier im Forum.

    [HJT-Kommentare]


    Es ist einfacher nachzuvollziehen, was gemeint war.
  33. Thread: Virtumonde

    by roberto
    Replies
    2
    Views
    4,153

    Hallo Matt, with a german paragraph: >...

    Hallo Matt,

    with a german paragraph:

    > AutoRun:"2cc32117","<$SYSDIR>\bumokoju.dll","flagifnofile=1"

    If "2cc32117" is a variable name field, a generic approach would be better.
  34. Replies
    5
    Views
    6,695

    Hallo Matt, especially for Matt in German: ...

    Hallo Matt,

    especially for Matt in German:



    Wir sind in einem englischsprachigen Subforum. Ich dachte vielleicht beteiligt sich jemand Drittes, der kein Deutsch versteht. Es wäre hilfreich,...
  35. Replies
    5
    Views
    6,695

    Hi Matt, 1) Please open regedit.exe and click...

    Hi Matt,

    1) Please open regedit.exe and click to:

    HKEY_LOCAL_MACHINE\SOFTWARE\System\CurrentControlSet

    Are you sure this is a legit path?

    2) RegyKey deletes a registry key. Usually we...
  36. Replies
    2
    Views
    3,454

    Hallo Matt, sieht gut aus. Zwei marginale...

    Hallo Matt,

    sieht gut aus. Zwei marginale Änderungsvorschläge:

    1) Das Leerzeichen vor "filesize>=1" entfernen.

    2) Für "c:\windows\system32\" kannst du auch die Systemvariable "<$SYSDIR>\"...
  37. Replies
    7
    Views
    7,762

    Hallo, > Weiß man, woher das gekommen sein...

    Hallo,

    > Weiß man, woher das gekommen sein könnte bzw. was das überhaupt war?

    Castlecops führt als Beschreibung "CDS protection" auf. Vielleicht ist das ein Kopierschutz?
    ...
  38. Replies
    7
    Views
    7,762

    Hallo fradiot, es liegt kein Fehlarlarm vor....

    Hallo fradiot,

    es liegt kein Fehlarlarm vor. Du hast dir vermutlich ein Zlob-Rootkit eingefangen.

    zu 1) 85.255.112.110 und 85.255.112.104 sind betrügerische DNS-Server und bekannte...
  39. Replies
    7
    Views
    7,762

    Hallo fradiot, Um zu klären, ob ein Fehlalarm...

    Hallo fradiot,

    Um zu klären, ob ein Fehlalarm vorliegt bitte folgende Schritte ausführen:

    1) regedit.exe aufrufen.

    Über Start/Ausführen/regedit.exe starten.

    Bitte einmal zu...
  40. Hi, there must be a unknown file which...

    Hi,

    there must be a unknown file which reinstalls the infection.

    Please run a Kaspersky Online Scan and post next the report.

    Kind regards,
    Roberto.
  41. Hi, What Spybot S&D version are you using? Did...

    Hi,

    What Spybot S&D version are you using? Did You update your Spybot S&D with the Beta detection rules?

    I need the exact dialog or error messages to give you further assistance.

    Please run...
  42. Hi, Run HijackThis and place a check beside...

    Hi,

    Run HijackThis and place a check beside each of the following. Detete all entries:

    O2 - BHO: (no name) - {54ae9386-48a5-445a-b4d2-2abd1ab820e0} - C:\WINDOWS\system32\efsomn.dll (file...
  43. Replies
    7
    Views
    3,530

    Hi, Run HijackThis and place a check beside...

    Hi,

    Run HijackThis and place a check beside each of the following.:

    O3 - Toolbar: etlrlws - {F6960268-5DC1-40B2-A236-F380F3329D7B} - C:\WINDOWS\etlrlws.dll (file missing)
    O20 - Winlogon...
  44. Replies
    2
    Views
    2,361

    Hallo mczincila, As a first solution, please...

    Hallo mczincila,

    As a first solution, please update your copy of Spybot-S&D to make sure you're not referring to a problem that has been solved recently.
    Spybot-S&D 1.4 is available; if you are...
Results 1 to 44 of 54
Page 1 of 2 1 2