FP for Smitfraud-C. with 3/7/2007 updates?

**antdude** · 2007-03-08, 06:30

I never had this one before, but I am not sure if it is a false positive or not:

Smitfraud-C.: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP

Smitfraud-C.: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SVKP

DoubleClick: Tracking cookie (Mozilla: ant) (Cookie, fixed)

HitBox: Tracking cookie (Mozilla: ant) (Cookie, fixed)

HitBox: Tracking cookie (Mozilla: ant) (Cookie, fixed)

HitBox: Tracking cookie (Mozilla: ant) (Cookie, fixed)

Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)

Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)

Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)

Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)

Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)

Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)

Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)

Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)

Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)

Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)

Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)

Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)

Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)

Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)

Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)

Statcounter: Tracking cookie (Mozilla: ant) (Cookie, fixed)

HitsLink: Tracking cookie (Mozilla: ant) (Cookie, fixed)

WebTrends live: Tracking cookie (Mozilla: ant) (Cookie, fixed)

CoreMetrics: Tracking cookie (Mozilla: ant) (Cookie, fixed)

CoreMetrics: Tracking cookie (Mozilla: ant) (Cookie, fixed)

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-06-01 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-15 advcheck.dll (1.2.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-03-07 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-03-07 Includes\DialerC.sbi (*)
2007-02-07 Includes\Hijackers.sbi (*)
2007-03-07 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-03-07 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-02-14 Includes\Malware.sbi (*)
2007-03-07 Includes\MalwareC.sbi (*)
2007-01-19 Includes\PUPS.sbi (*)
2007-03-07 Includes\PUPSC.sbi (*)
2007-03-07 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-03-07 Includes\SecurityC.sbi (*)
2007-02-02 Includes\Spybots.sbi (*)
2007-03-07 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-03-07 Includes\Trojans.sbi (*)
2007-03-07 Includes\TrojansC.sbi (*)

What do you think? Thank you in advance.

**antdude** · 2007-03-08, 06:32

I exported my registry keys for the suspects:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP]
"Type"=dword:00000001
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,53,00,56,00,4b,00,50,00,2e,00,73,00,79,00,73,00,00,00
"DisplayName"="SVKP"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SVKP\Enum]
"0"="Root\\LEGACY_SVKP\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

--

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SVKP]
"Type"=dword:00000001
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,53,00,56,00,4b,00,50,00,2e,00,73,00,79,00,73,00,00,00
"DisplayName"="SVKP"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SVKP\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

**BroTherHooDJz** · 2007-03-08, 06:56

Me too hav this problem after installing the new updates!

**Buster** · 2007-03-08, 07:30

Thanks for reporting this false positive. We will fix it as soon as possible. Until that, please tell Spybot to ignore these registry keys. Just rightclick on each entry in the result window and select "Exclude this detection from further searches".

**antdude** · 2007-03-08, 12:48

Originally Posted by Buster

Thanks for reporting this false positive. We will fix it as soon as possible. Until that, please tell Spybot to ignore these registry keys. Just rightclick on each entry in the result window and select "Exclude this detection from further searches".

Thanks!

**mercian** · 2007-03-08, 17:26

Phew, glad I checked the forum, as I was panicking about the smitfraud detection, couldn't understand how I'd acquired it through two firewalls and up to date antivirus software.

**tashi** · 2007-03-08, 18:01

Glad you saw the topic too.

Originally Posted by mercian

couldn't understand how I'd acquired it through two firewalls

Not two software firewalls?

Rule of thumb is one Firewall/AV to avoid conflicts and loss of program efficiency.

**mercian** · 2007-03-08, 18:50

Netgear router firewall plus on-board McAfee AV/Firewall

Thread: FP for Smitfraud-C. with 3/7/2007 updates?

Thread Tools

Display

FP for Smitfraud-C. with 3/7/2007 updates?

Posting Permissions