WinSpy.SpySoftWareX

**bill117** · 2007-04-05, 15:51

I just removed winspy, but would like someone to look at my log file. Is it a false positive? Here is the report.

--- Report generated: 2007-04-05 07:29 ---

WinSpy.SpySoftWareX: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ANSMTP.OBJ

WinSpy.SpySoftWareX: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ANSMTP.OBJ.1

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-12-03 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-15 advcheck.dll (1.2.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-04-04 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-04-04 Includes\DialerC.sbi (*)
2007-04-04 Includes\Hijackers.sbi (*)
2007-04-04 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-04-04 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-03-21 Includes\Malware.sbi (*)
2007-04-04 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-04-04 Includes\PUPSC.sbi (*)
2007-04-04 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-04-04 Includes\SecurityC.sbi (*)
2007-03-21 Includes\Spybots.sbi (*)
2007-04-04 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-04-04 Includes\Trojans.sbi (*)
2007-04-04 Includes\TrojansC.sbi (*)

**les35** · 2007-04-06, 13:00

Bill,

I had the same problem, is somebody able to confirm this is a false positive ?

Thanks,

Les

**MisterW** · 2007-04-06, 16:46

Hi,
We are working on a solution for that problem and it seems as it is a false positive. It will be fixed with the next update scheduled for wednesday.

regards

Markus
Team Spybot

**iusexp** · 2007-04-22, 20:50

Originally Posted by MisterW

Hi,
We are working on a solution for that problem and it seems as it is a false positive. It will be fixed with the next update scheduled for wednesday.

regards

Markus
Team Spybot

Hello!

I have updated Spybot S& D today, 22.04.07. Now, after running the program, it seems that I have also this "WinSpy.SpySoftWareX" Problem. I am not sure, how to handle this. Is this a false positive or not?
If, then it is not fixed until now?
As a precaution I decided to let S&D clean these registry entries with backup.
But I am not sure if this was the right decision.

Sorry for my bad english.

Thanks for your support.

Berni

**Buster** · 2007-04-23, 08:57

Hello iusexp,

as MisterW already stated, this is a false positive. But it has already been fixed in an update a few weeks ago. Are you really sure, that we are talking about these registry keys?

WinSpy.SpySoftWareX: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ANSMTP.OBJ

WinSpy.SpySoftWareX: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\ANSMTP.OBJ.1

In order to avoid any misunderstanding, please attach your scan results to your next post. Just right click into Spybot´s result window and select "Copy results to clipboard" and paste them into your next post.

**MisterW** · 2007-04-23, 08:59

Hi,
which registry keys or files are detected exactly on your system?

regards,
Markus

**iusexp** · 2007-04-24, 03:08

Hello again!

These are the registry keys and files which were shown as infected. As you can see I decided to fix them. Until now I do not have a problem with anything since fixing. But maybe it only needs more time.

WinSpy.SpySoftWareX: Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_CLASSES_ROOT\CLSID\{DF6D6569-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_CLASSES_ROOT\CLSID\{DF6D655A-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_CLASSES_ROOT\Interface\{DF6D6559-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_CLASSES_ROOT\Interface\{DF6D6568-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_CLASSES_ROOT\Interface\{DF6D656E-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Einstellungen (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_CLASSES_ROOT\TypeLib\{DF6D6558-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Root class (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\vbVidC60.ezVidCap

WinSpy.SpySoftWareX: Class ID (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DF6D6569-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Root class (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\vbVidC60.ICapCallBack

WinSpy.SpySoftWareX: Class ID (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DF6D655A-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Bibliothek (Datei, fixed)
C:\WINDOWS\system32\ezVidC60.ocx

I do not know anything about ezVidC60.ocx for example.

This week I have to work in the evening hours, maybe I need a day or two for answering if you have any more questions. I am sorry for that but sometimes I am too tired.

Bye
Berni

**MisterW** · 2007-04-24, 16:41

Hello,
I don't think that these keys are false positives. It looks like a real infection and if you fixed it and you do not have any problem yet everything seems ok

regards
Markus

**Ray24bd** · 2007-04-25, 10:14

I updated Spybot S&D at 8am this morning (UK time) and ran the search.

winspy.spysoftwarex was reported.

There seems to be some confusion in the thread as to whether this is a false positive.

I have fixed the problem with Spybot, but would like confirmation that this was an infection that needed to be removed.

The report generated the following:

WinSpy.SpySoftWareX: Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{DF6D6569-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{DF6D655A-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{DF6D6559-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{DF6D6568-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{DF6D656E-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Settings (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{DF6D6558-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\vbVidC60.ezVidCap

WinSpy.SpySoftWareX: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DF6D6569-5B0C-11D3-9396-008029E9B3A6}

WinSpy.SpySoftWareX: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\vbVidC60.ICapCallBack

WinSpy.SpySoftWareX: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DF6D655A-5B0C-11D3-9396-008029E9B3A6}

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-10-21 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-04-18 advcheck.dll (1.5.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-04-18 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-04-18 Includes\DialerC.sbi (*)
2007-04-04 Includes\Hijackers.sbi (*)
2007-04-18 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-04-18 Includes\KeyloggersC.sbi (*)
2007-03-21 Includes\Malware.sbi (*)
2007-04-18 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-04-18 Includes\PUPSC.sbi (*)
2007-04-18 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-04-18 Includes\SecurityC.sbi (*)
2007-03-21 Includes\Spybots.sbi (*)
2007-04-18 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-04-11 Includes\Trojans.sbi (*)
2007-04-18 Includes\TrojansC.sbi (*)

**iusexp** · 2007-04-27, 00:44

Originally Posted by Ray24bd

I updated Spybot S&D at 8am this morning (UK time) and ran the search.

winspy.spysoftwarex was reported.

There seems to be some confusion in the thread as to whether this is a false positive.

I have fixed the problem with Spybot, but would like confirmation that this was an infection that needed to be removed.
...
...

It is the same as in my case if I have properly understood. The same registry keys, a real infection.
I am a little bit concerned about how long this spyware was active on my computer. No idea, where I "catched" it.
But neither my firewall nor my antivir reported anything suspicious since I remember.

Bye
Berni

Thread: WinSpy.SpySoftWareX

Thread Tools

Display

WinSpy.SpySoftWareX

Same problem

winspy.spysoftwarex

Posting Permissions