LSP False Positive as ShotAtHome
I am developing an LSP (Layered Service Provider) based on an example written by Microsoft. My LSP Is identified by SpyBot as ShopAtHome. Obviously the "authors" of ShopAtHome based their code on the same example. I have changed the GUID but still my LSP is identified as ShopAtHome. What is the criteria that SpyBot uses to detect ShopAtHome? What changes do I need make in order to different enough?
hello,
could you submit a log of the scanresult?
It may be possible that ShopatHome used the example provided by Microsoft, it would not be the first malware writer who did that.
To be on the safe side you should try to create your unique IDs for your LSP, so that it does not get confused with other LSPs
Log File
Following is a log file of my scan.
I have changed the GUID of my LSP but still it is identified as ShopAtHome.
What other criteria does SpyBot use?
hi,
Spybot also uses the filename and the name of the lsp.
I think there may be a false positve with the naming of the lsp.
If you sent me your email address via pm, I can sent you a modified hijackers.sbi so you can check if the issue is resolved. Otherwise just wait until the update scheduled for wednesday.
Private Message
Yo Yodama,
I have changed both the LSP name and file name but the result is as I described.
Please excuse my ignorance but how do I send you a private message?
Hello.
Click on Yodama's name above the avatar.Originally Posted by zdersh
A drop down menu appears.
Choose > Send a Private Message.
Microsoft MVP Reconnect 2018-
Windows Insider MVP 2016-2018
Microsoft Consumer Security MVP 2006-2016
Posting Permissions
Reply With Quote