Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Detected SpywareDetector

  1. #1
    Junior Member
    Join Date
    Sep 2007
    Posts
    8

    Default Detected SpywareDetector

    Hi guys

    I have just run Spybot on my PC (this morning - I have the latest update) and it has 'detected' SpywareDoctor as malware. I am aware that this particular program has some 'history', although nothing recent either on the Web or on this Forum. Interestingly, I have never knowingly downloaded SpywareDetector! Why is Spybot flagging it up? Is it now, again, listed as dubious?

    I run Windows XP Version2, have downloaded the latest Windows Updates, etc. I also have Ad-Aware, A-Squared Free and Anti-Dialler, AVG Anti-spyware and AVG Anti-Virus. Oh, and Spyware Blaster and SpywareGuard. Even I think I'm starting to look a bit paranoid! (I believe in 'defence in depth'...)

    I look forward to hearing from you.

    Ian

  2. #2
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    Is it "SpywareDetector" that you mentioned in both in the title and the body of your post or "SpywareDoctor" that you also mentioned the body of your post?

    Even though I assume it is "SpywareDetector", please post the log of the actual detection(s) you are getting. To do that:
    • Run another scan.
    • When the scan completes, right click on the results list, select "Copy results to clipboard".
    • Then paste (Ctrl+V) those results to a new post in this thread.

    Thank you.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  3. #3
    Junior Member
    Join Date
    Sep 2007
    Posts
    8

    Default

    Quote Originally Posted by md usa spybot fan View Post
    Is it "SpywareDetector" that you mentioned in both in the title and the body of your post or "SpywareDoctor" that you also mentioned the body of your post?

    Even though I assume it is "SpywareDetector", please post the log of the actual detection(s) you are getting. To do that:
    • Run another scan.
    • When the scan completes, right click on the results list, select "Copy results to clipboard".
    • Then paste (Ctrl+V) those results to a new post in this thread.

    Thank you.
    D'oh! Mea culpa. You are right - it's SpywareDetector. I'll get the information to you v soon. Thanks for your response.

    Ian

  4. #4
    Junior Member
    Join Date
    Sep 2007
    Posts
    8

    Default Report

    Here's the report, as you requested. It seems to be data only, but I was rather intrigued and did not want to just remove it without understanding a bit more. I like to think I'm reasonably knowledgeable, but am always keen to increase my understanding. Thanks in anticipation.

    ==========================

    SpywareDetector: Data (File, nothing done)
    C:\WINDOWS\system32\SDRemoveDB.db

    Microsoft.WindowsSecurityCenter.FirewallDisableNotify: Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

    Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2


    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2006-07-09 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2007-05-23 advcheck.dll (1.5.3.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2007-07-31 Tools.dll (2.1.2.0)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2007-09-19 Includes\Cookies.sbi (*)
    2007-07-25 Includes\Dialer.sbi (*)
    2007-09-19 Includes\DialerC.sbi (*)
    2007-08-29 Includes\Hijackers.sbi (*)
    2007-09-19 Includes\HijackersC.sbi (*)
    2007-07-25 Includes\Keyloggers.sbi (*)
    2007-09-19 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2007-09-12 Includes\Malware.sbi (*)
    2007-09-19 Includes\MalwareC.sbi (*)
    2007-09-05 Includes\PUPS.sbi (*)
    2007-09-19 Includes\PUPSC.sbi (*)
    2007-09-19 Includes\Revision.sbi (*)
    2007-05-30 Includes\Security.sbi (*)
    2007-09-19 Includes\SecurityC.sbi (*)
    2007-09-12 Includes\Spybots.sbi (*)
    2007-09-19 Includes\SpybotsC.sbi (*)
    2007-08-21 Includes\Tracks.uti
    2007-09-12 Includes\Trojans.sbi (*)
    2007-09-19 Includes\TrojansC.sbi (*)
    2007-06-06 Plugins\TCPIPAddress.dll

  5. #5
    Junior Member
    Join Date
    Sep 2007
    Posts
    1

    Default Flaging Max Selector's Spyware Dector as spyware

    I've had this problem with the lastest update, both in ver 1.4 and 1.5. I inivertly deleted my directory for spyware dector by fixing the the dected spyware. Max selector's program is a valid and not a free be. This program should not be flaged!

  6. #6
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,448

    Default

    Hello.

    I have left a note for our detectives attention.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  7. #7
    Retired
    Join Date
    Oct 2005
    Posts
    566

    Default

    We tested SpywareDetector and came to the result that it is not a false positive. When we did a scan with SpywareDetector it founds hundreds of false positives and if we would have deleted those files our operating system would surely be destroyed. In case that it is a real false positive we contacted SpywareDetector and sent them a log of our scan. They told us that we are infected with dangerous spyware and should purchase a licence to clean our computer.

    So obviously they try to cheat users by showing false positives on a total clean. For that we decided to detect SpywareDetector. If you do not want Spybot to detect SpywareDetector you can exclude it from the scan.
    Last edited by MisterW; 2007-09-24 at 09:40.

  8. #8
    Junior Member
    Join Date
    Sep 2007
    Posts
    8

    Default

    Chaps

    I'm a bit confused and am wondering if we're talking at cross-purposes. Just to clarify: Spybot detected a file called SpywareDetector on my PC. I have, as far as I know, never downloaded SpywareDoctor and don't want it. The log, as requested by 'md usa spybot fan' shows the results, but my only question is really whether or not I should let Spybot 'fix' this 'problem'? Well, actually, there is an ancillary question which would be: how could this file have got onto my PC?

    Thanks and all the best

    Ian

  9. #9
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    ianprice:

    Your detection was:

    Code:
    SpywareDetector: Data (File, nothing done)
    C:\WINDOWS\system32\SDRemoveDB.db
    Apparently even McAfee, Inc. thinks there is some association between the presents of "C:\WINDOWS\system32\SDRemoveDB.db" and "Spyware Detector". See the following Web page:



    Spyware Detector 19.0.0.042 (spywaredetectorr.exe) made the following modifications to the hard drive:


    ADD c:\WINDOWS\system32\SDRemoveDB.db


    If you look at the "Properties" of the file itself, perhaps you can tell if it is associated with "Spyware Detector" or if it was installed in your "C:\WINDOWS\system32" directory by something entirely benign.

    Note: The presents of the file "SDRemoveDB.db" in the "C:\WINDOWS\system32" directory does not seem normal (at least on my Windows XP Home system with the mix of software I have).

    Added with edit:

    To look at the "Properties" if the "SDRemoveDB.db" file:
    • Using windows explorer navigate to:
      • C:\WINDOWS\system32
    • Right click on "SDRemoveDB.db" and select "Properties".
    Last edited by md usa spybot fan; 2007-09-24 at 20:51.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  10. #10
    Junior Member
    Join Date
    Sep 2007
    Posts
    8

    Default

    md

    I'll take a look - thanks.
    Last edited by ianprice; 2007-09-24 at 20:54.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •