unvise32.exe Spybot-S&D 1.5.1

[vvoss]

Hallo,

Spybot-S&D 1.5.1 reports a problem with the file 'unvise32.exe' located inside windows directory:
Firma: Spytech Software
Produkt: SpyAgent
Bedrohung: Keylogger

According to this side:
http://www.mindvision.com/winvise_fa...ction=Q&ID=283
this file is part of the vise installer.

Best regards,
VV

[tashi]

Hi there.

Both malware and legit programs utilize unvise32.exe.

Please post the log of the actual detection by Spybot-S&D.

Run another scan.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Then paste (Ctrl+V) those results to a new post in this thread.

Best regards.

[vvoss]

--- Search result list ---
SpyAgent: [SBI $CB6A2BAE] Ausführbare Datei (Datei, nothing done)
C:\WINDOWS\unvise32.exe


--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-09-04 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2007-09-26 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-09-26 Includes\DialerC.sbi (*)
2007-08-29 Includes\Hijackers.sbi (*)
2007-09-26 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-09-26 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-09-12 Includes\Malware.sbi (*)
2007-09-26 Includes\MalwareC.sbi (*)
2007-09-05 Includes\PUPS.sbi (*)
2007-09-26 Includes\PUPSC.sbi (*)
2007-09-26 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-09-26 Includes\SecurityC.sbi (*)
2007-09-12 Includes\Spybots.sbi (*)
2007-09-26 Includes\SpybotsC.sbi (*)
2007-08-21 Includes\Tracks.uti
2007-09-12 Includes\Trojans.sbi (*)
2007-09-26 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll

[philfollower]

Hi -- can SpyBot S&D tell me when the SpyAgent was installed on my computer? How would I access that information?

When I moused-over the original unvise32.exe file in Windoze XP (before running the latest update of SpyBot, today), the unvise32 install date was November 2005 ... but that doesn't seem possible, does it??

Is the update that catches SpyAgent new, as of today? or has SpyBot been able to catch it for a long time now?

If SpyBot's always been able to catch SpyAgent, then it's just recently been installed on my computer -- I'm probably going to survive. If the SpyAgent catcher is new, then I have no idea how long SA has been running on my computer.

If SpyAgent was running on my computer since November 2005, sending all my stuff to an unknown e-mail address, that's scary as hell. I concluded my scan and told SpyBot to destroy it.

I'm presently following your advice to the last guy, and I ran a second SpyBot S&D scan -- it produces "No threats." Does this mean that it's too late to find out how SpyAgent was installed on my computer?

Thanks ... Phil

[tashi]

Hello philfollower,

This thread was started in the False Positives forum, which is why I asked vvoss for a short log.

A detective will respond later in the day.

Best regards.

[philfollower]

Hi, Tashi -- actually, I initially began to write the post in that thread because I was wondering if by chance this "was" a false positive. The 11/2005 date for unvise32 seemed so far out of line for it to be SpyAgent. I re-wrote the post a few times before sending it, and got lost in the other questions.

So sorry for having driven the thread off track, I'll try to be more careful in the future. I'll post my questions elsewhere.

Cheers -- Phil

[tashi]

So sorry for having driven the thread off track, I'll try to be more careful in the future. I'll post my questions elsewhere.

Hi there and no need, just saying I don't have an answer until a detective assesses if this is a false positive or not.

Best regards.

[Buster]

It´s a false positive.

@philfollower As vvoss already guessed, it´s part of MindVision. So there is no need to be worried about an Spyagent infection. It will be fixed with next week´s update.

[antdude]

Same here. I think this is a FP as well.

http://www.virustotal.com/resultado....6e4b6594d3f750 and http://virusscan.jotti.org/ say clean. Let me know if you need a copy of my file and log. I assume no since it is a known issue and I did not remove it.

[Buster]

No, but thanks anyway!