Possible false positive (2008-05-21 Beta.sbi)

[md usa spybot fan]

Possible false positive using the 2008-05-21 Includes\Beta.sbi detection rules.

Code:

 --- Report generated: 2008-05-21 10:15 ---

RegistryFixIt: [SBI $4837D47B]  Executable (File, nothing done)
  C:\WINDOWS\unvise32.exe


--- Spybot - Search & Destroy version: 1.5.2  (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-01-31 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-04-16 Includes\Adware.sbi
2008-05-21 Includes\AdwareC.sbi
2008-05-21 Includes\Beta.sbi (*)
2007-11-06 Includes\Beta.uti
2008-05-21 Includes\Cookies.sbi
2007-12-26 Includes\Dialer.sbi
2008-05-21 Includes\DialerC.sbi
2008-05-21 Includes\HeavyDuty.sbi
2008-04-30 Includes\Hijackers.sbi
2008-05-21 Includes\HijackersC.sbi
2008-04-30 Includes\Keyloggers.sbi
2008-05-21 Includes\KeyloggersC.sbi
2008-05-21 Includes\Malware.sbi
2008-05-21 Includes\MalwareC.sbi
2008-03-26 Includes\PUPS.sbi
2008-05-21 Includes\PUPSC.sbi
2008-05-21 Includes\Revision.sbi
2008-01-09 Includes\Security.sbi
2008-05-21 Includes\SecurityC.sbi
2008-04-16 Includes\Spybots.sbi
2008-05-21 Includes\SpybotsC.sbi
2008-04-16 Includes\Spyware.sbi
2008-05-21 Includes\SpywareC.sbi
2007-11-06 Includes\Tracks.uti
2008-05-21 Includes\Trojans.sbi
2008-05-21 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

I submitted the C:\WINDOWS\unvise32.exe file to both of the followibg online scanners and received no indication of a problem:

• Online malware scan (virusscan.jotti.org)
• VIRUSTOTAL - Free Online Virus and Malware Scan (Virustotal.com)

I will send the file to detections(at)spybot.info referencing this thread.

[MisterW]

Hello md usa spybot fan,
thanks for reporting that false positive. It will be fixed with the next update scheduled for Wednesday.

regards
Markus

[Crystal Sky]

Did not see this thread before I posted. Thanks for the update.

[md usa spybot fan]

MisterW (Markus):
et al.:

The detection no longer occurs with the 2008-05-28 updates.

Thank You,
md usa spybot fan

[insomnia]

I just got it :(

I have the latest version and have used updates before running scan and I immunised also


I am glad, at least it is a false positive

[md usa spybot fan]

insomnia:

... I am glad, at least it is a false positive

It may not be.

The detection that I received and was determined to be a false positive has not reoccurred for me since the 2008-05-28 updates with either the production sbi files nor the beta sbi files.

To help start determining if there is another false positive associated the unvise32.exe file or if the detection that you received is actually a legitimate detection of malware, please post the actual detection you are getting. Easiest way to do that is:

• Run another scan.
• When the scan completes, right click on the results list, select "Copy results to clipboard".
• Then paste (Ctrl+V) those results to a new post in this thread.