Page 1 of 5 12345 LastLast
Results 1 to 10 of 41

Thread: right click scanning of spybot detects smitfraud c all over the place!

  1. #1
    Senior Member 129260's Avatar
    Join Date
    Sep 2007
    Location
    Somewhere in the USA
    Posts
    1,139

    Lightbulb right click scanning of spybot detects smitfraud c all over the place!

    Hi, I have used my travel drive to download programs for awhile now. I right clicked my travel drive and did a scan with spybot. These files i know are clean, as they are downloaded from there official pages. The following files were detected to be smitfraud c:

    Microsoft malicious removal tool-was downloaded from official Microsoft page.
    Dx web setup. Direct x setup-was downloaded from official Microsoft page.
    Comodo free firewall-was downloaded from comodos page.
    Hijack this-downloaded from official page.
    Internet explorer 7 setup file from offical microsoft page.

    All of these were detected to be smitfraud c.

    What is interesting is:

    under the right click menu scan with spybot that i did, the window that spybot scans in, under spybot search and destroy (malware) it says nothing found. Yet the next line, for the same items under spybot search and destroy (heuristic) it says smitfraud c.

    So i think this is a false positive.

    * Windows XP home edition sp3
    * Internet Explorer 7, FireFox latest version
    * Latest spybot 1.6
    * false positive occurred using right click scan with spybot on travel drive.
    "I am learning just like everyone else"
    new members!
    Custom built PC. Windows 7 pro x64 16GB Ram
    AMD FX 8 core 8350 Black edition
    SABERTOOTH 990FX/GEN3 R2.0
    Asus HD 7870 2GB GDDR5

  2. #2
    Junior Member
    Join Date
    Jul 2008
    Posts
    1

    Default

    Hi, I just updated to version 1.6, and tried scanning some files using the right-click scanning, and it also detected Smitfraud-C in a couple of files.

    It seems like it does this with almost every file, though I wonder why you don't get an option to do anything besides clicking "Close" when it has finished scanning...

    I'm gonna say this is a false positive.

  3. #3
    Junior Member
    Join Date
    Mar 2008
    Location
    USA
    Posts
    6

    Default False positives found in old DOS commands

    Windows XP Professional w/SP3
    Firefox 2.0.0.15
    Spybot 1.6 final, with July 9, 2008 updates
    The following FPs occurred only after a right-click manual scan of a particular saved folder. No infections were reported under Malware, only Heuristic.

    After updating to Spybot 1.6 and the July 9 definitions and rebooting, I also tried right-click scans on some old saved executable files from MSDOS 6.22, from the 1990's. Some (not all) of these old files were reported as being infected with either "Smitfraud-C" or "Worldsecurityonline.FakeAlert" under "Heuristic." These are false positives that have been scanned to death over the years, including last week, when nothing evil was detected in them.

    These files are all in one folder on a backup disk and are inert.

    Suspected FP of Worldsecurityonline.FakeAlert in MSDOS 6.22 files:
    Attrib.exe
    Chkdsk.exe
    Debug.exe
    Deltree.exe
    Edit.com
    Edlin.exe
    Fdisk.exe
    Mem.exe
    Move.exe
    Mscdex.exe

    Smitfraud-C FP in:
    Start.exe (DOS 6.22)
    Submitted IMHO, by Wiz!

  4. #4
    Junior Member
    Join Date
    Jul 2008
    Posts
    3

    Default

    Hi! I've the same problem! With a normal scan (SB-1.6.0.30) everything is ok. With the right buton i've Smitfraud-c in (line Heuristics) the file "mbam.exe" (Malwarebytes'Anti-Malware) and in the file "mbamcatdhme.sys" it says Worldsecurityonline.Fakealert.
    Anyone can tell something about that?
    Thanks

  5. #5
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    hello,

    thank you for reporting this.
    I can confirm that these are false positives.

    Those reported by 129260 and Wizcrafts have been confirmed and will be fixed with the next update.

    When reporting such heuristics false positives, please tell us where the files are located or where you got the files, naming the operating system and versions of software is also helpful (see above how 129260 and Wizcrafts reported).

    Alternatively you can also send us the files in question with a reference to this thread to detections@spybot.info
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  6. #6
    Junior Member
    Join Date
    Jul 2008
    Posts
    3

    Default

    Windows XP Home/SP3
    IE7
    SpyBot 1.6 updated

    In my case the files are C:\Programas\Malwarebytes' Anti-Malware/mbam
    and C:\WINDOWS\system32\drivers/mbamcatchme

    Thanks for your interest
    Regards from Portugal

  7. #7
    Senior Member 129260's Avatar
    Join Date
    Sep 2007
    Location
    Somewhere in the USA
    Posts
    1,139

    Default

    Quote Originally Posted by Yodama View Post
    hello,

    thank you for reporting this.
    I can confirm that these are false positives.

    Those reported by 129260 and Wizcrafts have been confirmed and will be fixed with the next update.

    When reporting such heuristics false positives, please tell us where the files are located or where you got the files, naming the operating system and versions of software is also helpful (see above how 129260 and Wizcrafts reported).

    Alternatively you can also send us the files in question with a reference to this thread to detections@spybot.info
    Thanks tashi!!! your welcome!!
    "I am learning just like everyone else"
    new members!
    Custom built PC. Windows 7 pro x64 16GB Ram
    AMD FX 8 core 8350 Black edition
    SABERTOOTH 990FX/GEN3 R2.0
    Asus HD 7870 2GB GDDR5

  8. #8
    Senior Member drragostea's Avatar
    Join Date
    Jan 2008
    Location
    @Home
    Posts
    3,674

    Default

    Confirmed. Some SmitFraud.C files found in my Photos.

  9. #9
    Senior Member 129260's Avatar
    Join Date
    Sep 2007
    Location
    Somewhere in the USA
    Posts
    1,139

    Default

    i mean yodama haha same avatars make it hard to remember not everyone is the same person. sorry haha!
    "I am learning just like everyone else"
    new members!
    Custom built PC. Windows 7 pro x64 16GB Ram
    AMD FX 8 core 8350 Black edition
    SABERTOOTH 990FX/GEN3 R2.0
    Asus HD 7870 2GB GDDR5

  10. #10
    Junior Member
    Join Date
    Jul 2008
    Posts
    1

    Default Me Too

    I'm In the UK and I have Smitfraud-C on right click. Just want to confirm as well. Thank You.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •