Page 1 of 2 12 LastLast
Results 1 to 10 of 41

Thread: right click scanning of spybot detects smitfraud c all over the place!

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    129260
    Guest

    Lightbulb right click scanning of spybot detects smitfraud c all over the place!

    Hi, I have used my travel drive to download programs for awhile now. I right clicked my travel drive and did a scan with spybot. These files i know are clean, as they are downloaded from there official pages. The following files were detected to be smitfraud c:

    Microsoft malicious removal tool-was downloaded from official Microsoft page.
    Dx web setup. Direct x setup-was downloaded from official Microsoft page.
    Comodo free firewall-was downloaded from comodos page.
    Hijack this-downloaded from official page.
    Internet explorer 7 setup file from offical microsoft page.

    All of these were detected to be smitfraud c.

    What is interesting is:

    under the right click menu scan with spybot that i did, the window that spybot scans in, under spybot search and destroy (malware) it says nothing found. Yet the next line, for the same items under spybot search and destroy (heuristic) it says smitfraud c.

    So i think this is a false positive.

    * Windows XP home edition sp3
    * Internet Explorer 7, FireFox latest version
    * Latest spybot 1.6
    * false positive occurred using right click scan with spybot on travel drive.

  2. #2
    Junior Member
    Join Date
    Jul 2008
    Posts
    1

    Default

    Hi, I just updated to version 1.6, and tried scanning some files using the right-click scanning, and it also detected Smitfraud-C in a couple of files.

    It seems like it does this with almost every file, though I wonder why you don't get an option to do anything besides clicking "Close" when it has finished scanning...

    I'm gonna say this is a false positive.

  3. #3
    Junior Member
    Join Date
    Mar 2008
    Location
    USA
    Posts
    6

    Default False positives found in old DOS commands

    Windows XP Professional w/SP3
    Firefox 2.0.0.15
    Spybot 1.6 final, with July 9, 2008 updates
    The following FPs occurred only after a right-click manual scan of a particular saved folder. No infections were reported under Malware, only Heuristic.

    After updating to Spybot 1.6 and the July 9 definitions and rebooting, I also tried right-click scans on some old saved executable files from MSDOS 6.22, from the 1990's. Some (not all) of these old files were reported as being infected with either "Smitfraud-C" or "Worldsecurityonline.FakeAlert" under "Heuristic." These are false positives that have been scanned to death over the years, including last week, when nothing evil was detected in them.

    These files are all in one folder on a backup disk and are inert.

    Suspected FP of Worldsecurityonline.FakeAlert in MSDOS 6.22 files:
    Attrib.exe
    Chkdsk.exe
    Debug.exe
    Deltree.exe
    Edit.com
    Edlin.exe
    Fdisk.exe
    Mem.exe
    Move.exe
    Mscdex.exe

    Smitfraud-C FP in:
    Start.exe (DOS 6.22)
    Submitted IMHO, by Wiz!

  4. #4
    Junior Member
    Join Date
    Jul 2008
    Posts
    3

    Default

    Hi! I've the same problem! With a normal scan (SB-1.6.0.30) everything is ok. With the right buton i've Smitfraud-c in (line Heuristics) the file "mbam.exe" (Malwarebytes'Anti-Malware) and in the file "mbamcatdhme.sys" it says Worldsecurityonline.Fakealert.
    Anyone can tell something about that?
    Thanks

  5. #5
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    hello,

    thank you for reporting this.
    I can confirm that these are false positives.

    Those reported by 129260 and Wizcrafts have been confirmed and will be fixed with the next update.

    When reporting such heuristics false positives, please tell us where the files are located or where you got the files, naming the operating system and versions of software is also helpful (see above how 129260 and Wizcrafts reported).

    Alternatively you can also send us the files in question with a reference to this thread to detections@spybot.info
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  6. #6
    Junior Member
    Join Date
    Jul 2008
    Posts
    3

    Default

    Windows XP Home/SP3
    IE7
    SpyBot 1.6 updated

    In my case the files are C:\Programas\Malwarebytes' Anti-Malware/mbam
    and C:\WINDOWS\system32\drivers/mbamcatchme

    Thanks for your interest
    Regards from Portugal

  7. #7
    129260
    Guest

    Default

    Quote Originally Posted by Yodama View Post
    hello,

    thank you for reporting this.
    I can confirm that these are false positives.

    Those reported by 129260 and Wizcrafts have been confirmed and will be fixed with the next update.

    When reporting such heuristics false positives, please tell us where the files are located or where you got the files, naming the operating system and versions of software is also helpful (see above how 129260 and Wizcrafts reported).

    Alternatively you can also send us the files in question with a reference to this thread to detections@spybot.info
    Thanks tashi!!! your welcome!!

  8. #8
    Junior Member
    Join Date
    Jul 2008
    Posts
    2

    Default Big help there! Thanks!

    Quote Originally Posted by 129260 View Post
    Hi, I have used my travel drive to download programs for awhile now. I right clicked my travel drive and did a scan with spybot. These files i know are clean, as they are downloaded from there official pages. The following files were detected to be smitfraud c:

    Microsoft malicious removal tool-was downloaded from official Microsoft page.
    Dx web setup. Direct x setup-was downloaded from official Microsoft page.
    Comodo free firewall-was downloaded from comodos page.
    Hijack this-downloaded from official page.
    Internet explorer 7 setup file from offical microsoft page.

    All of these were detected to be smitfraud c.

    What is interesting is:

    under the right click menu scan with spybot that i did, the window that spybot scans in, under spybot search and destroy (malware) it says nothing found. Yet the next line, for the same items under spybot search and destroy (heuristic) it says smitfraud c.

    So i think this is a false positive.

    * Windows XP home edition sp3
    * Internet Explorer 7, FireFox latest version
    * Latest spybot 1.6
    * false positive occurred using right click scan with spybot on travel drive.
    Exactly my experience with right click spybot,I also scanned with mcaffe and it shows clean,so false positive it is

  9. #9
    129260
    Guest

    Lightbulb yup

    this has been confirmed and will be fixed. See yodamas replies.

  10. #10
    Member
    Join Date
    Nov 2005
    Posts
    31

    Default Wireless Migrator

    Would you please check the program "Wireless Migrator" from codeplex? URL listed below

    http://www.codeplex.com/wlan/Release/ProjectReleases.aspx?ReleaseId=14107 > BackupWireless.exe

    Spybot 1.6 latest definitions detects "Worldsecurityonline.FakeAlert" when using the context menu option and heuristics.

    I believe this is a false positive.

    Thanks for your feedback.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •