Page 2 of 5 FirstFirst 12345 LastLast
Results 11 to 20 of 41

Thread: right click scanning of spybot detects smitfraud c all over the place!

  1. #11
    Senior Member
    Join Date
    May 2006
    Posts
    236

    Unhappy Same here for my MSCOMCTL.OCX file.

    Same here with MSCOMCTL.OCX file. :(

  2. #12
    Senior Member
    Join Date
    Oct 2005
    Location
    Los Angeles
    Posts
    219

    Default We can all Chill till the next update

    otherwise check properties and see if the file is in the correct place where the ms file is supposed to be and that the file size is what it's supposed to be etc
    or submit it to virus total
    just do not delete - quarantine

  3. #13
    Senior Member
    Join Date
    May 2006
    Posts
    236

    Thumbs up

    Quote Originally Posted by wyrmrider View Post
    otherwise check properties and see if the file is in the correct place where the ms file is supposed to be and that the file size is what it's supposed to be etc
    or submit it to virus total
    just do not delete - quarantine
    I already uploaded to those two online scanners. They detected it being clean.

  4. #14
    Senior Member
    Join Date
    Oct 2005
    Location
    Los Angeles
    Posts
    219

    Default

    Good move
    however sometimes several of the scanners will show the same heuristics hits- like 2 or 3
    Jotti is another check
    if a hit has not been reported before send it in as shown earlier in this thread
    with your os version etc as requested
    perhaps with this one havening DOS on the machine makes a difference
    Does everyone have DOS-- what version?

  5. #15
    Senior Member
    Join Date
    May 2006
    Posts
    236

    Wink

    Quote Originally Posted by wyrmrider View Post
    Good move
    however sometimes several of the scanners will show the same heuristics hits- like 2 or 3
    Jotti is another check
    if a hit has not been reported before send it in as shown earlier in this thread
    with your os version etc as requested
    perhaps with this one havening DOS on the machine makes a difference
    Does everyone have DOS-- what version?
    I have:
    http://www.virustotal.com/ and http://virusscan.jotti.org/

    http://scanner.virus.org/ was giving 500 internal server error, so I couldn't use it.

    I don't have DOS on this box (just cmd.exe) with Windows XP Pro. SP2 with all critical updates (not SP3) and optional softwares.

  6. #16
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    @129260
    no problem, though Tashis avatar is slightly different from mine


    Currently the single file scan will produce a lot of false positives with the heuristics scan.
    I am currently checking the data base to avoid these false positives. It is likely that we will release the updates on this step by step to avoid a high bandwidth load with the next update and to have more time with testing.
    So not all heuristics false positives will be resolved with the update tomorrow.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  7. #17
    Senior Member 129260's Avatar
    Join Date
    Sep 2007
    Location
    Somewhere in the USA
    Posts
    1,139

    Default ok

    Thanks for the info yodama! Ya, i have been speeding through the forums lately, and sometimes i miss things like avatars and names. I need to slow down and read more carefully before i reply and such.

    I am just glad you guys are aware of it. I participate in the distributed testing process (I have the service on 2 computers) as well because i want to help with false positives and the like. I am glad you guys are working to correct the right click heuristics. Thanks for the update!
    Last edited by 129260; 2008-07-16 at 00:15.
    "I am learning just like everyone else"
    new members!
    Custom built PC. Windows 7 pro x64 16GB Ram
    AMD FX 8 core 8350 Black edition
    SABERTOOTH 990FX/GEN3 R2.0
    Asus HD 7870 2GB GDDR5

  8. #18
    Junior Member
    Join Date
    Jul 2008
    Posts
    2

    Default what if someone is infected?'

    what if someone is infected?

    will it then list under malware instead of heuristic. spybot, with right click scan, finds a few files under heuristic category that show smitfraud-c and Worldsecurityonline.FakeAlert.

    my pc actually does have a virus or something. when booted it gives me a bunch or application errors stating that my programs failed to initialize and must either terminate or debug. also i am unable to open anything on my desktop or modify it(explorer.exe). my system lags rediculously hard making it impossible to do anything including updating my anti-virus. i am currently using mcaffee 8.5i enterprise with patch 5. the on-acess did not catch any virus and i am not able to update manually due to the lag.

    i'm currently researching the symptoms of smitfraud-c and worldsecrutiyonline.fakealert and will post my results of what i think this could be.

    my question is are all of "smitfraud-c" and "worldsecurityonline" in the heuristic category just brushed off to assume the user is infected with in fact "nothing"?

    this is also a wierd question but i ran RAM diagnostics that cleared but could RAM be the culprit? unlikely, but this is beyond me....

    thanks guys, any reply is most helpful

  9. #19
    Senior Member 129260's Avatar
    Join Date
    Sep 2007
    Location
    Somewhere in the USA
    Posts
    1,139

    Default I would......

    post in the malware removal forums since you said you are infected.....
    "I am learning just like everyone else"
    new members!
    Custom built PC. Windows 7 pro x64 16GB Ram
    AMD FX 8 core 8350 Black edition
    SABERTOOTH 990FX/GEN3 R2.0
    Asus HD 7870 2GB GDDR5

  10. #20
    Junior Member
    Join Date
    Jul 2008
    Posts
    2

    Default Big help there! Thanks!

    Quote Originally Posted by 129260 View Post
    Hi, I have used my travel drive to download programs for awhile now. I right clicked my travel drive and did a scan with spybot. These files i know are clean, as they are downloaded from there official pages. The following files were detected to be smitfraud c:

    Microsoft malicious removal tool-was downloaded from official Microsoft page.
    Dx web setup. Direct x setup-was downloaded from official Microsoft page.
    Comodo free firewall-was downloaded from comodos page.
    Hijack this-downloaded from official page.
    Internet explorer 7 setup file from offical microsoft page.

    All of these were detected to be smitfraud c.

    What is interesting is:

    under the right click menu scan with spybot that i did, the window that spybot scans in, under spybot search and destroy (malware) it says nothing found. Yet the next line, for the same items under spybot search and destroy (heuristic) it says smitfraud c.

    So i think this is a false positive.

    * Windows XP home edition sp3
    * Internet Explorer 7, FireFox latest version
    * Latest spybot 1.6
    * false positive occurred using right click scan with spybot on travel drive.
    Exactly my experience with right click spybot,I also scanned with mcaffe and it shows clean,so false positive it is

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •