Possible false positive - Win32.Agent.bzs

**bobajob61** · 2008-12-07, 11:25

Hi - I got this result repeatedly in scans since 4/12 (after the last set of updates). I am currently using Firefox 3.0.4. Here's the log:

--- Report generated: 2008-12-06 20:21 ---

Win32.Agent.bzs: [SBI $3E293BA0] Executable (File, nothing done)
C:\WINDOWS\system32\userinit.exe

Cache: Cache (801) (Cache, nothing done)

--- Spybot - Search & Destroy version: 1.6.0 (build: 20080604) ---

And here is the fix log:

--- Report generated: 2008-12-06 20:48 ---

Win32.Agent.bzs: [SBI $3E293BA0] Executable (File, fixed)
C:\WINDOWS\system32\userinit.exe

Cache: Cache (801) (Cache, nothing done)

My problem is that on scanning with Spybot after a reboot, the problem file reappears. I have looked at the executable userinit.exe before and after clicking to fix the problem in Spybot. There doesn't appear to be any change and the files properties remain unchanged. No other scanner highlights any problem.

Is this result a false positive?

**Yodama** · 2008-12-08, 08:22

hello,
to analyze this issue we will require the userinit.exe in question.
Please copy it to your desktop and zip it. Then email it to detections-at-spybot.info (please replace -at- with @) with a reference to this thread.

**beatriz** · 2008-12-08, 10:32

Originally Posted by bobajob61

My problem is that on scanning with Spybot after a reboot, the problem file reappears. I have looked at the executable userinit.exe before and after clicking to fix the problem in Spybot. There doesn't appear to be any change and the files properties remain unchanged. No other scanner highlights any problem.

Same happens to me, any news about this?

**bobajob61** · 2008-12-08, 20:06

OK - I have sent the userinit.exe zip file to detections-at-spybot.info.

Hope you can evaluate whether this one was a f/p.

**Yodama** · 2008-12-10, 07:21

thank you for sending in the file,
it looks like a false positive, correction will be made with the update today.

**bobajob61** · 2008-12-10, 07:44

You're welcome. Glad to be of some assistance. Thanks for looking into this for me.

**deb13b** · 2008-12-10, 16:09

This one turned up in a scan on Sunday, I've been trying unsuccessfully to get rid of it since then. Hope it is a FP !!

Thread: Possible false positive - Win32.Agent.bzs

Thread Tools

Display

Possible false positive - Win32.Agent.bzs

Posting Permissions