Results 1 to 7 of 7

Thread: Spybot S&D and malware

  1. #1
    Senior Member alicez's Avatar
    Join Date
    Apr 2008

    Default Spybot S&D and malware

    I just loaded a Zoom/Modem V.92 PC card on my old Sony Vaio with Win98.
    When I run my Spybot - Search & Destroy (1.6), it picks up the following file which it is claiming is MALWARE.

    Smitfraud.C/gp (SB)$77A6C034)

    When I go to this file and click on Properties it indicates Zoom, Thelphonics - World Traveler Country Setup.

    Search & Destroy wamts to delete this file. Should I allow it to be deleted? Please advise. Thank you.

  2. #2
    Senior Member drragostea's Avatar
    Join Date
    Jan 2008


    This "country.exe" process seems to be listed as malware from results in the Google search engine, however, I cannot be sure because you have a file, not a process. Is "country.exe" running in the Windows Task Manager?

    Find the file and upload it to VirusTotal and see if it is flagged:

  3. #3
    Senior Member alicez's Avatar
    Join Date
    Apr 2008

    Default Thank you

    Thank you.
    I clicked on Ctrl/Alt/Del and it brings up a box that has Close Program on the top. There are several programs listed, but nothing relating to 'country.exe.'

    #1- Isn't there someplace at S&B where I can send a copy of this file to be analyzed?


    #2- Doesn't S&D allow us to scan a floppy drive all by itself?\
    My Zoom CD is in drive G: and I thought I could do a scan of that Zoom CD while it is in the G: drive.
    Last edited by alicez; 2008-12-13 at 17:34.

  4. #4
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005



    Did you scan the file at VIRUSTOTAL - Free Online Virus and Malware Scan as suggested? If so what were the results?

    There is also another site with an online scan:
    Both those sites use multiple products to scan a single file. That should give you an indication if the file you are dealing with is malicious or not.

    To answer your specific questions:
    1. Yes.
    2. No
    Last edited by md usa spybot fan; 2008-12-13 at 18:14.

    Getting an answer is one thing, learning is another.

    Microsoft Windows XP Home Edition running on a 2.40GHz IntelĀ® PentiumĀ® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  5. #5
    Senior Member alicez's Avatar
    Join Date
    Apr 2008

    Default Thank you

    I believe this is what you requested. (In the meantime I have removed the file from my Vaio Win98se and put it on a 3 1/2" disk...)

    File Country.exe received on 12.14.2008 16:09:52 (CET)
    Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

    Result: 2/38 (5.27%)

    Loading server information...
    Your file is queued in position: ___.
    Estimated start time is between ___ and ___ .
    Do not close the window until scan is complete.
    The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
    If you are waiting for more than five minutes you have to resend your file.
    Your file is being scanned by VirusTotal in this moment,
    results will be shown as they're generated.
    Print results

    Antivirus Version Last Update Result
    AhnLab-V3 2008.12.12.2 2008.12.14 -
    AntiVir 2008.12.12 -
    Authentium 2008.12.13 -
    Avast 4.8.1281.0 2008.12.13 -
    AVG 2008.12.14 -
    BitDefender 7.2 2008.12.14 -
    CAT-QuickHeal 10.00 2008.12.13 (Suspicious) - DNAScan
    ClamAV 0.94.1 2008.12.14 -
    Comodo 749 2008.12.13 -
    DrWeb 2008.12.14 -
    eSafe 2008.12.14 -
    eTrust-Vet 31.6.6258 2008.12.12 -
    Ewido 4.0 2008.12.14 -
    F-Prot 2008.12.12 -
    F-Secure 8.0.14332.0 2008.12.14 Suspicious:W32/Malware!Gemini
    Fortinet 2008.12.14 -
    GData 19 2008.12.14 -
    Ikarus T3. 2008.12.14 -
    K7AntiVirus 7.10.553 2008.12.13 -
    Kaspersky 2008.12.14 -
    McAfee 5463 2008.12.13 -
    McAfee+Artemis 5463 2008.12.13 -
    Microsoft 1.4205 2008.12.14 -
    NOD32 3689 2008.12.14 -
    Norman 5.80.02 2008.12.12 -
    Panda 2008.12.14 -
    PCTools 2008.12.14 -
    Prevx1 V2 2008.12.14 -
    Rising 2008.12.14 -
    SecureWeb-Gateway 6.7.6 2008.12.12 -
    Sophos 4.36.0 2008.12.14 -
    Sunbelt 3.2.1801.2 2008.12.11 -
    Symantec 10 2008.12.14 -
    TheHacker 2008.12.13 -
    TrendMicro 8.700.0.1004 2008.12.12 -
    VBA32 2008.12.13 -
    ViRobot 2008.12.12.1514 2008.12.12 -
    VirusBuster 2008.12.14 -
    Additional information
    File size: 139264 bytes
    MD5...: 14c7769875b49d20a0af1d7c571617fb
    SHA1..: 92d8eb7771dff4a92d521572f2f03cd35aff6b39
    SHA256: 80fd8b2fca1593d39ab0848b1d063889f73445a13e628de530d8d1a36c21fedd
    SHA512: e27e73c7466e2417fde655ebe9329b7ec818135851b806b45c693535e7c61524

    ssdeep: 3072:f60nWeEiCqPG/pmqx/pEjKOGPKxALX6s8z5TopfaL4Skmo:r7EdgaBpEjKO

    PEiD..: -
    TrID..: File type identification
    Win64 Executable Generic (54.6%)
    Win32 Executable MS Visual C++ (generic) (24.0%)
    Windows Screen Saver (8.3%)
    Win32 Executable Generic (5.4%)
    Win32 Dynamic Link Library (generic) (4.8%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x403312
    timedatestamp.....: 0x3b38c110 (Tue Jun 26 17:06:24 2001)
    machinetype.......: 0x14c (I386)

    ( 4 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x14b16 0x15000 7.75 ecf77c7ea1c6a972f0efcc50b5116f1a
    .rdata 0x16000 0x4bac 0x5000 4.71 7d8907cb5e96558668f6215b656a7def
    .data 0x1b000 0x5a08 0x2000 2.95 5ff1f990c88741a1bf596d09e06b0f50
    .rsrc 0x21000 0x4310 0x5000 3.65 51ff3e079de5f3170c17d820e4abbd44

    ( 7 imports )
    > KERNEL32.dll: RtlUnwind, HeapFree, HeapAlloc, GetStartupInfoA, GetCommandLineA, ExitProcess, TerminateProcess, HeapSize, GetACP, GetTimeZoneInformation, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, HeapReAlloc, RaiseException, LCMapStringA, LCMapStringW, SetUnhandledExceptionFilter, GetDriveTypeA, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetPrivateProfileIntA, GetWindowsDirectoryA, WritePrivateProfileStringA, GetCurrentThreadId, GetCurrentThread, lstrcmpiA, lstrcmpA, GlobalDeleteAtom, GlobalAlloc, GetProfileStringA, GetFullPathNameA, FlushFileBuffers, SetFilePointer, WriteFile, GetCurrentProcess, FileTimeToSystemTime, SetErrorMode, FileTimeToLocalFileTime, SizeofResource, GetOEMCP, GetCPInfo, GlobalFlags, GetProcessVersion, GetCurrentDirectoryA, LocalReAlloc, lstrcpynA, TlsGetValue, GlobalReAlloc, TlsSetValue, EnterCriticalSection, GlobalHandle, LeaveCriticalSection, TlsFree, InitializeCriticalSection, DeleteCriticalSection, TlsAlloc, FindNextFileA, LocalFree, LocalAlloc, GetEnvironmentStrings, FindClose, FindFirstFileA, GetModuleFileNameA, GetLastError, GetEnvironmentStringsW, LoadLibraryA, GlobalLock, MulDiv, SetLastError, FreeLibrary, GetPrivateProfileStringA, GetVersion, lstrcatA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, lstrcpyA, GetModuleHandleA, GetProcAddress, MultiByteToWideChar, WideCharToMultiByte, lstrlenA, InterlockedDecrement, InterlockedIncrement, GlobalUnlock, GlobalFree, LockResource, FindResourceA, LoadResource, CloseHandle, SetHandleCount, GetStdHandle, GetFileType
    > USER32.dll: ScreenToClient, AdjustWindowRectEx, SetFocus, GetSysColor, MapWindowPoints, SendDlgItemMessageA, UpdateWindow, IsDialogMessageA, SetWindowTextA, ShowWindow, LoadStringA, ClientToScreen, GetDC, ReleaseDC, GetWindowDC, BeginPaint, EndPaint, TabbedTextOutA, DrawTextA, GrayStringA, DestroyMenu, LoadCursorA, GetClassNameA, PtInRect, GetSysColorBrush, InvalidateRect, GetTopWindow, GetCapture, WinHelpA, wsprintfA, CopyRect, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, DefWindowProcA, CreateWindowExA, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetPropA, CallWindowProcA, RemovePropA, GetMessagePos, GetForegroundWindow, SetForegroundWindow, SetWindowPos, RegisterWindowMessageA, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, EndDialog, SetActiveWindow, IsWindow, CreateDialogIndirectParamA, DestroyWindow, GetDlgItem, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetFocus, GetNextDlgTabItem, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, GetKeyState, CallNextHookEx, ValidateRect, IsWindowVisible, PeekMessageA, GetCursorPos, SetWindowsHookExA, GetParent, GetLastActivePopup, IsWindowEnabled, GetWindowLongA, SetCursor, PostQuitMessage, PostMessageA, LoadIconA, EnableWindow, GetClientRect, IsIconic, GetSystemMenu, SendMessageA, AppendMenuA, DrawIcon, MessageBoxA, GetSystemMetrics, GetClassInfoA, RegisterClassA, SetWindowLongA, GetWindow, IntersectRect, OffsetRect, GetMessageTime, ShowCaret, IsWindowUnicode, CharNextA, InflateRect, DefDlgProcA, DrawFocusRect, ExcludeUpdateRgn, HideCaret, UnregisterClassA
    > GDI32.dll: SetBkColor, SetTextColor, GetObjectA, DeleteDC, SaveDC, RestoreDC, SelectObject, GetStockObject, SetBkMode, SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, IntersectClipRect, GetClipBox, DeleteObject, GetDeviceCaps, CreateSolidBrush, PtVisible, TextOutA, ExtTextOutA, RectVisible, Escape, CreateDIBitmap, BitBlt, GetTextExtentPointA, CreateCompatibleDC, CreateBitmap, PatBlt
    > WINSPOOL.DRV: OpenPrinterA, DocumentPropertiesA, ClosePrinter
    > ADVAPI32.dll: RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegSetValueExA
    > SHELL32.dll: ShellExecuteA
    > COMCTL32.dll: -

    ( 0 exports )

    CWSandbox info: <a href='' target='_blank'></a>

  6. #6
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005


    I will ask a detective to take a look at this thread Monday.

    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  7. #7
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005


    hello, thanks for reporting, this appears to be a false positive and will be corrected with the next update scheduled for Wednesday
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts