Results 1 to 3 of 3

Thread: CIADoor or false definitions?

  1. 2009-03-15, 14:25 #1
    Lavater
    Lavater is offline
    Junior Member
    Join Date
    Mar 2009
    Posts
    2

    Default CIADoor or false definitions?

    Hello,

    Spybot S&D told me my PC has an CIADoor.

    "14.03.2009 17:56:49 - ##### check started #####
    14.03.2009 17:56:49 - ### Version: 1.6.2
    14.03.2009 17:56:49 - ### Date: 14.03.2009 17:56:49
    14.03.2009 17:56:50 - ##### checking bots #####
    14.03.2009 18:01:06 - found: Win32.Ciadoor.cj Einstellungen
    14.03.2009 18:01:06 - found: Win32.Ciadoor.cj Einstellungen

    I checked my PC with GDATA Antivirus, Avast Antivirus, I checked the attacked file "XProtection.exe" with jotti and and other scanners - but no one could found this Trojan. Is it possible that SpyBot S&D is making a mistake?

    Please can you help me.
    Reply With Quote Reply With Quote
  2. 2009-03-15, 14:29 #2
    Lavater
    Lavater is offline
    Junior Member
    Join Date
    Mar 2009
    Posts
    2

    Default

    Quote Originally Posted by Lavater View Post
    Hello,

    Spybot S&D told me my PC has an CIADoor.

    "14.03.2009 17:56:49 - ##### check started #####
    14.03.2009 17:56:49 - ### Version: 1.6.2
    14.03.2009 17:56:49 - ### Date: 14.03.2009 17:56:49
    14.03.2009 17:56:50 - ##### checking bots #####
    14.03.2009 18:01:06 - found: Win32.Ciadoor.cj Einstellungen
    14.03.2009 18:01:06 - found: Win32.Ciadoor.cj Einstellungen

    I checked my PC with GDATA Antivirus, Avast Antivirus, I checked the attacked file "XProtection.exe" with jotti and and other scanners - but no one could found this Trojan. Is it possible that SpyBot S&D is making a mistake?

    Please can you help me.


    Win32.Ciadoor.cj: [SBI $F8F7B198] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XPROTECTOR

    Win32.Ciadoor.cj: [SBI $CD1A07CB] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\XPROTECTOR
    Last edited by tashi; 2009-03-15 at 18:01. Reason: Moved from malware removal forum
    Reply With Quote Reply With Quote
  3. 2009-03-16, 08:22 #3
    Yodama
    Yodama is offline
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    hello,

    for the time being this does not appear to be a false positive.
    To analyze this issue we will need more information, please do the following:
    • do a scan with Spybot S&D
    • at the end of the scan right click the scan result and choose to save a full report to your desktop
    • click on one of the blue registry icons on the right to the scan result for CIADoor HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XPROTECTOR
    • export the registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XPROTECTOR
    • attach the files including the xprotect.exe to your email to detections@spybot.info
    • make a reference to this thread in your email, you can write your email in german if that is more convenient to you
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules