False Positive: toyhide.bmp

[CWH803]

Spybot S&R False Positive?

I’m getting what I believe to be a false positive when doing a scan. The file is part of Wallpapertoy.Exe v2002.00.006 “Wallpaper Changer” from Microsoft Corp. It puts its current Wallpaper image at C:\WINDOWS\system32\toyhide.bmp

Environment:
Windows XP Home Edition Version 5.1.2600 Service Pack 3 Build 2600
Internet Explorer V 7.0.5730.11 Build 75730


--- Report generated: 2009-04-11 09:50 ---

Virtumonde.sdn: [SBI $932CB088] Data (File, nothing done)
C:\WINDOWS\system32\toyhide.bmp
Properties.size=3686454
Properties.md5=A2935B053C11B132BF671E4AB7060892
Properties.filedate=1239452297
Properties.filedatetext=2009-04-11 07:18:17


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-02-03 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-04-08 Includes\Adware.sbi (*)
2009-04-08 Includes\AdwareC.sbi (*)
2009-04-08 Includes\Cookies.sbi (*)
2009-03-31 Includes\Dialer.sbi (*)
2009-04-08 Includes\DialerC.sbi (*)
2009-04-08 Includes\HeavyDuty.sbi (*)
2009-02-12 Includes\Hijackers.sbi (*)
2009-04-08 Includes\HijackersC.sbi (*)
2009-03-18 Includes\Keyloggers.sbi (*)
2009-04-08 Includes\KeyloggersC.sbi (*)
2009-04-07 Includes\Malware.sbi (*)
2009-04-08 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-04-08 Includes\PUPSC.sbi (*)
2009-04-08 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-04-08 Includes\SecurityC.sbi (*)
2009-04-08 Includes\Spybots.sbi (*)
2009-04-08 Includes\SpybotsC.sbi (*)
2009-04-08 Includes\Spyware.sbi (*)
2009-04-07 Includes\SpywareC.sbi (*)
2009-04-08 Includes\Tracks.uti
2009-04-08 Includes\Trojans.sbi (*)
2009-04-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

[Yodama]

please email the file to detections@spybot.info with a reference to this thread.
also check if the toyhide.bmp has the property hidden on your computer.

[CWH803]

Please email the file to detections@spybot.info with a reference to this thread. Also check if the toyhide.bmp has the property hidden on your computer.

It does.

E-mail sent.

[Yodama]

I can confirm this false positive, it will be corrected with the detection update scheduled for Wednesday 2009-04-15.