Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: EBlaster false positve?

  1. #1
    Junior Member
    Join Date
    Jan 2007
    Posts
    5

    Default EBlaster false positve?

    Running Spybot S&D 1.6.2 updated as of today (4/30).

    Right click scan detects nothing found under Malware but does detect EBlaster under Heuristic for the majority of webpages I download and save as *.mht files.

    I noticed that Eblaster detection was updated on 4/29; possibly falsepositive?

    For example, I saved: http://www.safer-networking.org/en/spybotsd/index.html to my desktop today, and Spybot detected EBlaster (heuristic).

  2. #2
    Junior Member
    Join Date
    May 2009
    Posts
    3

    Default Heuristic Scan - Image Files showing EBlaster Infection

    Following an upgrade today to Ver 1.6.6.32 Some but not all files with a png jpg and zip extention are showing EBlaster Infection on Heuristic Scan Only. When tested with Spyware Doctor all is ok.

    I have searched for EBlaster Programs,Process's and the Registry with no sign of EBlaster Infection.

    I have to admit I am thinking along the same lines however as a person that deals in facts and not fiction, I would like to know if other forum members are having issues as well or if Spybot can confirm this is a legitimate infection.

  3. #3
    Junior Member
    Join Date
    Jan 2007
    Posts
    5

    Default EBlaster false positive??

    Let me add that I also have manually checked the files and registry entries that are listed in Spybot's "Manual Removal Guide for EBlaster" and everything is clean.

    Likewise, scans with NIS-2009, Malewarebytes and SuperAntispyware are all clean.

    Haven't updated to 1.6.6 and plan to hold off until this issue is sorted out. Don't want to jump from the frying pan into the fire!
    Last edited by MartyTX; 2009-05-01 at 16:56. Reason: To add title

  4. #4
    Junior Member
    Join Date
    Jul 2007
    Posts
    16

    Default EBlaster

    I have files that are downloaded to me in zip archive. The archive has simply about 50 small text files and one .xml file. I test everything that is downloaded prior to opening and since 4/30 I too am getting the EBlaster alarm in heuristics.

    Is it possible for me to send one of these zip files to Spybot and have them test it?

    I refuse to extract the ones that show the infection until this matter is cleared up.


    Thanks

  5. #5
    Junior Member
    Join Date
    Jan 2007
    Posts
    5

    Default EBlaster Heuristic false positive??

    Another bit of information.

    Go to a trusted website; I picked "Microsoft.com".

    After the site opens, consecutively save the screen in two formats:

    1. Web Archive single file (*.mht)
    2. Webpage complete (*.htm or *.html)

    Spybot's rightclick scan on the "Microsoft Corporation.mht" archive detected EBlaster Heuristic.

    However, rightclick scans on the complete webpage "Microsoft Corporation.htm" and the associated file "Microsoft Corporation_files" were both clean.

    So, the sum of the archived parts has a problem, but each unarchived part is clean. Confusing?!

  6. #6
    Junior Member
    Join Date
    May 2009
    Posts
    2

    Default

    Quote Originally Posted by oldwolfe View Post
    Following an upgrade today to Ver 1.6.6.32 Some but not all files with a png jpg and zip extention are showing EBlaster Infection on Heuristic Scan Only. When tested with Spyware Doctor all is ok.

    I have searched for EBlaster Programs,Process's and the Registry with no sign of EBlaster Infection.

    I have to admit I am thinking along the same lines however as a person that deals in facts and not fiction, I would like to know if other forum members are having issues as well or if Spybot can confirm this is a legitimate infection.
    I've been having the same problems--right-click on a folder which has .zip files or .mse-set files [used for Magic Set Editor, a program used to design card sets] or .jpg files, and I get eblaster detected under heuristics. If I scan the complete harddrive through SB-S&D nothing is noticed out of the ordinary. Norton doesn't detect anything wrong. Ad-aware doesn't detect anything wrong. It's been driving me crazy and absolutely paranoid the last few days that someone has been tracking everything I type. I've gone into the registry and searched the harddrive looking for files/keys that fit the description for eblaster and found nothing. Any feedback on this would be appreciated. I've begun suspecting the presence of false positives . . . .

    Hmmm, are those men with white coats and hug-me-jackets standing out on my front porch?

  7. #7
    Junior Member
    Join Date
    May 2009
    Posts
    2

    Default

    * Operating System--Windows XP Professional (SP3)
    * Browser--FireFox 5.0
    * Spybot S&D 1.6.2.46 (04/30/09)
    * right-click Heuristic scan result of Eblaster found on various .zip, .jpg, .png, .mse-set files and at least one .htm file, some of which were downloaded, others which I created within the last couple of months. I find no other indications of eblaster within the registry or files on the computer.

    Thanks for any feedback.

  8. #8
    Junior Member
    Join Date
    Jul 2007
    Posts
    16

    Default EBlaster

    Anyone have any further info on this?

    Interestingly, the files I get on a daily basis, 2 came thru this afternoon; I tested and they were clean (these are zipped archives). 3rd one came late in the day and it shows as having EBlaster; so now I am really concerned that it isn't a false positive.

    Is there anyway to scan the individual files within the zip? Maybe that would pinpoint something.
    Last edited by rabbitchaser; 2009-05-02 at 03:34.

  9. #9
    Junior Member
    Join Date
    May 2009
    Posts
    1

    Default

    Quote Originally Posted by oldwolfe View Post
    Following an upgrade today to Ver 1.6.6.32 Some but not all files with a png jpg and zip extention are showing EBlaster Infection on Heuristic Scan Only. When tested with Spyware Doctor all is ok.

    I have searched for EBlaster Programs,Process's and the Registry with no sign of EBlaster Infection.

    I have to admit I am thinking along the same lines however as a person that deals in facts and not fiction, I would like to know if other forum members are having issues as well or if Spybot can confirm this is a legitimate infection.
    I'm finding the same thing in some .jpg files. It doesn't show up on the other scan either, and other programs don't detect it. Can anyone confirm that this actually is a false positive?

  10. #10
    Junior Member
    Join Date
    May 2009
    Posts
    3

    Default Further to this

    I have changed one of the (Infected) png files to a gif file using photoshop and retried the Heuristic test and it shows nothing found.

    As the last update lists +EBlaster was added to the definitions list, how do I heal infected png,jpg and zip files that have failed the Heuristic test.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •