Results 1 to 8 of 8

Thread: False Positive for Win32.TDSS.reg with 7/1/2009 updates?

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Senior Member
    Join Date
    May 2006
    Posts
    236

    Question False Positive for Win32.TDSS.reg with 7/1/2009 updates?

    --- Search result list ---
    Win32.TDSS.reg: [SBI $7536FD9B] Settings (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SKYNET\imagepath

    Win32.TDSS.reg: [SBI $C7FA8D4D] Settings (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SKYNET\imagepath

    [snipped; see http://pastebin.ca/1481044 for the whole results]


    I think SKYNET is my HDTV tuner cards if I remember correctly. This was on my updated Windows XP Pro. SP3 machine after I updated and scanned this morning.

    Thank you in advance.

  2. #2
    Senior Member
    Join Date
    May 2006
    Posts
    236

    Post Yep, they're my HDTV tuner card drivers.

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SKYNET]
    "Type"=dword:00000001
    "Start"=dword:00000003
    "ErrorControl"=dword:00000001
    "Tag"=dword:0000001a
    "ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
    52,00,49,00,56,00,45,00,52,00,53,00,5c,00,53,00,6b,00,79,00,4e,00,45,00,54,\
    00,2e,00,53,00,59,00,53,00,00,00
    "DisplayName"="TechniSat DVB-PC TV Star PCI"
    "Group"="NDIS"
    "dwOurExactWinVer"=dword:000007d1
    "dwExactWinVerMaj"=dword:00000005
    "dwExactWinVerMin"=dword:00000001
    "dwExactWinVerBuild"=dword:00000a28

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SKYNET\Security]
    "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
    00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
    00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
    05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
    20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
    00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
    00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

    --

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SKYNET]
    "Type"=dword:00000001
    "Start"=dword:00000003
    "ErrorControl"=dword:00000001
    "Tag"=dword:0000001a
    "ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
    52,00,49,00,56,00,45,00,52,00,53,00,5c,00,53,00,6b,00,79,00,4e,00,45,00,54,\
    00,2e,00,53,00,59,00,53,00,00,00
    "DisplayName"="TechniSat DVB-PC TV Star PCI"
    "Group"="NDIS"
    "dwOurExactWinVer"=dword:000007d1
    "dwExactWinVerMaj"=dword:00000005
    "dwExactWinVerMin"=dword:00000001
    "dwExactWinVerBuild"=dword:00000a28

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SKYNET\Security]
    "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
    00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
    00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
    05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
    20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
    00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
    00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SKYNET\Enum]
    "0"="PCI\\VEN_13D0&DEV_2103&SUBSYS_210313D0&REV_02\\4&31b6cd7&0&10F0"
    "Count"=dword:00000002
    "NextInstance"=dword:00000002
    "1"="PCI\\VEN_13D0&DEV_2103&SUBSYS_210313D0&REV_02\\4&31b6cd7&0&18F0"

    --

    Should I post my driver file?

  3. #3
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Thank you for reporting this false positive, we will change the detection rules to not detect this TV card driver anymore.

    Should I post my driver file?
    Thank you but that is not necessary for the time being.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  4. #4
    Senior Member
    Join Date
    May 2006
    Posts
    236

    Default

    Quote Originally Posted by Yodama View Post
    Thank you for reporting this false positive, we will change the detection rules to not detect this TV card driver anymore.


    Thank you but that is not necessary for the time being.
    Thanks! Do I assume the updated definitions will be next Wed.?

  5. #5
    Senior Member drragostea's Avatar
    Join Date
    Jan 2008
    Location
    @Home
    Posts
    3,674

    Default

    antdude: Yes, it'll be corrected and updated next Wednesday.

  6. #6
    Senior Member
    Join Date
    May 2006
    Posts
    236

    Thumbs up

    Quote Originally Posted by drragostea View Post
    antdude: Yes, it'll be corrected and updated next Wednesday.
    Thanks!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •