Results 1 to 4 of 4

Thread: JRE 2 Update 16 Win32.TDSS.rtk

  1. #1
    Junior Member
    Join Date
    Aug 2009

    Default JRE 2 Update 16 Win32.TDSS.rtk

    I was asked to post here, if it occured a FP.
    My original post is located here:
    I am not absolutely sure if it is, but prehaps it is
    Teatimer found during the installation of new Java 2 Runtime Environment (JRE) 6 Update 16,
    a possible threat Win32.TDSS.rtk and stopped the process. It was found in file unpack200.exe in C:\Program files\Java\jre6\bin.
    After that, i've made a full scan with Spybot and it found nothing.

    My OS: Windows XP HE SP3
    Browser: IE 7, Opera 9.64.10487
    Spybot v. definitions update 2009-08-12
    Full System scan report: clean

    Teatimer message when it found the threat:
    Process ID: 4016
    Found: Win32.TDSS.rtk
    in file: unpack2000.exe in
    in location: C:\Program Files\Java\jre6\bin

    Just one more thing.
    When i turned off TeaTimer, so i culd run HJT, an error occured with message,
    that The Program terminated with error and this report should be send to Microsoft.
    Maybe this was the cause of all of this.

    File unpack200.exe has been scanned on these 2 sites: and and by file scanner of Spybot S&D and also my antivirus software, it came out clean.
    Last edited by 79ronin; 2009-08-12 at 17:52. Reason: Scan result of file: unpack200.exe

  2. #2
    Junior Member
    Join Date
    Aug 2009


    Probably, this has just been an error of Teatimer.
    Just now i have uninstalled Java and installed it again.
    The same version, the same file, even the same update definitions of SPybot with Teatimer on, and nothing occured, no warnings.
    Like i wrote, this might've been the effect of error of the Teatimer, after the update.

  3. #3
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005


    Thank you for reporting this.
    The current version of the Teatimer can identify files based on a signature whitelist, this means that for instance the Java files that have this digital signature get an ok by Teatimer and do not get flagged.

    However the older versions of Teatimer do not have this feature, so in combination with newer detection rules a false positive could occur with the old versions of Teatimer.

    Appearently the Teatimer does not always get updated while the old version is still in use. The install routine then usually exchanges the version after a reboot of the computer.

    79ronin in your case, do you remember if the false positive occured after a Teatimer upgrade without a computer reboot?
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  4. #4
    Junior Member
    Join Date
    Aug 2009


    I had a similar problem , see . Spybot resident detected jqs.exe (Java Quick Start) as the 2Search spyware immediately after I installed jre update 16 from a filehippo download so I thought immediately that it is a false positive and I didn't delete the file or prevent it from running as suggested . At the same time as I was installing the jre , Spybot was doing it's update so it's possilble that it was a false positive because of old resident code coupled with new detection rules as Yodama said .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts