Results 1 to 7 of 7

Thread: False positive with todays update

  1. #1
    Junior Member
    Join Date
    Jul 2007
    Posts
    22

    Default False positive with todays update

    Updated today and done a scan, getting the following result. I purposely disabled system restore myself, this hasn't been reported before today's update either.

    Ertfor.bho: [SBI $C41D8ED7] Settings (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR


    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2009-03-07 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-09-07 advcheck.dll (1.6.4.18)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2009-05-19 Includes\Adware.sbi (*)
    2009-09-22 Includes\AdwareC.sbi (*)
    2009-09-22 Includes\Beta.sbi (*)
    2007-11-06 Includes\Beta.uti
    2009-01-22 Includes\Cookies.sbi (*)
    2009-05-19 Includes\Dialer.sbi (*)
    2009-09-22 Includes\DialerC.sbi (*)
    2009-01-22 Includes\HeavyDuty.sbi (*)
    2009-05-26 Includes\Hijackers.sbi (*)
    2009-09-22 Includes\HijackersC.sbi (*)
    2009-09-22 Includes\Keyloggers.sbi (*)
    2009-09-22 Includes\KeyloggersC.sbi (*)
    2009-08-19 Includes\Malware.sbi (*)
    2009-09-22 Includes\MalwareC.sbi (*)
    2009-03-25 Includes\PUPS.sbi (*)
    2009-09-22 Includes\PUPSC.sbi (*)
    2009-01-22 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2009-09-22 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2009-04-07 Includes\Spyware.sbi (*)
    2009-09-22 Includes\SpywareC.sbi (*)
    2009-06-08 Includes\Tracks.uti
    2009-09-15 Includes\Trojans.sbi (*)
    2009-09-22 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll

  2. #2
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Hello,

    thank you for reporting this issue, it will be fixed with the next detection update scheduled for 2009-09-30. Until then you can set this detection to be ignored via the right click context menu.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  3. #3
    Senior Member
    Join Date
    May 2006
    Posts
    236

    Question Ertfor.bho from 9/30/2009 updates.

    Hello.

    I think this is a similiar issue with yesterday's 9/30/2009 updates.

    From Saved SpybotSD.Results.txt:
    --- Search result list ---
    Ertfor.bho: [SBI $C41D8ED7] Settings (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR
    ...

    From Checks.090930-2002.log:
    30.09.2009 20:02:00 - ##### check started #####
    30.09.2009 20:02:00 - ### Version: 1.6.2
    30.09.2009 20:02:00 - ### Date: 9/30/2009 8:02:00 PM
    30.09.2009 20:02:04 - ##### checking bots #####
    30.09.2009 20:11:13 - found: Ertfor.bho Settings
    ...

    From Checks.090930-2027.txt:
    --- Report generated: 2009-09-30 20:27 ---
    Ertfor.bho: [SBI $C41D8ED7] Settings (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR
    ...

    Exported my updated Windows XP Pro. SP2's registry key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
    "DisableSR"=dword:00000001
    "DisableConfig"=dword:00000000

    I believe this is a false positive since I never had this in the past before 9/16/2009 updates.

    Thank you in advance.

  4. #4
    Junior Member
    Join Date
    Jul 2007
    Posts
    22

    Default

    Yeah this wasn't fixed in the update on the 30th, still showing the false positive.

  5. #5
    Senior Member
    Join Date
    May 2006
    Posts
    236

    Default

    Quote Originally Posted by Broken Hope View Post
    Yeah this wasn't fixed in the update on the 30th, still showing the false positive.
    Thanks for confirmation. Now, Safer Network needs to fix this. :(

  6. #6
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Thank you for reporting this issue.

    It appears that I fixed this issue at only one location while it persisted on another location

    It is now fixed and tested at both locations and the fix will be release with the next detection update scheduled for Wednesday 2009-10-07
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  7. #7
    Senior Member
    Join Date
    May 2006
    Posts
    236

    Default

    Quote Originally Posted by Yodama View Post
    Thank you for reporting this issue.

    It appears that I fixed this issue at only one location while it persisted on another location

    It is now fixed and tested at both locations and the fix will be release with the next detection update scheduled for Wednesday 2009-10-07
    Thank you. I will follow-up if the problem still persists with 10/7/2009 updates.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •