Results 1 to 9 of 9

Thread: False positive, maybe

  1. #1
    Junior Member
    Join Date
    Dec 2009
    Posts
    1

    Default False positive, maybe

    Hi, I'm new to this forum, have been using Spybot Search and Destroy for many years.

    I recently updated the definitions (23 December 2009) and I did a full scan, and it found this:

    Fraud.MalwareDefense: [SBI $468EC810] Settings (Registry key, nothing done)
    HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}

    I have done a full virus scan (using Avira), nothing found.

    I did a search on that detection, and some results show up as a component of the ati video card driver (I do have an ati card and it's running the "ccc" driver/software).

    I placed this detection on the ignore list.

    Is this just a false positive?

    Thank you,
    Franko

  2. #2
    Junior Member
    Join Date
    Dec 2009
    Posts
    1

    Default The same: Fraud.MalwareDefense

    Hi Team,

    I have the same issue. The same file (points to C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll) is detected by the most recent S&D update as Fraud.MalwareDefense.

    WinXP SP3, IE8, most recent versions of S&D and updates.


    Fraud.MalwareDefense: [SBI $468EC810] Settings (Registry key, nothing done)
    HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}

    Regards, Leszek

  3. #3
    Junior Member
    Join Date
    Dec 2009
    Posts
    2

    Default

    Hi,

    This also happened to me today and I agree it must be a false positive as I did a clean install of my system last night so it is very doubtful I have picked this up as I have hardly been on the web. I have an ATI graphics card as well.

    Incase you need it:
    Fraud.MalwareDefense: [SBI $468EC810] Settings (Registry key, nothing done)
    HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}

    N.B. KIS, SAS and MBAM do not find anything also nothing in HijackThis log

    Please rectify soon.

    Cheers
    Last edited by codpieceface; 2009-12-23 at 16:39.

  4. #4
    Member of Team Spybot Buster's Avatar
    Join Date
    Oct 2005
    Location
    Bochum/Germany
    Posts
    389

    Default

    Thanks for reporting this. We are currently investigating this issue. More information on this would be very supportive. Please export the key in question and send it to detections@spybot.info Thanks in advance!
    "The advantage of wisdom is that you can always act the fool. The opposite is quite tough."

    K. Tucholsky

    _______________________________________________________________

    Please help us improve Spybot and download our distributed testing client.

  5. #5
    Senior Member
    Join Date
    Oct 2005
    Location
    Germany
    Posts
    5,263

    Default

    Hello,

    We are sorry, this is a false positive in our actual detections.
    We are trying to bring up another update as soon as possible that should fix this.

    Best regards
    Sandra
    Team Spybot

  6. #6
    Junior Member
    Join Date
    Dec 2009
    Posts
    2

    Default

    Hi Buster and spybotsandra,

    Thanks for the quick replies. I have sent the key as per Buster's request.

    Just to give you my 2 cents worth... this is the first time i have used spybot in about 2 years. I am in the process of setting up a dual boot with vista/W7 and I thought I would try some different anti spyware programs on each OS. So finding an FP on my first spybot scan in 2 years is most annoying and I nearly uninstalled it altogether.

    However as you have replied so quickly and appear to be on the case I will stick with it.

    Thanks again,

    Cheers.

  7. #7
    Member of Team Spybot Buster's Avatar
    Join Date
    Oct 2005
    Location
    Bochum/Germany
    Posts
    389

    Default

    An update including the fixed detection file has been released a few minutes ago. Please download the new definition files.
    "The advantage of wisdom is that you can always act the fool. The opposite is quite tough."

    K. Tucholsky

    _______________________________________________________________

    Please help us improve Spybot and download our distributed testing client.

  8. #8
    Junior Member
    Join Date
    Dec 2009
    Posts
    1

    Default Fraud.malwaredefense false positive?

    I've been using Spybot S/D for many months with excellent results. I have the latest version with updates as of 12/23/09. I ran a scan this afternoon and got a Fraud.malewaredefense notice. Spybot was unable to remove it saying it was in memory. I subsequently ran the following spyware/malware programs scans to try and find it. I ran Malewarebytes, McAfee, Norton, Trend, and Spyware doctor. None of them found this problem. I looked in program files and folders and I even looked in the registry-nothing. I ran your RunAlyzer and, again, nothing. I was unable to find any files/ Reg entries that said Malware defense. I've not noticed any PC problems that you would associate with this malware. I really believe I'm getting a false positive. I'm running Vista with both FF 3.5 and IE 7, but, I rarely use IE7. McAfee runs automatically. Your error report says the following: SBI $468EC810 and HKEY_Classes_Root\ClSID\5E212EE. Please tell me if I'm getting a false positive before I have to spend a lot of money with Dell tech support on a bug hunt that maybe unnecessary. Thanks

  9. #9
    Senior Member
    Join Date
    Oct 2005
    Location
    Germany
    Posts
    5,263

    Default

    Hello,

    Please search for updates and download all available ones.

    Best regards
    Sandra
    Team Spybot

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •