Results 1 to 2 of 2

Thread: TeaTimer claims Morpheus Toolbar in WMIADAP.EXE

  1. 2010-02-15, 16:16 #1
    ky331
    ky331 is offline
    Member
    Join Date
    Jun 2007
    Posts
    35

    Default TeaTimer claims Morpheus Toolbar in WMIADAP.EXE

    DELL Inspiron E1505
    Windows XP Pro
    SpyBot 1.6.2.46 (detection updates 2/10/2010)
    Systems Setting Protector 1.6.6.32

    Based on a long-time insecurity reported in Secunia PSI, I finally decided to upgrade my Intel Wireless 3945ABG software from version 10.x to 11.5.x, using the DELL proprietary driver upgrade:
    Intel_multi-device_A13_R171131.exe
    I downloaded/saved the file, and ran it, to exact all its files... after which, it automatically began to install them (replacing my existing version).
    During the process, I received several alerts from TeaTimer, which (after reading/considering) I allowed...
    however, there was one disconcerting WARNING from TeaTimer that it
    Encountered and terminated MorpheusToolbar in \\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE!

    To assist you, here is the complete TeaTimer resident log:
    2/15/2010 8:55:16 AM Allowed (based on lassh blacklist) value "IntelWireless" (new data: "") deleted in System Startup global entry!
    2/15/2010 8:55:26 AM Allowed (based on user decision) value "IntelZeroConfig" (new data: "") deleted in System Startup global entry!
    2/15/2010 8:57:42 AM Allowed (based on lassh blacklist) value "IntelZeroConfig" (new data: ""C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"") added in System Startup global entry!
    2/15/2010 8:57:50 AM Encountered and terminated MorpheusToolbar in \\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE!
    2/15/2010 8:58:57 AM Allowed (based on user decision) value "IntelWireless" (new data: ""C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless") added in System Startup global entry!


    My concern is whether or not TeaTimer automatically intercepting and terminating the process might have any adverse impact on the installation/updating of my wireless drivers??? Suffice it to say that they appear to be working correctly.

    I have uploaded the file wmiadap.exe to VirusTotal and it reports to be clean:
    http://www.virustotal.com/analisis/a...e38-1266245159
    Reply With Quote Reply With Quote
  2. 2010-02-16, 10:10 #2
    Yodama
    Yodama is offline
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    hello,

    TeaTimer stops the execution of a file it detects as malicious but it waits for user confirmation before actually terminating and/or deleting the file.
    In your case you allowed the file thus the installation of your wireless drivers was not compromised.

    It appears that the TeaTimer sometimes shows not reproducible false positives.
    Currently it is not quite clear if other software is interfering with the TeaTimer scan or if there are other reasons for this issue.
    If you are running several security software, make sure that only one active protection feature runs at a time.
    In case you want to deactivate the TeaTimer you can do this in Spybot S&D advanced mode in Tools - Resident.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules