Possible False Positive for Win32.GBDialer\msfeedsync.exe

**StarHopper** · 2010-03-11, 19:29

Hello;
I'm here on advice of your Advisor 'Zenobia', reporting a possible false positive on Msfeedssync.exe encountered yesterday morning.
My experience & a bit of background is detailed in this thread, for reference:
http://forums.spybot.info/showthread...490#post363490

and the other requested info is as follows:
OS: WinXP Home Edition; Ver 2002 Svc Pack 3
Browser: IE8
Spybot S&D: Version 1, 5, 2, 0 :: Latest update Tuesday March 9th 2010 (2 days ago)
Occurance: Upon bootup Wednesday morning March 10th, via 'S&D popup' -- line note from Resident.log:
3/10/2010 7:47:56 AM Encountered and terminated Win32.GBDialer.j in C:\WINDOWS\system32\msfeedssync.exe!

Hopefully that is everything you will require - if more is needed please let me know.

While here, I will submit that the vast majority if not nearly all of the warnings I've received from SBS&D have occurred in conjunction with activities of other security applications I employ (some but not all of which are cited in the thread linked above), & which I trust to be legitimate. Needless to say this has left me somewhat confused & somewhat doubtful as to what's going on with Spybot, & why. I'm hoping you can assuage me in my concerns.

Thanks,
~S*H

**MisterW** · 2010-03-16, 12:52

Hello,
would it be possible to send the flagged file to detections@spybot.info ? So I could try to reproduce the issue.
Additionally it would be very helpful if you could send all logfiles located at c:\documents and setts\all users\application data\spybot - sarch & destroy\logs

Best regards,
Markus
Team Spybot

**StarHopper** · 2010-03-16, 16:48

Hi Markus;
I will be happy to comply, but for clarification, 2 questions.
When you say 'flagged file', are you referring to the "msfeedssync.exe" file itself? I'm pretty sure you are, but want to be positively sure.

And, my real confusion is when you ask for "all...log files". Good grief - there's 5 years+ of various files with 'log' in their filenames in that folder - upwards of 50-60 of 'em!! Plus a similar quantity with '.txt' extension. 150 all told!

The large majority have names like "Checks 070310-0018.log"; about a dozen with similar name except says 'Fixes' instead of 'Checks...'; and I also see 'Resident.log'; 'Update downloads.log'; & 'SDHelper.log' (one of each). Which of these do you want?

Best regards;
StarHopper
11:44 AM 3/16/2010

**Yodama** · 2010-03-24, 10:01

Originally Posted by StarHopper

Hi Markus;
I will be happy to comply, but for clarification, 2 questions.
When you say 'flagged file', are you referring to the "msfeedssync.exe" file itself? I'm pretty sure you are, but want to be positively sure.

yes, Markus was referring to that file.

Originally Posted by StarHopper

And, my real confusion is when you ask for "all...log files". Good grief - there's 5 years+ of various files with 'log' in their filenames in that folder - upwards of 50-60 of 'em!! Plus a similar quantity with '.txt' extension. 150 all told!

The large majority have names like "Checks 070310-0018.log"; about a dozen with similar name except says 'Fixes' instead of 'Checks...'; and I also see 'Resident.log'; 'Update downloads.log'; & 'SDHelper.log' (one of each). Which of these do you want?

Best regards;
StarHopper
11:44 AM 3/16/2010

It appears that the file in question was detected by the TeaTimer, thus we will require the resident.log, please also send the most recent checks and fixes txt files.
The file names contain date and time in this manner ddmmyy-HHMM.

Thread: Possible False Positive for Win32.GBDialer\msfeedsync.exe

Thread Tools

Display

Possible False Positive for Win32.GBDialer\msfeedsync.exe

Posting Permissions