-
Another cygrunsrv False positive?
Hi, I run cygwin and use sshd religiously. Spybot just recently identified /usr/bin/cygrunsrv.exe as "Bredolab.fb". I don't know if the file is infected or if this is a false positive. I will send my cygrunsrv file to detections(at)spybot.info so it can be analyzed.
-OS: Windows XP SP3 (all latest updates)
-Browser: Firefox, IE8, Chrome (all most recent versions)
-Spybot: v1.6.2 - Updated today
-Occurrence: on startup. I guess this is teatimer? because I wasn't running a scan with spybot.
Resident log:
10/16/2010 2:37:41 PM Encountered and terminated Bredolab.fb in C:\cygwin\bin\cygrunsrv.exe!
10/16/2010 4:49:23 PM Encountered and terminated Bredolab.fb in C:\cygwin\bin\cygrunsrv.exe!
If I left anything out, please let me know. 
Best,
Ben
-bjf
--------------------------------------
http://forums.spybot.info/showthread.php?t=59962
Last edited by tashi; 2010-10-17 at 04:22.
Reason: Added link to malware forum topic
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Reply With Quote