Results 1 to 3 of 3

Thread: Another cygrunsrv False positive?

  1. #1
    Junior Member
    Join Date
    Oct 2010
    Posts
    13

    Default Another cygrunsrv False positive?

    Hi, I run cygwin and use sshd religiously. Spybot just recently identified /usr/bin/cygrunsrv.exe as "Bredolab.fb". I don't know if the file is infected or if this is a false positive. I will send my cygrunsrv file to detections(at)spybot.info so it can be analyzed.

    -OS: Windows XP SP3 (all latest updates)
    -Browser: Firefox, IE8, Chrome (all most recent versions)
    -Spybot: v1.6.2 - Updated today
    -Occurrence: on startup. I guess this is teatimer? because I wasn't running a scan with spybot.

    Resident log:
    10/16/2010 2:37:41 PM Encountered and terminated Bredolab.fb in C:\cygwin\bin\cygrunsrv.exe!
    10/16/2010 4:49:23 PM Encountered and terminated Bredolab.fb in C:\cygwin\bin\cygrunsrv.exe!

    If I left anything out, please let me know.

    Best,
    Ben
    -bjf
    --------------------------------------
    http://forums.spybot.info/showthread.php?t=59962
    Last edited by tashi; 2010-10-17 at 05:22. Reason: Added link to malware forum topic

  2. #2
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    hello,

    thank you for reporting this false positive.
    It has been confirmed and will effectively removed from detection with the update scheduled for Wednesday 2010-10-20
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  3. #3
    Junior Member
    Join Date
    Oct 2010
    Posts
    13

    Default

    Thanks Yodama!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •