Hi, I run cygwin and use sshd religiously. Spybot just recently identified /usr/bin/cygrunsrv.exe as "Bredolab.fb". I don't know if the file is infected or if this is a false positive. I will send my cygrunsrv file to detections(at)spybot.info so it can be analyzed.
-OS: Windows XP SP3 (all latest updates)
-Browser: Firefox, IE8, Chrome (all most recent versions)
-Spybot: v1.6.2 - Updated today
-Occurrence: on startup. I guess this is teatimer? because I wasn't running a scan with spybot.
Resident log:
10/16/2010 2:37:41 PM Encountered and terminated Bredolab.fb in C:\cygwin\bin\cygrunsrv.exe!
10/16/2010 4:49:23 PM Encountered and terminated Bredolab.fb in C:\cygwin\bin\cygrunsrv.exe!
If I left anything out, please let me know.
Best,
Ben
-bjf
--------------------------------------
http://forums.spybot.info/showthread.php?t=59962