Results 1 to 3 of 3

Thread: wmic.exe - Fraud.Downloader.gen?

  1. #1
    Junior Member
    Join Date
    Feb 2011

    Default wmic.exe - Fraud.Downloader.gen?

    I got THIS alert today immediately after updating Java (using a download link provided by Secunia PSI).

    I am using:
    Windows XP Professional
    Internet Explorer version 8.0.6001.18702
    Firefox version 3.6.13

    I just downloaded Spybot S&D this last week, so it should be the latest version. The last update was earlier today (2/20/11), but as I was updating Java, I realized I forgot to immunize again after updating Spybot; I was going to do so as soon as the Java update was done. But then this happened. I have not touched the alert window as I do not want to tell Spybot to do the wrong thing, so it is still open and waiting for a response. I have googled wmic.exe and it does not seem to be dangerous (or is it?).

    What should I do now? Is this a false positive, or has my computer been infected?

    Thanks in advance!

  2. #2
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005



    thank you for reporting this issue.
    This appears to be a TeaTimer false positive.
    Sometimes other software interferes with the TeaTimer scan which can result in an unreproducible false positive.
    If you have other active security software running in background it may be better to disable the TeaTimer:
    • start Spybot S&D
    • switch to advanced mode
    • navigate to tools - resident
    • uncheck the box for Resident TeaTimer to disable it and remove it from System start
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  3. #3
    Junior Member
    Join Date
    Feb 2011


    Thank you very much for your reply, Yodama! I am relieved to know that it was just a false positive after all. =)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts