"Phoenix" False Positive

[Elandril]

Since the 2005-11-25 update, Spybot identifies a file "C:\Windows\setup1.exe" on my computer as "Phoenix", but I'm reasonably sure that I don't have any keylogger on my system (as I scan daily with spybot, ad-aware and two antivirus apps). The file itself has a version information that says something like "Microsoft Visual Basic 6.0 Setup Toolkit" (Version 6.0.0.8171, Size 286.720 Bytes).

After some searching around, I'm fairly sure now, that this is an false positive!
Have a look at here, where they describe exactly the same file that was found on my computer.
I also scanned it via virusscan.jotti.org and every scanner reported a clean file!

What criteria is the Phoenix detection based upon?
Are there any documents describing this keylogger?

[the.basement]

I deleted the file, but want to know the outcome of this topic.



sorry for me English.
it is not my mother language.
:p

[Buster]

@ Elandril:
Thanks for reporting this false positive. It will be fixed in the next update.

@ the.basement:
If you want to restore the file, you can do this by using Spybot´s recovery feature. Just run Spybot and select "recovery" on the left. Now open "Phoenix", select "setup1.exe" and click on "recover selected items".

[the.basement]

I know the way, but thank you for the support.
the file is also clean and i will restore the file.

I hope that the update restore the file by it self.
Many people use this programm and don't know this "problem".

sorry for me English.
it is not my mother language.
:p

[GladToBeGrey]

I've hit this problem with the Shareware Earthwatch software (http://www.elanware.com/) installation. Again, I'm reasonably sure this software is clean.

If this false positive is going to be fixed in the new release, when's that due out? (Currently running S&D 1.4). Been very happy with Spybot to date, and recommended it to others.

[Buster]

The next update will be available tomorrow!:D