Results 1 to 4 of 4

Thread: Spybot Detects 4 Programs as FalsePositive 'AdRotator' Spyware!

  1. #1
    Junior Member
    Join Date
    Apr 2008
    Location
    Central Alberta area, Canada
    Posts
    9

    Thumbs down Spybot Detects 4 Programs as FalsePositive 'AdRotator' Spyware!

    The last 2 scans of my PC by Spybot, has been detecting 4 different legitimate programs as SpywareC called 'AdRotator'. This has to be FalsePositives as I've been using these programs for over 1 year with No problems.

    I have scanned these files with: Avira AV, SUPER AntiSpyware, Malwarebytes, & on-line scans with: Dr Web, McAfee, Kaspersky, plus TotalVirus. None of them were detected with anything bad - They are all Clean!!!

    My O/S: Windows XP Professional - SP3, Default browser: Firefox 3.6.17, Alt.- IE8 (if I have to...), Spybot S&D v1.6.2.46, Last Update: June 08, 2011.

    Here is the last scan results & after fix (which I recovered these files):


    --- Report generated: 2011-06-10 09:02 ---

    AdRotator: [SBI $2E004CBF] Downloaded program file (File, nothing done)
    C:\Documents and Settings\The Reid Clan\XPP2 Temp Downloads\1XPP2 Downloads\Installed Programs\Finjan Secure Browsing\M86SecuritySecureBrowsingSetup-3.007.exe
    Properties.size=594360
    Properties.md5=181ADA04F31ECD9BC7B9D199FAE288A4
    Properties.filedate=1300136704
    Properties.filedatetext=2011-03-14 15:05:04

    AdRotator: [SBI $2E004CBF] Downloaded program file (File, nothing done)
    C:\Documents and Settings\The Reid Clan\XPP2 Temp Downloads\1XPP2 Downloads\Programs on HOLD!\Karens Power Tools\ptzone-setup.exe
    Properties.size=1488496
    Properties.md5=CBB31209994AE1D58228F00E2D10737F
    Properties.filedate=1269389672
    Properties.filedatetext=2010-03-23 18:14:32

    AdRotator: [SBI $2E004CBF] Downloaded program file (File, nothing done)
    C:\Documents and Settings\The Reid Clan\XPP2 Temp Downloads\1XPP2 Downloads\Installed Programs\Win Pcap Src v4.1.2\WinPcap_4_1_2.exe
    Properties.size=915920
    Properties.md5=929B7D846B635959201E30B57190284A
    Properties.filedate=1304247112
    Properties.filedatetext=2011-05-01 04:51:52

    AdRotator: [SBI $2E004CBF] Downloaded program file (File, nothing done)
    C:\Documents and Settings\The Reid Clan\XPP2 Temp Downloads\1XPP2 Downloads\Installed Programs\Notepad++\npp.5.8.3.Installer.exe
    Properties.size=4223351
    Properties.md5=BB4CB90176A407FB4450671B4E88E9D5
    Properties.filedate=1289649460
    Properties.filedatetext=2010-11-13 05:57:40

    AdRotator: [SBI $2E004CBF] Downloaded program file (File, nothing done)
    C:\Documents and Settings\The Reid Clan\XPP2 Temp Downloads\1XPP2 Downloads\Installed Programs\Notepad++\npp.5.8.2.Installer.exe
    Properties.size=4095096
    Properties.md5=DB3B3F76CF3FEDC35505B10FD66A90A2
    Properties.filedate=1287224330
    Properties.filedatetext=2010-10-16 04:18:50

    AdRotator: [SBI $2E004CBF] Downloaded program file (File, nothing done)
    C:\Documents and Settings\The Reid Clan\XPP2 Temp Downloads\1XPP2 Downloads\Installed Programs\Notepad++\npp.5.8.1.Installer.exe
    Properties.size=4047892
    Properties.md5=3C9644A2D1BCC48929442923F864B8C9
    Properties.filedate=1285958548
    Properties.filedatetext=2010-10-01 12:42:28

    Common Dialogs: [SBI $2E004CBF] History (37 files) (Registry key, nothing done)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

    Log: [SBI $2E004CBF] Activity: SchedLgU.Txt (Backup file, nothing done)
    C:\WINDOWS\SchedLgU.Txt

    Log: [SBI $2E004CBF] Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemcore.log

    Log: [SBI $2E004CBF] Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemess.log

    Log: [SBI $2E004CBF] Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
    C:\WINDOWS\System32\wbem\logs\wmiprov.log

    MS Management Console: [SBI $ECD50EAD] Recent command list (1 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Microsoft Management Console\Recent File List

    MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

    MS Office 10.0 (Word): [SBI $51FE086C] Recently used documents list (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Office\10.0\Word\Data\Settings

    MS Wordpad: [SBI $4C02334D] Recent file list (1 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

    Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

    Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (5 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

    Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (2 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList

    Windows Explorer: [SBI $2026AFB6] User Assistant history IE (5 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

    Windows Explorer: [SBI $6107D172] User Assistant history files (18 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

    Windows Explorer: [SBI $B7EBA926] Last visited history (6 files) (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

    Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

    Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

    Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Cookie: [SBI $49804B54] Cookie (1) (Cookie, nothing done)


    Cache: [SBI $49804B54] Cache (14) (Cache, nothing done)


    History: [SBI $49804B54] History (1) (History, nothing done)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2010-05-13 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2011-03-18 Includes\Adware.sbi (*)
    2011-05-17 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-12-14 Includes\Dialer.sbi (*)
    2011-03-08 Includes\DialerC.sbi (*)
    2011-02-24 Includes\HeavyDuty.sbi (*)
    2011-03-29 Includes\Hijackers.sbi (*)
    2011-05-16 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2010-12-14 Includes\Keyloggers.sbi (*)
    2011-03-08 Includes\KeyloggersC.sbi (*)
    2011-04-05 Includes\Malware.sbi (*)
    2011-06-07 Includes\MalwareC.sbi (*)
    2011-02-24 Includes\PUPS.sbi (*)
    2011-05-24 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2011-02-24 Includes\Security.sbi (*)
    2011-05-03 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2011-02-24 Includes\Spyware.sbi (*)
    2011-05-31 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti (*)
    2011-05-17 Includes\Trojans.sbi (*)
    2011-05-11 Includes\TrojansC-02.sbi (*)
    2011-05-11 Includes\TrojansC-03.sbi (*)
    2011-06-06 Includes\TrojansC-04.sbi (*)
    2011-06-06 Includes\TrojansC-05.sbi (*)
    2011-06-07 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll

    After Fix:

    --- Report generated: 2011-06-10 09:03 ---

    AdRotator: [SBI $2E004CBF] Downloaded program file (File, fixed)
    C:\Documents and Settings\The Reid Clan\XPP2 Temp Downloads\1XPP2 Downloads\Installed Programs\Finjan Secure Browsing\M86SecuritySecureBrowsingSetup-3.007.exe
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E

    AdRotator: [SBI $2E004CBF] Downloaded program file (File, fixed)
    C:\Documents and Settings\The Reid Clan\XPP2 Temp Downloads\1XPP2 Downloads\Programs on HOLD!\Karens Power Tools\ptzone-setup.exe
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E

    AdRotator: [SBI $2E004CBF] Downloaded program file (File, fixed)
    C:\Documents and Settings\The Reid Clan\XPP2 Temp Downloads\1XPP2 Downloads\Installed Programs\Win Pcap Src v4.1.2\WinPcap_4_1_2.exe
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E

    AdRotator: [SBI $2E004CBF] Downloaded program file (File, fixed)
    C:\Documents and Settings\The Reid Clan\XPP2 Temp Downloads\1XPP2 Downloads\Installed Programs\Notepad++\npp.5.8.3.Installer.exe
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E

    AdRotator: [SBI $2E004CBF] Downloaded program file (File, fixed)
    C:\Documents and Settings\The Reid Clan\XPP2 Temp Downloads\1XPP2 Downloads\Installed Programs\Notepad++\npp.5.8.2.Installer.exe
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E

    AdRotator: [SBI $2E004CBF] Downloaded program file (File, fixed)
    C:\Documents and Settings\The Reid Clan\XPP2 Temp Downloads\1XPP2 Downloads\Installed Programs\Notepad++\npp.5.8.1.Installer.exe
    Properties.size=0
    Properties.md5=D41D8CD98F00B204E9800998ECF8427E

    Common Dialogs: [SBI $2E004CBF] History (37 files) (Registry key, fixed)
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

    Log: [SBI $2E004CBF] Activity: SchedLgU.Txt (Backup file, fixed)
    C:\WINDOWS\SchedLgU.Txt

    Log: [SBI $2E004CBF] Shutdown: System32\wbem\logs\wbemcore.log (Backup file, fixed)
    C:\WINDOWS\System32\wbem\logs\wbemcore.log

    Log: [SBI $2E004CBF] Shutdown: System32\wbem\logs\wbemess.log (Backup file, fixed)
    C:\WINDOWS\System32\wbem\logs\wbemess.log

    Log: [SBI $2E004CBF] Shutdown: System32\wbem\logs\wmiprov.log (Backup file, fixed)
    C:\WINDOWS\System32\wbem\logs\wmiprov.log

    MS Management Console: [SBI $ECD50EAD] Recent command list (1 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Microsoft Management Console\Recent File List

    MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

    MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, fixed)
    HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Direct3D\MostRecentApplication\Name

    MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

    MS Office 10.0 (Word): [SBI $51FE086C] Recently used documents list (Registry value, fixed)
    HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Office\10.0\Word\Data\Settings

    MS Wordpad: [SBI $4C02334D] Recent file list (1 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

    Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

    Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (5 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

    Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (2 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList

    Windows Explorer: [SBI $2026AFB6] User Assistant history IE (5 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

    Windows Explorer: [SBI $6107D172] User Assistant history files (18 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

    Windows Explorer: [SBI $B7EBA926] Last visited history (6 files) (Registry key, fixed)
    HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

    Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, fixed)
    HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

    Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, fixed)
    HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

    Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, fixed)
    HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

    Cookie: [SBI $49804B54] Cookie (1) (Cookie, fixed)


    Cache: [SBI $49804B54] Cache (14) (Cache, fixed)


    History: [SBI $49804B54] History (1) (History, fixed)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2010-05-13 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2011-03-18 Includes\Adware.sbi (*)
    2011-05-17 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-12-14 Includes\Dialer.sbi (*)
    2011-03-08 Includes\DialerC.sbi (*)
    2011-02-24 Includes\HeavyDuty.sbi (*)
    2011-03-29 Includes\Hijackers.sbi (*)
    2011-05-16 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2010-12-14 Includes\Keyloggers.sbi (*)
    2011-03-08 Includes\KeyloggersC.sbi (*)
    2011-04-05 Includes\Malware.sbi (*)
    2011-06-07 Includes\MalwareC.sbi (*)
    2011-02-24 Includes\PUPS.sbi (*)
    2011-05-24 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2011-02-24 Includes\Security.sbi (*)
    2011-05-03 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2011-02-24 Includes\Spyware.sbi (*)
    2011-05-31 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti (*)
    2011-05-17 Includes\Trojans.sbi (*)
    2011-05-11 Includes\TrojansC-02.sbi (*)
    2011-05-11 Includes\TrojansC-03.sbi (*)
    2011-06-06 Includes\TrojansC-04.sbi (*)
    2011-06-06 Includes\TrojansC-05.sbi (*)
    2011-06-07 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll

    Could someone please tell me why this sudden FalsePositive Spyware detection by Spybot, is happening?

    Look forward to a reply and a fix to these FP's.

    Para

  2. #2
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Thank you for reporting this false positive, it will be fixed with the next detection update scheduled for Wednesday 2011-06-15.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  3. #3
    Junior Member
    Join Date
    Apr 2008
    Location
    Central Alberta area, Canada
    Posts
    9

    Thumbs up Thank you!!!

    Thank you very much for fixing this nuisance. But why would Spybot suddenly start detecting these programs as it did???

    Para




    XP Home/Pro (32-bit) SP3|2GB RAM|2.4Ghz Intel Pentium Dual|NVIDIA GeForce 7050|FF 3.6.17|
    TB 3.1.10|Avira AntiVir 10.0.1.44|PCTFWP 6.0.0.88|SAS 4.52.1|Malwarebytes 1.51|Secunia PSI 2.0|
    WinPatrol Plus 20.5.2011|Spybot S&D 1.6.2.46|A2-Hijack Free 4.0|CCleaner 3.0.7.1457|

  4. #4
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Quote Originally Posted by Para51 View Post
    But why would Spybot suddenly start detecting these programs as it did???

    Para

    Unfortunately false positives some times occur, in this case it was due to a detection rule that targeted a code section which was more generic than believed during analysis.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •