The last 2 scans of my PC by Spybot, has been detecting 4 different legitimate programs as SpywareC called 'AdRotator'. This has to be FalsePositives as I've been using these programs for over 1 year with No problems.
I have scanned these files with: Avira AV, SUPER AntiSpyware, Malwarebytes, & on-line scans with: Dr Web, McAfee, Kaspersky, plus TotalVirus. None of them were detected with anything bad - They are all Clean!!!
My O/S: Windows XP Professional - SP3, Default browser: Firefox 3.6.17, Alt.- IE8 (if I have to...), Spybot S&D v1.6.2.46, Last Update: June 08, 2011.
Here is the last scan results & after fix (which I recovered these files):
--- Report generated: 2011-06-10 09:02 ---
AdRotator: [SBI $2E004CBF] Downloaded program file (File, nothing done)
C:\Documents and Settings\The Reid Clan\XPP2 Temp Downloads\1XPP2 Downloads\Installed Programs\Finjan Secure Browsing\M86SecuritySecureBrowsingSetup-3.007.exe
Properties.size=594360
Properties.md5=181ADA04F31ECD9BC7B9D199FAE288A4
Properties.filedate=1300136704
Properties.filedatetext=2011-03-14 15:05:04
AdRotator: [SBI $2E004CBF] Downloaded program file (File, nothing done)
C:\Documents and Settings\The Reid Clan\XPP2 Temp Downloads\1XPP2 Downloads\Programs on HOLD!\Karens Power Tools\ptzone-setup.exe
Properties.size=1488496
Properties.md5=CBB31209994AE1D58228F00E2D10737F
Properties.filedate=1269389672
Properties.filedatetext=2010-03-23 18:14:32
AdRotator: [SBI $2E004CBF] Downloaded program file (File, nothing done)
C:\Documents and Settings\The Reid Clan\XPP2 Temp Downloads\1XPP2 Downloads\Installed Programs\Win Pcap Src v4.1.2\WinPcap_4_1_2.exe
Properties.size=915920
Properties.md5=929B7D846B635959201E30B57190284A
Properties.filedate=1304247112
Properties.filedatetext=2011-05-01 04:51:52
AdRotator: [SBI $2E004CBF] Downloaded program file (File, nothing done)
C:\Documents and Settings\The Reid Clan\XPP2 Temp Downloads\1XPP2 Downloads\Installed Programs\Notepad++\npp.5.8.3.Installer.exe
Properties.size=4223351
Properties.md5=BB4CB90176A407FB4450671B4E88E9D5
Properties.filedate=1289649460
Properties.filedatetext=2010-11-13 05:57:40
AdRotator: [SBI $2E004CBF] Downloaded program file (File, nothing done)
C:\Documents and Settings\The Reid Clan\XPP2 Temp Downloads\1XPP2 Downloads\Installed Programs\Notepad++\npp.5.8.2.Installer.exe
Properties.size=4095096
Properties.md5=DB3B3F76CF3FEDC35505B10FD66A90A2
Properties.filedate=1287224330
Properties.filedatetext=2010-10-16 04:18:50
AdRotator: [SBI $2E004CBF] Downloaded program file (File, nothing done)
C:\Documents and Settings\The Reid Clan\XPP2 Temp Downloads\1XPP2 Downloads\Installed Programs\Notepad++\npp.5.8.1.Installer.exe
Properties.size=4047892
Properties.md5=3C9644A2D1BCC48929442923F864B8C9
Properties.filedate=1285958548
Properties.filedatetext=2010-10-01 12:42:28
Common Dialogs: [SBI $2E004CBF] History (37 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
Log: [SBI $2E004CBF] Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt
Log: [SBI $2E004CBF] Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log
Log: [SBI $2E004CBF] Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: [SBI $2E004CBF] Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
MS Management Console: [SBI $ECD50EAD] Recent command list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Microsoft Management Console\Recent File List
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS Office 10.0 (Word): [SBI $51FE086C] Recently used documents list (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Office\10.0\Word\Data\Settings
MS Wordpad: [SBI $4C02334D] Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (18 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $B7EBA926] Last visited history (6 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Cookie: [SBI $49804B54] Cookie (1) (Cookie, nothing done)
Cache: [SBI $49804B54] Cache (14) (Cache, nothing done)
History: [SBI $49804B54] History (1) (History, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-05-13 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-05-17 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-06-07 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-05-24 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-05-31 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti (*)
2011-05-17 Includes\Trojans.sbi (*)
2011-05-11 Includes\TrojansC-02.sbi (*)
2011-05-11 Includes\TrojansC-03.sbi (*)
2011-06-06 Includes\TrojansC-04.sbi (*)
2011-06-06 Includes\TrojansC-05.sbi (*)
2011-06-07 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
After Fix:
--- Report generated: 2011-06-10 09:03 ---
AdRotator: [SBI $2E004CBF] Downloaded program file (File, fixed)
C:\Documents and Settings\The Reid Clan\XPP2 Temp Downloads\1XPP2 Downloads\Installed Programs\Finjan Secure Browsing\M86SecuritySecureBrowsingSetup-3.007.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
AdRotator: [SBI $2E004CBF] Downloaded program file (File, fixed)
C:\Documents and Settings\The Reid Clan\XPP2 Temp Downloads\1XPP2 Downloads\Programs on HOLD!\Karens Power Tools\ptzone-setup.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
AdRotator: [SBI $2E004CBF] Downloaded program file (File, fixed)
C:\Documents and Settings\The Reid Clan\XPP2 Temp Downloads\1XPP2 Downloads\Installed Programs\Win Pcap Src v4.1.2\WinPcap_4_1_2.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
AdRotator: [SBI $2E004CBF] Downloaded program file (File, fixed)
C:\Documents and Settings\The Reid Clan\XPP2 Temp Downloads\1XPP2 Downloads\Installed Programs\Notepad++\npp.5.8.3.Installer.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
AdRotator: [SBI $2E004CBF] Downloaded program file (File, fixed)
C:\Documents and Settings\The Reid Clan\XPP2 Temp Downloads\1XPP2 Downloads\Installed Programs\Notepad++\npp.5.8.2.Installer.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
AdRotator: [SBI $2E004CBF] Downloaded program file (File, fixed)
C:\Documents and Settings\The Reid Clan\XPP2 Temp Downloads\1XPP2 Downloads\Installed Programs\Notepad++\npp.5.8.1.Installer.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Common Dialogs: [SBI $2E004CBF] History (37 files) (Registry key, fixed)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU
Log: [SBI $2E004CBF] Activity: SchedLgU.Txt (Backup file, fixed)
C:\WINDOWS\SchedLgU.Txt
Log: [SBI $2E004CBF] Shutdown: System32\wbem\logs\wbemcore.log (Backup file, fixed)
C:\WINDOWS\System32\wbem\logs\wbemcore.log
Log: [SBI $2E004CBF] Shutdown: System32\wbem\logs\wbemess.log (Backup file, fixed)
C:\WINDOWS\System32\wbem\logs\wbemess.log
Log: [SBI $2E004CBF] Shutdown: System32\wbem\logs\wmiprov.log (Backup file, fixed)
C:\WINDOWS\System32\wbem\logs\wmiprov.log
MS Management Console: [SBI $ECD50EAD] Recent command list (1 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Microsoft Management Console\Recent File List
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, fixed)
HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS Office 10.0 (Word): [SBI $51FE086C] Recently used documents list (Registry value, fixed)
HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Office\10.0\Word\Data\Settings
MS Wordpad: [SBI $4C02334D] Recent file list (1 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (5 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
Windows Explorer: [SBI $2026AFB6] User Assistant history IE (5 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
Windows Explorer: [SBI $6107D172] User Assistant history files (18 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
Windows Explorer: [SBI $B7EBA926] Last visited history (6 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, fixed)
HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, fixed)
HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, fixed)
HKEY_USERS\S-1-5-21-1454471165-261903793-725345543-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Cookie: [SBI $49804B54] Cookie (1) (Cookie, fixed)
Cache: [SBI $49804B54] Cache (14) (Cache, fixed)
History: [SBI $49804B54] History (1) (History, fixed)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-05-13 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-05-17 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-06-07 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-05-24 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-05-31 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti (*)
2011-05-17 Includes\Trojans.sbi (*)
2011-05-11 Includes\TrojansC-02.sbi (*)
2011-05-11 Includes\TrojansC-03.sbi (*)
2011-06-06 Includes\TrojansC-04.sbi (*)
2011-06-06 Includes\TrojansC-05.sbi (*)
2011-06-07 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Could someone please tell me why this sudden FalsePositive Spyware detection by Spybot, is happening?
Look forward to a reply and a fix to these FP's.
Para