Results 1 to 9 of 9

Thread: Two Alleged False Positives - Yobdam.ait

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 2011-12-02, 19:06 #1
    TechDud
    TechDud is offline
    Junior Member
    Join Date
    Oct 2011
    Location
    Canada
    Posts
    18

    Default Two Alleged False Positives - Yobdam.ait

    I have been using these utilities for a while, only recently (as of Nov 30?) has Spybot (perhaps through TeaTimer) 'detected' Yobdam.ait within them.

    Curiously the window popped up titled "Spybot - Search & Destroy", claiming "...has encountered & terminated a process ... listed as part of a malicious (SW)". I was the one to have closed these programs. The windows only popped up after closing the aforementioned utilities.
    Quote Originally Posted by From 'Resident.log
    Dec 02 2011 9:27:26 AM Encountered and terminated Yobdam.ait
    I am using WinXP-SP3, running FF8, Spybot 1.6.2.46, and both files have 'yobdam.ait' detected. I understand that these utilities were written using AutoIT from conversations with one author. In fact, it was through that conversation that Avira (potentially, technically malware itself - more later) corrected a false-positive of their own.
    Quote Originally Posted by AviraVirusLabResponseTeam
    A listing of files alongside their results can be found below:
    File ID Filename Size (Byte) Result
    26330615 FindHwids.v3.2p.exe 416.99 KB FALSE POSITIVE
    26336063 fshash.dll 69.35 KB CLEAN


    Please find a detailed report concerning each individual sample below:
    Filename Result
    FindHwids.v3.2p.exe FALSE POSITIVE

    The file 'FindHwids.v3.2p.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection is removed from our virus definition file (VDF) with the version: 7.11.15.210.

    Filename Result
    fshash.dll CLEAN

    The file 'fshash.dll' has been determined to be 'CLEAN'. Our analysts did not discover any malicious content.
    *Note: I only include the preceding quote for anecdotal reasons, as i cannot directly link to this report, as it uniquely identifies me.

    1) UniExtract available here --> http://legroom.net/software/uniextract
    2) FindHwids_v3.2p available here --> http://forum.driverpacks.net/viewtopic.php?id=3018

    Through this experience, i have lost faith in TeaTimer/Spybot's ability to stop real malware. I still love the 'immunization' function, & I remember with fondness how Spybot found all that spyware in CreativeLabs' driver CD's (et al) years ago.

    Thank you for your consideration.
    Last edited by TechDud; 2011-12-02 at 19:08.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules