Results 1 to 2 of 2

Thread: "Spybot - Search & Destroy©® 2.0.9 RC1" - (Rootkit Scan) False Positives

  1. #1
    Junior Member
    Join Date
    Jul 2012
    Posts
    1

    Default "Spybot - Search & Destroy©® 2.0.9 RC1" - (Rootkit Scan) False Positives

    About 30 minutes prior to posting this Thread, I downloaded the 2.0.9 RC1 of Spybot S&D. While the basic scans did not detect any threats, the rootkit scanner picked up some "suspicious" files.

    These "suspicious" files originated from my Macbook, the files being movies. Which had been downloaded using uTorrent and, also recorded using Skype. File specific details included;

    'AFP_afpInfo:$DATA (Unknown ADS)',
    'com.apple.quarantine:$DATA (Unknown ADS)',
    'com.apple.metadata - kMDItemWhereFroms:$DATA (Unknown ADS)'
    'com.apple.metadata - kMDItemFinderComment:$DATA (Unknown ADS)

    Also in the rootkit scan, Im receiving a 'No Admin in ACL'. Which was generated by scanning a preloaded program (Nero 10).

    As well, the rootkit scanner is flagging 'BOOTSECT.BAKox' due to it being 'Invisible to Win32'.

    I believe the majority of these results, to be False Positives and, Should be somehow interpreted as such in the Scan Results. Or, furthermore ignored by the rootkit scanner entirely. Not being familiar with this RC, I could be incorrect in my findings and, would appreciate any expert advice or comments relating to these results.

    *Note - RC1 is incompatible with the infamous web based software scanning giant 'VirusTotal' due to its size. Not that 'Safer-Networking' or any of its authors would take advantage of its trusting users. Though, perhaps the installer file size could be modified to appease 'VirusTotal'? As I and, numerous other users probably don't like to rely on the definitions of a single AV to protect our "investment" being our computers. No offence intended.
    Last edited by Warden; 2012-07-29 at 10:50.

  2. #2
    Member of Team Spybot PepiMK's Avatar
    Join Date
    Oct 2005
    Location
    Planet Earth
    Posts
    3,601

    Default

    We're going to whitelist the Apple ADS streams unless they're executable.

    Please keep in mind that the rootkit scanner only flags suspicious stuff, not identifying just bad stuff. A hidden bootsector copy sounds like a bad thing, and "No admin in ACL" might be fine - or might be not.

    As for the download size, reducing size is on our list, the route to that is planed, though it will probably not happen in 2.0.
    Just remember, love is life, and hate is living death.
    Treat your life for what it's worth, and live for every breath
    (Black Sabbath: A National Acrobat)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •