Hello. My name is Tim Harris, and until last week, I was a satisfied silent user of Spybot S'n'D for years. I am perhaps a little paranoid regarding malware. I use MS Windows Defender (part of MS Windows Vista), MalwareBytes' Anti-Malware Pro, and Norton 360 in addition to Spybot S'n'D Portable. I've had no incompatibility issues between the four suites and considered them a very effective team protecting my system. However, on 2013-Nov-14 (Thu) and -15 (Fri), MBAM intercepted suspicious traffic from an Ecatel Ltd server in the Netherlands to SDFSSvc.exe. Ecatel Ltd is notorious for malware contagion. Because MBAM intercepted the traffic and SDFSSvc.exe had not attempted to respond, I took no action other than to scan the file for infection. WinDef, Norton, and MBAM each verified SDFSSvc.exe as "clean/safe." I filed a Product Support claim using the form on the Safer-Networking web site, but I have yet to receive a response.
Starting Friday afternoon, MBAM intercepted suspicious traffic to SDFSSvc.exe, but at 23:59:57, MBAM intercepted suspicious traffic from SDFSSvc.exe to a Voxility server in Romania. Like Ecatel Ltd, Voxility is notorious for malware contagion. Over the next 45 minutes, MBAM intercepted a flurry of incoming and outgoing traffic between SDFSSvc.exe and various blacklisted IP addresses. During this exchange at 00:41:32, Norton stopped an attack on my system by 192.185.100.27 (horseracingtomorrow.co.uk/4) in conjunction with SDFSSvc.exe. Suspicious traffic ceased at 00:48:17. I discovered this about 5:00am Saturday. WinDef, Norton, and MBAM once again each verified SDFSSvc.exe as "clean/safe" so I re-booted in safe mode, expunged my previous Spybot S'n'D Portable installation, downloaded and installed a fresh copy of Spybot S'n'D Portable, and re-scanned with WinDef, Norton, and MBAM. All three assured me my entire system was "clean/safe."
On 2013-Nov-17 (Sun) at 05:33:33, MBAM intercepted more suspicious traffic between SDFSSvc.exe and blacklisted IP addresses. There were 215 such interceptions of incoming and outgoing traffic between then and 12:01:52 when I discovered the activity and immediately quarantined SDFSSvc.exe with Norton. To my amazement, WinDef, Norton, and MBAM -- each with the most up-to-date malware definitions -- still insist SDFSSvc.exe is a "clean/safe" file, but I'm leaving it in quarantine unless/until I am satisfied with an explanation for why it apparently went rogue and at least tried to co-operate with an attack on my system. As far as I am concerned, Safer-Networking has some serious 'splainin' to do. I'm reluctant to give up on Spybot S'n'D after so many years of good service, but this incident has significantly shaken my confidence in the suite. Am I the only person to experience this? Or has SDFSSvc.exe gone rogue on others as well?
SDFSSvc.exe Gone Rogue?
Reply With Quote