Results 1 to 2 of 2

Thread: spysheriff in registry

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Oct 2015
    Posts
    1

    Default spysheriff in registry

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Forcedesktopon

    Is it possible that my Spybot log is listing a false positive in this registry key? I am forcing active desktop. There are no other signs of any malware other than this one entry. I've tried removing my forced entry to see if I get the spysheriff desktop message and I don't. As soon as I apply the active desktop policy and run Spybot, it's back. I've also tried changing the value myself with the same result.

    My thought is that forcing the desktop is a symptom of spysheriff so it is reported that way but if I have no other signs, it's a false positive.

    Thank you.

  2. #2
    Member of Team Spybot roberto's Avatar
    Join Date
    Oct 2005
    Posts
    59

    Default Reviewed and identified as FP

    Hello nespony05,

    we can confirm, that flagging this key...

    Quote Originally Posted by nespony05 View Post
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Forcedesktopon
    without other SpySheriff items found is a fp (false positive). We will fix this in the next update. Thanks for reporting this.

    Kind regards,
    roberto.
    Please help us improving Spybot and download our distributed testing client.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •