Results 1 to 5 of 5

Thread: truly negative false positives

  1. #1
    Junior Member
    Join Date
    Sep 2006
    Posts
    2

    Default truly negative false positives

    Having run spybot earlier, I removed 45 tracking cookies from firefox. I've looked over the log from that (as well as looked over the actual results in the S&D program two hours ago) and they all were definitely cookies; Legitimate results. Also removed was the default C:\WINDOWS\WEB\RELATED.HTM - no big deal, it's all good.

    Then I updated the 'Advanced detection library', 'Detection rules', 'Detection support library', 'English descriptions', 'English help', 'English help for TeaTimer', 'English ' & 'Immunization database' and ran the 'Check for problems' again.
    [9/24/2006 11:22:54 PM Downloaded update info file. (http://www.safer-networking.org/updates/spybotsd.ini)]

    This time I got seven more "problems" as listed below. I searched through these forums just a little bit but didn't find much that helped. Maybe you (somebody) can correct this update or tell me something I don't know?

    AdvancedSearchBar: Class ID (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Vicman Software
    (this is actually ""hxxp://www.freedownloadmanager.org/" Free Download Manager" which is no spyware but very good software; it even sports a SOFTPEDIA "100% FREE" AWARD)

    CoolWWWSearch: Bookmark (Firefox: default) (Bookmark, nothing done)
    (this is actually only a bookmark to Word Detective)

    Unknown: Bookmark (Firefox: default) (Bookmark, nothing done)
    (this bookmark is to The Freenet Project)

    CoolWWWSearch: Bookmark (Firefox: default) (Bookmark, nothing done)
    (this bookmark is a search for plugins at http://opera.com)

    Winsoftware.WinAntiVirusPro2006: Bookmark (Firefox: default) (Bookmark, nothing done)
    (this bookmark is for 'Columbia Encyclopedia - Bartleby.com' )

    Vcodec.eMedia: Bookmark (Firefox: default) (Bookmark, nothing done)
    (this bookmark is for http://www.harvard.edu )

    Smitfraud-C.: Bookmark (Firefox: default) (Bookmark, nothing done)
    (this bookmark is Franklin Institute Online )

    SpywareQuake: Bookmark (Firefox: default) (Bookmark, nothing done)
    (this bookmark is for the Crystal VST audio plugin )

    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2006-09-23 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2006-02-06 advcheck.dll (1.0.2.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2006-02-20 Tools.dll (2.0.0.2)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2006-09-22 Includes\Cookies.sbi (*)
    2006-09-22 Includes\Dialer.sbi (*)
    2006-09-22 Includes\Hijackers.sbi (*)
    2006-09-22 Includes\Keyloggers.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2006-09-22 Includes\Malware.sbi (*)
    2006-09-22 Includes\PUPS.sbi (*)
    2006-09-22 Includes\Revision.sbi (*)
    2006-09-22 Includes\Security.sbi (*)
    2006-09-22 Includes\Spybots.sbi (*)
    2005-02-17 Includes\Tracks.uti
    2006-09-22 Includes\Trojans.sbi (*)

    thanks,
    -Dan
    Last edited by Buster; 2006-09-25 at 10:27. Reason: Disabled link

  2. #2
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    hi,

    AdvancedSearchBar: Class ID (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Vicman Software

    is a false positive and will be removed from detection with the next update, sceduled for the end of the week.

    the bookmarks appear to be falsely flagged as well, but I have not been able to recreate the false positives with your info about them.
    please provide info about the bookmarks, like how you named them in the browser and the name of the folder they are.


    please note that freedownloadmanager seems to be ok, but the website provides links to a lot of bad downloads such as trojans, thus we disabled the link to freedownloadmanagers website.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  3. #3
    Junior Member
    Join Date
    Sep 2006
    Posts
    2

    Default

    CoolWWWSearch: Bookmark (Firefox: default) (Bookmark, nothing done)
    Name:Word Detective
    Location:
    http://www.word-detective.com/
    Folder: Bookmarks/REF/Dictionary/language

    Unknown: Bookmark (Firefox: default)
    Name: The Freenet Project - index - beginner
    Location: http://www.freenetproject.org/
    Folder: Bookmarks/REF/DICTIONARY/language

    CoolWWWSearch: Bookmark (Firefox: default)
    Name: Opera KB - plugins search
    Location: http://www.opera.com/support/search/...latform=winnew
    Folder: Bookmarks/Opera/Opera/voice

    Winsoftware.WinAntiVirusPro2006: Bookmark (Firefox: default)
    Name: Columbia Encyclopedia - Bartleby.com
    Location: http://www.bartleby.com/65/
    Folder: Bookmarks/REF/ENCYCLOPEDIA

    Vcodec.eMedia: Bookmark (Firefox: default)
    Name: Harvard
    Location: http://www.harvard.edu/
    Folder: Bookmarks/REF/Research

    Smitfraud-C.: Bookmark (Firefox: default)
    Name: Franklin Institute Online
    Location: http://www.fi.edu/
    Folder: Bookmarks/REF/Science

    SpywareQuake: Bookmark (Firefox: default)
    Name: Crystal VST
    Location: http://www.greenoak.com/crystal/
    Folder: Bookmarks/WHTT
    -------------------------
    just did another scan that didn't include the bookmarks but only:

    AdvancedSearchBar: Class ID (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Vicman Software

    ("Free Download Manager")

  4. #4
    Junior Member
    Join Date
    Oct 2006
    Posts
    1

    Default Why is it named AdvancedSearchBar?

    My product is named Advanced Searchbar (it can be found at http://www.advancedsearchbar.com), which has absolutely no spyware, no adware, no malware but some people are going to be confused with whatever you are detecting being named the same as my toolbar. An example can be found here http://www.download.com/Advanced-Sea...tml?tag=tab_ur

    Please rename it so that it's not confused with my toolbar.

    Thank you,
    Gerald O'Dea
    Advanced Search Technologies, Inc.

  5. #5
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    Quote Originally Posted by /advanced Searchbar View Post
    Please rename it so that it's not confused with my toolbar.
    There is no longer a detection within Spybot-S&D named "AdvancedSearchBar". It was removed with the 2006-09-29 updates.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •