Is this a FP?

**one111** · 2006-12-01, 14:46

I have SpyBot 1.4 with the latest updates 2006-12-01

I just did a span and found the following which SpyBot identified as Smitfraud-C

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Shared\Access\Parameters\FirewallPolicy\StandardProfile\Authorized\Applications\List\C:\Windows\scvhost.exe

Is this a FP? I'm asking because no other software seems to spot it
(CounterSpy, AVG, Kaspersky)

Thanks.

**Yodama** · 2006-12-01, 15:13

hello ,

it is not a false positive, your computer is infected.

the correct path and name for the legit file is c:\windows\system32\svchost.exe

observe the letters carefully , this is often done to make the trjoans look like legit files.

this infection enables Smitfraud-C. to pass your Windowsfirewall

**one111** · 2006-12-01, 15:20

You guys are the greatest!

**tashi** · 2006-12-01, 17:42

If you would like someone to take a look at logs and assist you in the removal of any malware that might be present on the System, please follow the procedure in this link:
"BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D

Then start your own thread in the Malware Removal Forum

Cheers.

Thread: Is this a FP?

Thread Tools

Display

Is this a FP?

Thanks!

Posting Permissions