@Wayne_D
please make sure to have the most recent detection updates installed and restart the Teatimer or the computer after that update.
The adobe airshareinstaller.exe should be excluded by digital signature whitelist.
@Wayne_D
please make sure to have the most recent detection updates installed and restart the Teatimer or the computer after that update.
The adobe airshareinstaller.exe should be excluded by digital signature whitelist.
Hi, I use erunt 1.1j for a long time, teatimer never found anything.
I updated S&D yesterday (rules from 24.06.2009). Today I got a teatimer-message (autoback starts with a batch file and following command line:
C:\Programme\ERUNT\AUTOBACK.EXE %systemroot%\ERDNT\#Date#_#Time# /days:3 /alwayscreate /noconfirmdelete /noprogresswindow)
29.06.2009 09:45:15 Encountered and terminated Win32.Agent.Bbzv in C:\Programme\ERUNT\AUTOBACK.EXE!
My OS is windows XP home SP3. I send you autoback.exe attached as a zip file.
@rasmus
I can confirm the false positive with
C:\Programme\ERUNT\AUTOBACK.EXE
it will be corrected with the detection update scheduled for 2009-07-01,
after the update make sure to restart the TeaTimer or the computer.
Hi
TeaTimer found this.
Log:
JR"03-10-2009 22:05:18 Allowed (based on user decision) value "swg" (new data: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe") Changed in System Startup user entry!
03-10-2009 22:05:18 Encountered and terminated MorpheusToolbar in C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe!
03-10-2009 22:05:35 Allowed (based on user decision) value "swg" (new data: ""C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"") Changed in System Startup user entry!"
Please make sure to fully update and upgrade Spybot S&D , then reboot your computer.
If the GoogleUpdaterService.exe should still be detected falsely please email it to detections@spybot.info with a reference to this thread.
Hi Yodama
Spybot S&D was updated. I had just made a reinstall of Spybot S&D, and rebooted, a few hours earlier (keeping app-data). I didn't delete the file and I haven't had any warnings later.
The program, GoogleToolbarNotifier.exe, has a valid certificate. That is why I think it was a false positive.
JR
thank you for these additional information, if you have not done so please email the GoogleToolbarNotifier.exe to detections@spybot.info with a reference to this thread so we can check if the file has a new digital signature which needs to be added to our white list.
Hi Yodama
First I apologize for mixing up two programs. As I wrote in my first post it was "GoogleUpdaterService.exe" not "GoogleToolbarNotifier.exe" that caused the warning.
I have just sent the program to you.
If anything like this should happen again with another program, wouldn't it be easier just to send the certificate instead of the program? If so, which format would you prefer?
JR
Thank you for sending in the file, I have checked the digital signature and the file and added the signature to our white list.
In similar cases it would be better to send in the whole file and not only the certificate. Depending on the certificate it is not only important that the certificate itself is valid it is also important that the certificate belongs to the file it was attached to.
Having the file in question also allows us to check for a reason why it was flagged falsely in the first place.