Thank you.
Thank you.
Yodama, I have sent my report to you via the email as requested.
After an authentic-looking self-update by Java from V.17 to V.18 on 27th January 2010, A Spybot popup appeared and reported that it had identified the Java Quickstart Process JQS.EXE as Win32.Fraudload. Unfortunately, I can't send you the file as I allowed SBSD to delete it to be on the safe side.
I mention it only so that you can add it to any further reports you may get of SBSD reporting this file as malicious.
I updated to java 6 update 26 today, and within seconds of the update installing I got this.
Encountered and terminated Vario.AntiVirus in C:\Windows\SysWOW64\cmd.exe!
I believe this to be a false positive.
attached is also a hijackthis report.
spybot sd teatimer update was installed on 9/2/2011 version is 1.6.6.32.
--
Edit
How to report Possible False Positives
Reason log was removed: Please don't post Malware logs in the Spybot forums, thanks :-)
Last edited by tashi; 2011-09-29 at 17:23. Reason: Removed HJT log, added links. Thanks for reporting. :-)
Murphy's law, according to Danial Jackson of stargate sg-1:
1-Murphy's law said: Anything that can go wrong will go wrong.2-And Jackson’s law said: Anything that cannot go wrong will always go wrong.
Hello there is no Spybot S&D detection rule which detects the file. The information you provided on the file suggests that it is a legit file.
Since you are using another security software it is very likely that you are also using the live protection provided by that security software. In that case you should deactivate Teatimer since more than one live protection can cause low performance and like in this case errors during live protection scans.
The main scanners are usually not affected.
To disable the TeaTimer do the following:
start Spybot S&D
switch to advanced mode
navigate to tools - resident
uncheck the checkbox for Resident TeaTimer to shutdown TeaTimer and remove it from system start
thanks for the very much welcome reassurances that it was a false positive.
I'll have to keep teatimer active since my antivirus doesnt include a live resident shield service of any kind. (panda cloud antivirus basic protection)
I'll admit I panicked for a long moment when it spat out that false positive, lol.
anyways, thanks for the help and reassurances.
Murphy's law, according to Danial Jackson of stargate sg-1:
1-Murphy's law said: Anything that can go wrong will go wrong.2-And Jackson’s law said: Anything that cannot go wrong will always go wrong.
Don't know if you guys are still using this thread anymore for false positives by the teatimer, but I did have one today.
versions of the program are the same as mentioned in the first post of the thread. I can't remember when it was installed.
During a routine update of malwarebytes Anti-Malware, the teatimer popped up with a notice that it terminated c:\windows\system32\regsvr32.exe claiming that the file was part of "Moozy" and wanted to delete the file all together.
This is definitely a false positive as I checked the file mentioned, and it's the Microsoft Register Server installed with windows XP SP3. I also looked up Moozy on your forums, and that file is never mentioned as part of the removal process.
No and Spybot S&D found absolutely nothing when a scan was run.
Then this appears to be the TeaTimer bug which randomly occurs after updates without restarting the TeaTimer. A safe way restart the TeaTimer is to reboot the computer.
Since development of Spybot 1.6 has been ended in favor of Spybot 2, it is unlikely that this bug will be fixed.