Results 1 to 3 of 3

Thread: False detection of "BPSSpywareRemover" ?

  1. #1
    Junior Member
    Join Date
    Sep 2023
    Posts
    1

    Default False detection of "BPSSpywareRemover" ?

    Hi, S&D is reporting detection of BPSSpywareRemover as Level 10 Threat.

    Log:
    BPSSpywareRemover: [SBI $56D821C1] Type library (Registry Key, nothing done)
    HKEY_CLASSES_ROOT\TypeLib\{602E2CE0-53F7-11D2-A7F4-00A0C91110C3}
    Category=Malware
    ThreatLevel=10


    The registry entry referred to contains only:

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\TypeLib\{602E2CE0-53F7-11D2-A7F4-00A0C91110C3}]

    [HKEY_CLASSES_ROOT\TypeLib\{602E2CE0-53F7-11D2-A7F4-00A0C91110C3}\1.0]
    @="API calls used for threading"

    [HKEY_CLASSES_ROOT\TypeLib\{602E2CE0-53F7-11D2-A7F4-00A0C91110C3}\1.0\0]

    [HKEY_CLASSES_ROOT\TypeLib\{602E2CE0-53F7-11D2-A7F4-00A0C91110C3}\1.0\0\win32]
    @="C:\\Windows\\SysWow64\\Threadapi.TLB"

    [HKEY_CLASSES_ROOT\TypeLib\{602E2CE0-53F7-11D2-A7F4-00A0C91110C3}\1.0\FLAGS]
    @="0"

    [HKEY_CLASSES_ROOT\TypeLib\{602E2CE0-53F7-11D2-A7F4-00A0C91110C3}\1.0\HELPDIR]
    @="C:\\Windows\\system32"

    Kaspersky & VirusTotal both report file "Threadapi.TLB" as Clean.

    Further checking: None of the filenames referenced to in Thread "Manual Removal Guide for BPSSpywareRemover" https://forums.spybot.info/showthrea...SpywareRemover are present anywhere on my system.

    Environment:
    HW: AMD Ryzen 9 7950, MB: MSI MPG X670E, Mem: 64GB
    OS: Windows 11 Pro (Insider Dev release, latest)
    AV: Kaspersky Total Security

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,987

    Default

    Hello MikeSW17,

    Thank you for reporting, I will flag this, also please open a ticket here.

    Regards,
    tashi
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Member of Team Spybot roberto's Avatar
    Join Date
    Oct 2005
    Posts
    61

    Default Confirmed. We will remove this rule

    Hello MikeSW17,

    Confirmed. This typelib rule is a FP, we will remove this item from the signature database this week on Wednesday.
    Thanks for reporting.

    Kind regards,
    roberto.
    Please help us improving Spybot and download our distributed testing client.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •