...\Image File Execution Options\taskmgr.exe

[zaphodb777]

Yes, this is/can be a false positive.

I have process explorer from sysinternals installed, and set to replace task manager on my machines, I have downloaded only from microsoft technet, and even old versions of process explorer are tripping the new "Crypt.InfectRansom++" detection.

The installation (manual) directory I have used is: C:\Program Files\ProcessExplorer\ .

I understand the severity of this, if it weren't a benign program, and PE for having a fast update track, would almost be impossible to avoid. So the mistaken identity is completely understood (I am the author of ZB Block, and I know all about false positives... headaches.)

The question is, what can be done?

Zap

[antdude]

Yes, this is/can be a false positive.

I have process explorer from sysinternals installed, and set to replace task manager on my machines, I have downloaded only from microsoft technet, and even old versions of process explorer are tripping the new "Crypt.InfectRansom++" detection.

The installation (manual) directory I have used is: C:\Program Files\ProcessExplorer\ .

I understand the severity of this, if it weren't a benign program, and PE for having a fast update track, would almost be impossible to avoid. So the mistaken identity is completely understood (I am the author of ZB Block, and I know all about false positives... headaches.)

The question is, what can be done?

Zap

Ahh! I used PE!

[Yodama]

Thanks for the additional info.

I forgot to tell you that the next detection update scheduled for Wednesday 2012-07-25 will fix this issue. I changed a dependency in the detection.

[antdude]

Thanks for the additional info.

I forgot to tell you that the next detection update scheduled for Wednesday 2012-07-25 will fix this issue. I changed a dependency in the detection.

Thanks! I have restore my quarantined registry key entry then.

[rob84]

i got that just a minute ago crypt.infectRansom

exact same location

I didnt have any problem with my computer and i installed a microsoft word program ealier so i think thats it.

I also have procexp64

no problems i could find.

[zdolar]

Hi!

I confirm that false positive. Frightened me a lot.

Looks like any change of that registry entry from Windows default cause that false positive.
On last Sunday I've got that from installed Process Explorer mentioned and that ruin my free day.
Today I tested ProcessHacker from http://processhacker.sourceforge.net/ which is "cousin" of PE and also enable "Replace Task Manager".
And HEY, yes the same False Positive reappear.

So SB team please narrow search of a Malware in that particular two registry keys.

Regardless of above I give 10 of 10 point for Spybot.
I use it for a very long time and hard to wait for a new version now in beta.

Regards!

[antdude]

Hi!

I confirm that false positive. Frightened me a lot.

Looks like any change of that registry entry from Windows default cause that false positive.
On last Sunday I've got that from installed Process Explorer mentioned and that ruin my free day.
Today I tested ProcessHacker from http://processhacker.sourceforge.net/ which is "cousin" of PE and also enable "Replace Task Manager".
And HEY, yes the same False Positive reappear.

So SB team please narrow search of a Malware in that particular two registry keys.

Regardless of above I give 10 of 10 point for Spybot.
I use it for a very long time and hard to wait for a new version now in beta.

Regards!

They said they fixed it for tomorrow's updates. Let's try again tomorrow!

[antdude]

Thanks for the additional info.

I forgot to tell you that the next detection update scheduled for Wednesday 2012-07-25 will fix this issue. I changed a dependency in the detection.

Confirmed fixed with today's updates. Thanks!