Aldelphia DL in beta.sbi wrongly flags legit bookmarks

R

Rosenfeld

Esteemed Member
Alpha Testers
The latest beta.sbi (2006-13-10)

Flags three of my bookmarks under Adelphia DL:

http://users.adelphia.net/~suzshook/8scripts.htm
http://users.adelphia.net/~suzshook/
http://users.adelphia.net/~suzshook/10tips.htm

Suz is a highly respected and experienced user of Paint Shop Pro and these are bookmarks to her pages. They are perfectly legitimate and do not offer/download anything malicious, to the contrary she offers useful tips and scripts for paint shop pro users.

I rank this as a FP, whatever Adelphia DL is supposed to be.


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-06-01 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-10-13 Includes\Beta.sbi (*)
2005-02-16 Includes\Beta.uti
2006-10-13 Includes\Cookies.sbi (*)
2006-10-13 Includes\Dialer.sbi (*)
2006-10-13 Includes\DialerC.sbi (*)
2006-10-13 Includes\Hijackers.sbi (*)
2006-10-13 Includes\HijackersC.sbi (*)
2006-10-13 Includes\Keyloggers.sbi (*)
2006-10-13 Includes\KeyloggersC.sbi (*)
2006-10-13 Includes\Malware.sbi (*)
2006-10-13 Includes\MalwareC.sbi (*)
2006-10-13 Includes\PUPS.sbi (*)
2006-10-13 Includes\PUPSC.sbi (*)
2006-10-13 Includes\Revision.sbi (*)
2006-10-13 Includes\Security.sbi (*)
2006-10-13 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-10-13 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2006-10-13 Includes\Trojans.sbi (*)
2006-10-13 Includes\TrojansC.sbi (*)
 
I can see them all,but they're in restricted sites.Maybe adelphia is in your hosts file.
 
Zenobia, you're right!!!

I can't get to users.adelphia.net because it is in my HOSTS file. The entry in my HOSTS file was added by Spybot with the 2006-10-13 updates. There are three (3) entries containing "adelphia.net" among the 100 entries added to Spybot's HOSTS file with the 2006-10-13 updates:
  • users.adelphia.net
  • www.adelphia.net
  • adelphia.net
*************

ps: Added with edit.

The same three (3) sites were added to the restricted zone by Spybot's immunization process with the 2006-10-13 update:
  • users.adelphia.net
  • www.adelphia.net
  • adelphia.net
 
Last edited:
I don't use Spybot Hosts file (I use mvps.org hosts file); so the sites remain accessible to me.
I had not noticed that users.adelphia.net had been added to restricted site:

My question is why??
 
Just chatted online with ADELPHIA and they will call.

This is a big problem for millions of adelphia users. As most who use spybot will not know they have 3 new entries in their restricted zones preventing the site from working properly!!

Adelphia is looking into why they have been black listed.:oops:
 
thanks for reporting,
it is a false positive with our beta detections, unfortunately this also went into the spybot hostsfile :oops:
product will be fixed and renamed with next update

so if someone added the spybot hostsfile and immunization with the latest update, he should check if adelphia.net is blocked within the hosts file and remove it from there
 
I dont have host files checked but adelphia was put in my restricted zone anyway. I cant even access my mail or helpfiles. The only thing listed in my host files says local. Should I remove that? Im so lost.
 
If you want to remove the Restricted Zone entries for the following entries:
  • users.adelphia.net
  • www.adelphia.net
  • *.adelphia.net
Go into Internet Explorer > Tools > Internet options... > Security tab > click on Restricted Sites > click the Sites button > in the Web sites listing > scroll down to one of the entries > highlight it > click the Remove button. Highlight the second entry > click the Remove button, etc. When you are done, click OK,OK.
 
Last edited:
Yes, the domains in the restricted zone is added by the immunize, the Hosts file does not do that, it redirects a domain to your own PC, hence it becomes unavailable altogether.

In fact the way the restriction is done is not correct. There is a *Dword =4 in adelphia.net key in the domains key, that makes the two subkeys Users and www redundant (all *.aldelphia.net sites are restricted by that DWord). If the idea was only to restrict www.adelphia.net and users.adelphia.net, then there should be no *DWord in adelphia.net key, only the ones in www and users keys.

I've noticed a lot of the restricted domain entries from Spybot have the same error. Maybe someone should review these immunize entries.
 
The Web sites listing is sorted by the second and third nodes (names beginning with numerics followed by alphabetic names). The following entries all appear together near the top of the listing:
  • users.adelphia.net
  • www.adelphia.net
  • *.adelphia.net
If you unimmunize the entries will be removed but so will all the other entries placed there by Spybot.
 
Interestingly, after I had deleted the adelphia.net key from domains keys (in all the places Spybot puts it), then checked immunize, it reported all were blocked: so it is not recognising that one has been removed. To double check, I deleted all instances of adelpphia in my registry (as it is not my home page or ISP I can do that). It still reported all known blocked.
 
adelphia.dl

same here, although I do not use any of the real-time stuff. Just scan once a week.
So I ignored the adelphia.dl warning.
 
Rosenfeld said:
Fixed in latest updates.
Click to expand...
Not fixed for me?

Weird, does anyone know why I got these results?

Adelphia.DL: Bookmark (Mozilla: ant) (Bookmark, nothing done)
Adelphia.DL: Bookmark (Mozilla: ant) (Bookmark, nothing done)
Adelphia.DL: Bookmark (Mozilla: ant) (Bookmark, nothing done)
Adelphia.DL: Bookmark (Mozilla: ant) (Bookmark, nothing done)

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-06-01 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-10-20 Includes\Cookies.sbi (*)
2006-10-13 Includes\Dialer.sbi (*)
2006-10-20 Includes\DialerC.sbi (*)
2006-10-13 Includes\Hijackers.sbi (*)
2006-10-20 Includes\HijackersC.sbi (*)
2006-10-20 Includes\Keyloggers.sbi (*)
2006-10-20 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-10-13 Includes\Malware.sbi (*)
2006-10-20 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-10-20 Includes\PUPSC.sbi (*)
2006-10-20 Includes\Revision.sbi (*)
2006-10-13 Includes\Security.sbi (*)
2006-10-20 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-10-20 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-10-13 Includes\Trojans.sbi (*)
2006-10-20 Includes\TrojansC.sbi (*)


Please note that I am using Mozilla v1.7.13 as my primary Web browser where the bookmarks are.
 
with the latest updates the false positive should not appear anymore,
if Adelphia.DL still get flagged after a scan, please check for a detection update.
 
Yodama said:
with the latest updates the false positive should not appear anymore,
if Adelphia.DL still get flagged after a scan, please check for a detection update.
Click to expand...
Here is what weird. I haven't updated since 10/20/2006, and I don't see these detected anymore. I didn't tell it to ignore it or anything. Weird.
 
You must log in or register to reply here.
Back
Top