Fixed (Heuristics): Are these False detection results from Spybot - Search & Destroy

K

Karmar

New member
Hi, Are these 2 items in blue False detection results from Spybot - Search & Destroy.(free)
Thanks for any help
Karmar

Operating System;- Windows 10 - Pro 64-bit
Browser and Version;- Firefox Quantum 63.0.3 (64-bit)
Version of Spybot;- version 2.7.64.0
Malware Scanner;- 2.7.64.191
where did the false positive occur;- Scan result

Search results from Spybot - Search & Destroy

26-Nov-18 9:32:53 PM
Scan took 00:22:40.
5 items found.


Win32.Small.azl: [SBI $99B4BE91] Autorun settings () (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-198702542-466784759-2265100332-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Category=Trojans
ThreatLevel=10
Weblink=http://forums.spybot.info/showthread.php?39090

Win32.Small.azl: [SBI $99B4BE91] Program file (File, nothing done)
C:\Program Files\RogueKiller\RogueKiller64.exe
Category=Trojans
ThreatLevel=10
Weblink=http://forums.spybot.info/showthread.php?39090
Properties.size=33270840
Properties.md5=13265EF9DC3F0DFA85146489D34746A4
Properties.filedate=1542810602
Properties.filedatetext=2018-11-21 14:30:02

MS Regedit: [SBI $C3B62FC1] Recent open key (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-198702542-466784759-2265100332-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey
Category=Tracks
ThreatLevel=2
Weblink=http://forums.spybot.info/forumdisplay.php?54

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Category=Tracks
ThreatLevel=2
Weblink=http://forums.spybot.info/forumdisplay.php?54

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Category=Tracks
ThreatLevel=2
Weblink=http://forums.spybot.info/forumdisplay.php?54


--- Spybot - Search & Destroy version: 2.7.64.131 DLL (build: 20180214) ---
 
Any have an answer for this?

Anyone else use RogueKiller 64bit and get these results when running Spybot - Search & Destroy.

Karmar
 
Hello Karmar,

I did link the team to your topic, I will check back.

Thank you for reporting. :)
 
Resolved with updates from 2018-11-28

Hello Karmar,

we updated the signatures for Win32.Small.azl today. RogueKiller64.exe should not be triggered anymore.

Thanks for reporting this issue.

Kind regards,
Roberto.
 
Hi Roberto,
Just to let you know it's Still the same, no change from my first post.
Run update and system scan several times to check.

Karmar

Search results from Spybot - Search & Destroy

02-Dec-18 1:35:08 PM
Scan took 00:24:44.
4 items found.


Win32.Small.azl: [SBI $99B4BE91] Autorun settings () (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-198702542-466784759-2265100332-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Category=Trojans
ThreatLevel=10
Weblink=http://forums.spybot.info/showthread.php?39090

Win32.Small.azl: [SBI $99B4BE91] Program file (File, nothing done)
C:\Program Files\RogueKiller\RogueKiller64.exe
Category=Trojans
ThreatLevel=10
Weblink=http://forums.spybot.info/showthread.php?39090
Properties.size=33280568
Properties.md5=D6E61547397F54CF7C2BE54040EDF40B
Properties.filedate=1543336694
Properties.filedatetext=2018-11-27 16:38:14

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Category=Tracks
ThreatLevel=2
Weblink=http://forums.spybot.info/forumdisplay.php?54

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Category=Tracks
ThreatLevel=2
Weblink=http://forums.spybot.info/forumdisplay.php?54

--- Spybot - Search & Destroy version: 2.7.64.131 DLL (build: 20180214) ---
 
Hello Karmar,

The rule has been removed from the database so if you have updated it shouldn't be detected. :scratch:

Best regards.
 
You must log in or register to reply here.
Back
Top