determining if I really have AntiSpyZone ?

M

MrZork

New member
(I am new at this, so I hope I am posting the correct info to the appropriate forum.)

Upon scanning, Spybot Search & Destroy 1.5 (updated 2007/12/05) is detecting
AntiSpyZone: [SBI $CCC09CA3] Program directory (Directory, nothing done)
C:\Program Files\\Lang\
Click to expand...

As far as I know, I don't have AntiSpyZone on my PC. I checked out the thumbnails on spywarewarrior and don't recognize having run the app.

Moreover, when I clicked on S&D's "Fix Selected Problems" button, it churned for many minutes, finished and then everything was okay. EXCEPT that all of my c:\program files\lang tree (containing all of my programming tools - python, lisp, WinMerge, etc.) was gone! Panicked, I used the recovery feature to get my apps and years of random code work back (thank heavens), and S&D once again shows AntiSpyZone as present.

So, I checked the Windows Registry (searching for AntiSpyZone, program files\\lang, program files\lang, and CCC09CA3). Nothing. I checked the Windows Add or Remove Programs list for AntiSpyZone. Nothing. I checked the startup entries (just in case). Nothing. And, of course, I checked the c:\program files\lang folder and subfolders for AntiSpyZone and there was nothing there, either. Beyond that, I really don't know where to look.

So, my question is, can I determine whether I really have AntiSpyZone or if this may be a false positive? And, if I do have it, is there a pointer to a manual uninstall procedure that does not delete all of my programming apps?

Thanks.


The full entry for that S&D result is:
Code: 
AntiSpyZone: [SBI $CCC09CA3] Program directory (Directory, nothing done)
  C:\Program Files\\Lang\


--- Spybot - Search & Destroy version: 1.5  (build: 20070830) ---

2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2005-05-31 TeaTimer_original.exe (1.4.0.2)
2006-03-05 unins000.exe (51.41.0.0)
2007-09-29 unins001.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-12-05 Includes\Cookies.sbi (*)
2007-10-31 Includes\Dialer.sbi (*)
2007-12-05 Includes\DialerC.sbi (*)
2007-11-07 Includes\Hijackers.sbi (*)
2007-12-05 Includes\HijackersC.sbi (*)
2007-10-04 Includes\Keyloggers.sbi (*)
2007-12-05 Includes\KeyloggersC.sbi (*)
2007-11-07 Includes\Malware.sbi (*)
2007-12-05 Includes\MalwareC.sbi (*)
2007-10-24 Includes\PUPS.sbi (*)
2007-12-05 Includes\PUPSC.sbi (*)
2007-12-05 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-12-05 Includes\SecurityC.sbi (*)
2007-11-07 Includes\Spybots.sbi (*)
2007-12-05 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2007-11-28 Includes\Trojans.sbi (*)
2007-12-05 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll
 
Thanks for moving my post. I was thinking the odds were against this being a false positive so I didn't know to post to this part of the forum.

Since it's here, here is the other info for posts in this forum:
  • OS: Windows XP, SP1
  • Browser and Version:
    • Firefox 2.0.0.2 (primary)
    • Netscape 7.1
    • Internet Explorer 6.0.2800.1106.xpsp2.050301-1526
  • Version of Spybot S&D: 1.5 (build: 20070830), latest update on 2007/December/07
  • False Positive (if such it is) Occured: in a scan result

The whole Spybot S&D log is two long to post or attach (242K). :fear: I can email it somewhere if the entry for the individual result in the first post isn't enough.
 
Okay, sorry to be so thick. I just noticed that the byte limit on attachments is higher for zip archives, so I can post the log as an attachment if I zip it. So, here it is (I hope).
 
Hello MrZork.

One of our detectives will take a look at the results when available, probably shortly after the weekend.

Best wishes. :)
 
hello,

thank you for reporting this issue. It is a false positive and will be removed with the detection update scheduled for this wednesday.
 
Whew! I was envisioning a rocky re-installation of all of my programming tools. :eek:

Thanks for the fast response.
 
You must log in or register to reply here.
Back
Top