Fixed: EBlaster false positve?

M

MartyTX

New member
Running Spybot S&D 1.6.2 updated as of today (4/30).

Right click scan detects nothing found under Malware but does detect EBlaster under Heuristic for the majority of webpages I download and save as *.mht files.

I noticed that Eblaster detection was updated on 4/29; possibly falsepositive?

For example, I saved: http://www.safer-networking.org/en/spybotsd/index.html to my desktop today, and Spybot detected EBlaster (heuristic).
 
Heuristic Scan - Image Files showing EBlaster Infection

Following an upgrade today to Ver 1.6.6.32 Some but not all files with a png jpg and zip extention are showing EBlaster Infection on Heuristic Scan Only. When tested with Spyware Doctor all is ok.

I have searched for EBlaster Programs,Process's and the Registry with no sign of EBlaster Infection.

I have to admit I am thinking along the same lines however as a person that deals in facts and not fiction, I would like to know if other forum members are having issues as well or if Spybot can confirm this is a legitimate infection.
 
EBlaster false positive??

Let me add that I also have manually checked the files and registry entries that are listed in Spybot's "Manual Removal Guide for EBlaster" and everything is clean.

Likewise, scans with NIS-2009, Malewarebytes and SuperAntispyware are all clean.

Haven't updated to 1.6.6 and plan to hold off until this issue is sorted out. Don't want to jump from the frying pan into the fire! :)
 
Last edited:
EBlaster

I have files that are downloaded to me in zip archive. The archive has simply about 50 small text files and one .xml file. I test everything that is downloaded prior to opening and since 4/30 I too am getting the EBlaster alarm in heuristics.

Is it possible for me to send one of these zip files to Spybot and have them test it?

I refuse to extract the ones that show the infection until this matter is cleared up.


Thanks
 
EBlaster Heuristic false positive??

Another bit of information.

Go to a trusted website; I picked "Microsoft.com".

After the site opens, consecutively save the screen in two formats:

1. Web Archive single file (*.mht)
2. Webpage complete (*.htm or *.html)

Spybot's rightclick scan on the "Microsoft Corporation.mht" archive detected EBlaster Heuristic.

However, rightclick scans on the complete webpage "Microsoft Corporation.htm" and the associated file "Microsoft Corporation_files" were both clean.

So, the sum of the archived parts has a problem, but each unarchived part is clean. Confusing?!
 
oldwolfe said:
Following an upgrade today to Ver 1.6.6.32 Some but not all files with a png jpg and zip extention are showing EBlaster Infection on Heuristic Scan Only. When tested with Spyware Doctor all is ok.

I have searched for EBlaster Programs,Process's and the Registry with no sign of EBlaster Infection.

I have to admit I am thinking along the same lines however as a person that deals in facts and not fiction, I would like to know if other forum members are having issues as well or if Spybot can confirm this is a legitimate infection.
Click to expand...

I've been having the same problems--right-click on a folder which has .zip files or .mse-set files [used for Magic Set Editor, a program used to design card sets] or .jpg files, and I get eblaster detected under heuristics. If I scan the complete harddrive through SB-S&D nothing is noticed out of the ordinary. Norton doesn't detect anything wrong. Ad-aware doesn't detect anything wrong. It's been driving me crazy and absolutely paranoid the last few days that someone has been tracking everything I type. :clown: I've gone into the registry and searched the harddrive looking for files/keys that fit the description for eblaster and found nothing. Any feedback on this would be appreciated. I've begun suspecting the presence of false positives . . . .

Hmmm, are those men with white coats and hug-me-jackets standing out on my front porch? muha:
 
* Operating System--Windows XP Professional (SP3)
* Browser--FireFox 5.0
* Spybot S&D 1.6.2.46 (04/30/09)
* right-click Heuristic scan result of Eblaster found on various .zip, .jpg, .png, .mse-set files and at least one .htm file, some of which were downloaded, others which I created within the last couple of months. I find no other indications of eblaster within the registry or files on the computer.

Thanks for any feedback.
 
EBlaster

Anyone have any further info on this?

Interestingly, the files I get on a daily basis, 2 came thru this afternoon; I tested and they were clean (these are zipped archives). 3rd one came late in the day and it shows as having EBlaster; so now I am really concerned that it isn't a false positive.

Is there anyway to scan the individual files within the zip? Maybe that would pinpoint something.
 
Last edited:
oldwolfe said:
Following an upgrade today to Ver 1.6.6.32 Some but not all files with a png jpg and zip extention are showing EBlaster Infection on Heuristic Scan Only. When tested with Spyware Doctor all is ok.

I have searched for EBlaster Programs,Process's and the Registry with no sign of EBlaster Infection.

I have to admit I am thinking along the same lines however as a person that deals in facts and not fiction, I would like to know if other forum members are having issues as well or if Spybot can confirm this is a legitimate infection.
Click to expand...

I'm finding the same thing in some .jpg files. It doesn't show up on the other scan either, and other programs don't detect it. Can anyone confirm that this actually is a false positive?
 
Further to this

I have changed one of the (Infected) png files to a gif file using photoshop and retried the Heuristic test and it shows nothing found.

As the last update lists +EBlaster was added to the definitions list, how do I heal infected png,jpg and zip files that have failed the Heuristic test.
 
EBlaster false positive or spyware?

Following an update to Spybot Search & Destroy 1.6.2.46 several (not all) right-click scans of downloaded files show EBlaster. One was a .png, the other a .doc. Right click scans with AVG and Malwarebytes Anti-Malware showed nothing, as did a quick scan with SUPERAntiSpyware.

I have googled EBlaster and found it is computer and internet monitoring software. Is there a way of getting rid of it so I can safely open the file?

I have Windows XP SP3
 
EBlaster false positive?

SoulM8dSunshine said:
Following an update to Spybot Search & Destroy 1.6.2.46 several (not all) right-click scans of downloaded files show EBlaster. One was a .png, the other a .doc. Right click scans with AVG and Malwarebytes Anti-Malware showed nothing, as did a quick scan with SUPERAntiSpyware.

I have googled EBlaster and found it is computer and internet monitoring software. Is there a way of getting rid of it so I can safely open the file?

I have Windows XP SP3
Click to expand...

I so no way to edit this post. I just wanted to add that a regular scan with Spybot Search & Destroy does not find anything. Only the right click shows EBlaster in Heuristic.
 
Hi,

same problem here. I scanned the file gmer1015.zip and Spybot detected it as EBlaster while using its heuristic detection rules.
 
False Positive eblaster in heuristic

I have been experiencing the same problem since I updated Spybot yesterday. Previously, the same pdf files passed. They come from reliable sources; e.g., The New York Times Digest. Now, eblaster is shown in the heuristic test. Is this a false positive?

I did pretty much the same things as Highland Raider. I scanned the complete hard drive through SB-S&D with no problem. I ran Ad-Aware, which indicated no malicious stuff. I also ran a virus scan with no problem.

Only the right click shows EBlaster in Heuristic.

What to do? Please advise. Thank you.
 
Last edited:
EBlaster found everywhere

When I do a folder scan. I have a lot of files that show in the Heuristic scan as EBlaster. Is there a way to get rid of these? Most of them are thumbs.db and pdf's. I have a lot of them.

Thanks for the help....
 
Thank you for your information on this false positive.
Corrections will be released with the next detection update scheduled for Wednesday 2009-05-06.
 
False Positive - EBlaster

I updated Spybot today and the problem has been eliminated. I checked the files that previously showed a problem in heuristic and they are gone. Many thanks for the support and help.

Have a good day.
 
EBlaster false positive?

I have downloaded a couple of music files recently. They came with word docs, which happens sometimes. These have tested as having E Blaster. I think if is possible to hide something in a Word file (macros sometimes excite av software when downloaded).
Is it possible these were false positives? :confused:
 
You must log in or register to reply here.
Back
Top