Fixed: False detection of "BPSSpywareRemover" ?

[MikeSW17]

Hi, S&D is reporting detection of BPSSpywareRemover as Level 10 Threat.

Log:

BPSSpywareRemover: [SBI $56D821C1] Type library (Registry Key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{602E2CE0-53F7-11D2-A7F4-00A0C91110C3}
Category=Malware
ThreatLevel=10​

The registry entry referred to contains only:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\TypeLib\{602E2CE0-53F7-11D2-A7F4-00A0C91110C3}]

[HKEY_CLASSES_ROOT\TypeLib\{602E2CE0-53F7-11D2-A7F4-00A0C91110C3}\1.0]
@="API calls used for threading"

[HKEY_CLASSES_ROOT\TypeLib\{602E2CE0-53F7-11D2-A7F4-00A0C91110C3}\1.0\0]

[HKEY_CLASSES_ROOT\TypeLib\{602E2CE0-53F7-11D2-A7F4-00A0C91110C3}\1.0\0\win32]
@="C:\\Windows\\SysWow64\\Threadapi.TLB"

[HKEY_CLASSES_ROOT\TypeLib\{602E2CE0-53F7-11D2-A7F4-00A0C91110C3}\1.0\FLAGS]
@="0"

[HKEY_CLASSES_ROOT\TypeLib\{602E2CE0-53F7-11D2-A7F4-00A0C91110C3}\1.0\HELPDIR]
@="C:\\Windows\\system32"

​

Kaspersky & VirusTotal both report file "Threadapi.TLB" as Clean.

Further checking: None of the filenames referenced to in Thread "Manual Removal Guide for BPSSpywareRemover" https://forums.spybot.info/showthread.php?37346-Manual-Removal-Guide-for-BPSSpywareRemover are present anywhere on my system.

Environment:
HW: AMD Ryzen 9 7950, MB: MSI MPG X670E, Mem: 64GB
OS: Windows 11 Pro (Insider Dev release, latest)
AV: Kaspersky Total Security

 

[tashi]

Hello MikeSW17,

Thank you for reporting, I will flag this, also please open a ticket here.

Regards,
tashi

 

[roberto]

Confirmed. We will remove this rule

Hello MikeSW17,

Confirmed. This typelib rule is a FP, we will remove this item from the signature database this week on Wednesday.
Thanks for reporting.

Kind regards,
roberto.