Fixed: False detection of "BPSSpywareRemover" ?

MikeSW17

New member
Hi, S&D is reporting detection of BPSSpywareRemover as Level 10 Threat.

Log:
BPSSpywareRemover: [SBI $56D821C1] Type library (Registry Key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{602E2CE0-53F7-11D2-A7F4-00A0C91110C3}
Category=Malware
ThreatLevel=10​


The registry entry referred to contains only:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\TypeLib\{602E2CE0-53F7-11D2-A7F4-00A0C91110C3}]

[HKEY_CLASSES_ROOT\TypeLib\{602E2CE0-53F7-11D2-A7F4-00A0C91110C3}\1.0]
@="API calls used for threading"

[HKEY_CLASSES_ROOT\TypeLib\{602E2CE0-53F7-11D2-A7F4-00A0C91110C3}\1.0\0]

[HKEY_CLASSES_ROOT\TypeLib\{602E2CE0-53F7-11D2-A7F4-00A0C91110C3}\1.0\0\win32]
@="C:\\Windows\\SysWow64\\Threadapi.TLB"

[HKEY_CLASSES_ROOT\TypeLib\{602E2CE0-53F7-11D2-A7F4-00A0C91110C3}\1.0\FLAGS]
@="0"

[HKEY_CLASSES_ROOT\TypeLib\{602E2CE0-53F7-11D2-A7F4-00A0C91110C3}\1.0\HELPDIR]
@="C:\\Windows\\system32"


Kaspersky & VirusTotal both report file "Threadapi.TLB" as Clean.

Further checking: None of the filenames referenced to in Thread "Manual Removal Guide for BPSSpywareRemover" https://forums.spybot.info/showthread.php?37346-Manual-Removal-Guide-for-BPSSpywareRemover are present anywhere on my system.

Environment:
HW: AMD Ryzen 9 7950, MB: MSI MPG X670E, Mem: 64GB
OS: Windows 11 Pro (Insider Dev release, latest)
AV: Kaspersky Total Security
 
Hello MikeSW17,

Thank you for reporting, I will flag this, also please open a ticket here.

Regards,
tashi
 
Confirmed. We will remove this rule

Hello MikeSW17,

Confirmed. This typelib rule is a FP, we will remove this item from the signature database this week on Wednesday.
Thanks for reporting.

Kind regards,
roberto.
 
Back
Top