Fixed: False positive, maybe

F

frankoi

New member
Hi, I'm new to this forum, have been using Spybot Search and Destroy for many years.

I recently updated the definitions (23 December 2009) and I did a full scan, and it found this:

Fraud.MalwareDefense: [SBI $468EC810] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}

I have done a full virus scan (using Avira), nothing found.

I did a search on that detection, and some results show up as a component of the ati video card driver (I do have an ati card and it's running the "ccc" driver/software).

I placed this detection on the ignore list.

Is this just a false positive?

Thank you,
Franko
 
The same: Fraud.MalwareDefense

Hi Team,

I have the same issue. The same file (points to C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll) is detected by the most recent S&D update as Fraud.MalwareDefense.

WinXP SP3, IE8, most recent versions of S&D and updates.


Fraud.MalwareDefense: [SBI $468EC810] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}

Regards, Leszek
 
Hi,

This also happened to me today and I agree it must be a false positive as I did a clean install of my system last night so it is very doubtful I have picked this up as I have hardly been on the web. I have an ATI graphics card as well.

Incase you need it:
Fraud.MalwareDefense: [SBI $468EC810] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}

N.B. KIS, SAS and MBAM do not find anything also nothing in HijackThis log

Please rectify soon.

Cheers
 
Last edited:
Thanks for reporting this. We are currently investigating this issue. More information on this would be very supportive. Please export the key in question and send it to detections@spybot.info Thanks in advance!
 
Hello,

We are sorry, this is a false positive in our actual detections.
We are trying to bring up another update as soon as possible that should fix this.

Best regards
Sandra
Team Spybot
 
Hi Buster and spybotsandra,

Thanks for the quick replies. I have sent the key as per Buster's request.

Just to give you my 2 cents worth... this is the first time i have used spybot in about 2 years. I am in the process of setting up a dual boot with vista/W7 and I thought I would try some different anti spyware programs on each OS. So finding an FP on my first spybot scan in 2 years is most annoying and I nearly uninstalled it altogether.

However as you have replied so quickly and appear to be on the case I will stick with it.

Thanks again,

Cheers.
 
An update including the fixed detection file has been released a few minutes ago. Please download the new definition files.
 
Fraud.malwaredefense false positive?

I've been using Spybot S/D for many months with excellent results. I have the latest version with updates as of 12/23/09. I ran a scan this afternoon and got a Fraud.malewaredefense notice. Spybot was unable to remove it saying it was in memory. I subsequently ran the following spyware/malware programs scans to try and find it. I ran Malewarebytes, McAfee, Norton, Trend, and Spyware doctor. None of them found this problem. I looked in program files and folders and I even looked in the registry-nothing. I ran your RunAlyzer and, again, nothing. I was unable to find any files/ Reg entries that said Malware defense. I've not noticed any PC problems that you would associate with this malware. I really believe I'm getting a false positive. I'm running Vista with both FF 3.5 and IE 7, but, I rarely use IE7. McAfee runs automatically. Your error report says the following: SBI $468EC810 and HKEY_Classes_Root\ClSID\5E212EE. Please tell me if I'm getting a false positive before I have to spend a lot of money with Dell tech support on a bug hunt that maybe unnecessary. Thanks
 
You must log in or register to reply here.
Back
Top