False Positive?

T

Tattenbach

New member
Hello,

After new the definitions today (Nov 10th 2006) SpyBot detects in my PC "NSIS Media Extension" and points to the registry entry "HKEY_LOCAL_MACHINE\SOFTWARE\NSIS". In this key the default entry is "C:\Program Files\NSIS".

I believe this a false positive since this folder belongs to the open source program NSIS (Nullsoft Scriptable Install System).

http://nsis.sourceforge.net/Main_Page

I have no problems with pop-ups and no other program detects this, including SpyBot before today's update.

The file "ns78.dll" is not in my system.

Could you please advise?

Thanks

MfG
 
Hi

Could we see the results of running this batch please

Copy the contents of the code box below into a new notepad document (not wordpad).
Click file> save as...> call it check.bat > file types *all files*> and save it to desktop.
Code: 
@echo off
Echo.
Echo searching please wait....
(
findstr /L /I /M /C:"*" "%CommonProgramFiles%\NSIS\*.*"
findstr /L /I /M /C:"cydoor_shell_project" %windir%\system32\*.dll
if exist %windir%\system32\msidext.dll echo %windir%\system32\msidext.dll
dir /b /s "%programfiles%\nsis.jar"
)>>logit.txt 2>nul
start notepad logit.txt
Run check.bat and post back with the text that will open.
 
Log as requested . . .

Thanks for taking care . . .

*********************
Log file was empty after running check.bat 3 times.

Thanks again.
 
Thanks
The detections team will comment in a day or two, in the meantime Post a SpyBot results report.
Run SpyBot check for problems, when its finished right click and choose copy results (not full report) to clipboard and past that back here please.
 
SpyBot Report

**********************************
Microsoft.WindowsSecurityCenter.UpdateDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify!=dword:0

NSIS Media Extension: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\NSIS

Common Dialogs: History (2 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

7-Zip: Folder history (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1454471165-492894223-1343024091-1004\Software\7-ZIP\FM\FolderHistory

7-Zip: Last used folder (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-492894223-1343024091-1004\Software\7-ZIP\FM\PanelPath0!=

Ahead Nero Burning Rom: Save tracks directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-492894223-1343024091-1004\Software\Ahead\Nero - Burning Rom\SaveTrackOptions\Stdflist!=B=

MS Media Player: Anonymous ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-492894223-1343024091-1004\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

MS DirectDraw: Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=

MS Office 11.0 (Word): Recent file list (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1454471165-492894223-1343024091-1004\Software\Microsoft\Office\11.0\Word\Data\Settings

MS Regedit: Recent open key (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-492894223-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey!=

Windows Explorer: User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-492894223-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: User Assistant history files (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-492894223-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: Last visited history (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-492894223-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-492894223-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Cookie: Cookie (1) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-06-09 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-10-10 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-11-10 Includes\Cookies.sbi (*)
2006-10-06 Includes\Dialer.sbi (*)
2006-11-10 Includes\DialerC.sbi (*)
2006-11-03 Includes\Hijackers.sbi (*)
2006-11-10 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2006-11-10 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-10-06 Includes\Malware.sbi (*)
2006-11-10 Includes\MalwareC.sbi (*)
2004-08-11 Includes\plugin-ignore.ini
2006-10-06 Includes\PUPS.sbi (*)
2006-11-10 Includes\PUPSC.sbi (*)
2003-11-12 Includes\QA Tests.sbi (*)
2006-11-10 Includes\Revision.sbi (*)
2006-10-06 Includes\Security.sbi (*)
2006-11-10 Includes\SecurityC.sbi (*)
2006-10-06 Includes\Spybots.sbi (*)
2006-11-10 Includes\SpybotsC.sbi (*)
2003-11-21 Includes\Temporary.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2006-11-03 Includes\Trojans.sbi (*)
2006-11-10 Includes\TrojansC.sbi (*)
**********************************
 
FP or not?

Hello,

Please don't forget to verify this.

Wouldn't it be enough to install NSIS (Nullsoft) in a previously checked (and clean) machine and then run SpyBot to see if it flags it?

MfG
 
So, it was a false positive . . .

Although you never answered I guess the response was given by Yodama in another similar post.
 
You must log in or register to reply here.
Back
Top