Fixed: Fraud.SoftCop

rcfc1

New member
Since the last update (Oct. 28, 2009) TeaTimer identifies a C:Windows\System32 file - ibmpmsvc.exe - as Fraud.SoftCop. This file is part of Thinkpad's power management and one I need to keep.

When TeaTimer catches the file, the teatimer window does not let me run or keep the file. It will only allow me to terminate and delete the file.

I've excluded Fraud.SoftCop from the product exclusion list. But this does not seem the right way to deal with the problem.
How do I exclude this specific file?
 
Since the last update (Oct. 28, 2009) TeaTimer identifies a C:Windows\System32 file - ibmpmsvc.exe - as Fraud.SoftCop. This file is part of Thinkpad's power management and one I need to keep.

When TeaTimer catches the file, the teatimer window does not let me run or keep the file. It will only allow me to terminate and delete the file.

I've excluded Fraud.SoftCop from the product exclusion list. But this does not seem the right way to deal with the problem.
How do I exclude this specific file?

I can confirm that there is a false positive with Fraud.SoftCop.
For TeaTimer you can set the file to be allowed permanently if TeaTimer asks.
  • uncheck "Delete the associated file"
  • select "Allow this process to run" and click ok
This will add the file to the allowed processes within TeaTimer and is active until removed.
Allowing ibmpmsvc.exe should not cause any problems later.

A fix for this false positive will be released soon, you will need to restart the TeaTimer after the update.
 
Fraud.SoftCop--uedos32.exe--where to "deleted"?

Since the last update (Oct. 28, 2009) TeaTimer identifies a C:Windows\System32 file - ibmpmsvc.exe - as Fraud.SoftCop. This file is part of Thinkpad's power management and one I need to keep.
...
Hi, encountered similar after last update, detecting uedos32.exe (part of UltraEdit, that worked for years) as "Fraud.SoftCop".

After ignoring *many* warnings, found the file deleted, maybe by I wrong click by me:
*Where* SpyBot could move it? (couldn't find it through GUI)
 
How to restart Teatimer

How does one restart Teatimer? I just did "Exit Spybot S&D" from the toolbar/tray thing. Is that what you mean?

Also, PDF995 had the same problem with claiming to have Fraud.SoftCop.

Update is online and is dated 2009-10-29, remember to restart the TeaTimer after the update.
 
How does one restart Teatimer? I just did "Exit Spybot S&D" from the toolbar/tray thing. Is that what you mean?

I just wanted to confirm the SpyBot guys, that the update of 29th worked for me (wrong false with Fraud.SoftCop using UltraEdit is fixed).

Restart was needed, yes.
:rockon:
 
Yea, I just had it give me this same false warning for installing Aptana.

I'm just letting it run against the recommendation. I know Aptana is not trying to spy on me . .
 
Hi there,
This is my first post in this forum & this seems like the right thread to post my question in. I have also had a false positive for Fraud.Softcop, in my case it picked up photoshopserver.exe as the malware. I went ahead & let SBSD block & delete the file/process without realising what the process was. In this case photoshopserver.exe allows Premiere Pro CS4 to import/recognise Photoshop PSD files. After letting SBSD delete this, I can no longer import PSD's into PPRO.

My question for the experts here is, is there any way to restore that file from Spybot without having to reinstall PPRO?

Cheers
 
Why Spybot does not move problematic files to a special directory?
Deleting is not a good idea.

Actually Spybot moves files to a recovery directory, however the TeaTimer does not. The TeaTimer is an optional part for active protection that needs to be able to handle file access differently than the Spybot main application.
You are correct that deleting is actually not the best option but in case of the TeaTimer peformance had to be prioritized.
 
Back
Top