Possible false positive: Win32.IRCBot.kow

[fpmatters]

Operating system: Windows XP Professional
Browser: Firefox 3.0.11
Version of Spybot S&D: 1.6.2.46
Latest update: 6/24/2009

The false positive occurred in a scan result

The log is attached below

Thank you for your time and help and hopefully this problem will be resolved if this is indeed a false positive.

 

[Yodama]

hello,

to confirm if this is a false positive we need more information.
Please do the following:

1)
Download and run Rootalyzer http://forums.spybot.info/downloads.php?id=8
Please make a deep scan and copy and paste us the results of the scan.
Also send us the files, which you get in the log area when you click on "Pack Suspicious Files".

2)
Open the registry editor and export this Key:

HKEY_USERS\S-1-5-21-1343024091-926492609-839522115-1004\Software\Microsoft\Windows\CurrentVersion

attach these to detections@spybot.info with a reference to this thread.

 

[fpmatters]

I sent all the information needed to the email you listed above i had a small problem with attachment limits and sending limits so i had to send 2 emails one with the registry and one with the suspicious files from rootalyzer. It seems like the rootalyzer log had nothing to do with the spybot log so maybe this is a good sign that it is a fp. Thanks again for all your help it is greatly appreciated.

 

[fpmatters]

This is not a false positive it has been confirmed by the spybot detections team.

The spybot team just got back to me about these registry files and indeed this is not a false positive these are some of the registry files left behind from a previous infection i had so when you get a chance please close and delete this thread from the false positive forum thanks again.