1
129260
Guest
yup
this has been confirmed and will be fixed. See yodamas replies.
this has been confirmed and will be fixed. See yodamas replies.
Confirmed (Heuristics): right click scanning of spybot detects smitfraud c all over the place!
@129260
thanks for your help
In case of infection with these threats it would also be listed under malware.
Additionally a normal scan with Spybot S&D would also find traces of these malware. These threats in particular depend on registry entries to get started on system boot. They are not threats that are strictly file based.
Both malware usually show false warning messages to make users download and buy rogue security software.
The heuristics scan will be more reliable with the upcoming update, but changes still have to be made.
So if in doubt about a heuristics result (after the update today), you can also submit the file to detections@spybot.info for analysis.
As you already stated this is unlikely. Hardware issues usually cause random errors, like sudden blue screens.
thanks for your help
In case of infection with these threats it would also be listed under malware.
Additionally a normal scan with Spybot S&D would also find traces of these malware. These threats in particular depend on registry entries to get started on system boot. They are not threats that are strictly file based.
Both malware usually show false warning messages to make users download and buy rogue security software.
The heuristics scan will be more reliable with the upcoming update, but changes still have to be made.
So if in doubt about a heuristics result (after the update today), you can also submit the file to detections@spybot.info for analysis.
this kind of errors could relate to an infection, please post in the malware removal forums and follow the helpers instructions on how to provide the log files they require to estimate the source of the issues.
As you already stated this is unlikely. Hardware issues usually cause random errors, like sudden blue screens.
Tattenbach
New member
Wireless Migrator
Would you please check the program "Wireless Migrator" from codeplex? URL listed below
http://www.codeplex.com/wlan/Release/ProjectReleases.aspx?ReleaseId=14107 > BackupWireless.exe
Spybot 1.6 latest definitions detects "Worldsecurityonline.FakeAlert" when using the context menu option and heuristics.
I believe this is a false positive.
Thanks for your feedback.
Would you please check the program "Wireless Migrator" from codeplex? URL listed below
http://www.codeplex.com/wlan/Release/ProjectReleases.aspx?ReleaseId=14107 > BackupWireless.exe
Spybot 1.6 latest definitions detects "Worldsecurityonline.FakeAlert" when using the context menu option and heuristics.
I believe this is a false positive.
Thanks for your feedback.
Tattenbach
New member
OpenSuse 11 (DVD) and Linux Mint 5 Elyssa (CD) ISOs
Both downloaded images mentioned above, when scanned with version 1.6 and context menu (heuristics), are said to contain Smitfraud C.
Please advise, I believe they are false+
Kind regards
Both downloaded images mentioned above, when scanned with version 1.6 and context menu (heuristics), are said to contain Smitfraud C.
Please advise, I believe they are false+
Kind regards
md usa spybot fan
Spybot Advisor Team [Retired]
Tattenbach:
Prior posts in this thread indicate that there where confirmed false positives for Smitfraud-C using the Windows Explorer right click context menu item "Scan using Spybot-Search&Destroy".
However, in regards to:
Prior posts in this thread indicate that there where confirmed false positives for Smitfraud-C using the Windows Explorer right click context menu item "Scan using Spybot-Search&Destroy".
However, in regards to:
All posts prior to yours are using old updates. Have you download today's updates (2008-07-16) and tried again?
Tattenbach
New member
> All posts prior to yours are using old updates. Have you download today's updates (2008-07-16) and tried again?
------------------------------------------------------------------------
Thanks for the reply. No, I have not updated def. this week but will do later today (I am away from my PC now) and post the results. Thanks again.
PS: I have another post here regarding Wireless Migrator identified with another type of malware. Perhaps the update cures that one too as I believe it should be false+
------------------------------------------------------------------------
Thanks for the reply. No, I have not updated def. this week but will do later today (I am away from my PC now) and post the results. Thanks again.
PS: I have another post here regarding Wireless Migrator identified with another type of malware. Perhaps the update cures that one too as I believe it should be false+
Last edited:
Tattenbach
New member
Neither the linux ISOs nor Wireless Migrator are reported as infected after this update. Thanks!
md usa spybot fan
Spybot Advisor Team [Retired]
Tattenbach:
I'm glad that your problem was resolved with the latest (2008-07-16) updates.
I'm glad that your problem was resolved with the latest (2008-07-16) updates.
Firefox false positive?
I have no problems with pop-ups, etc; and no symptoms of infection. Checked a different computer and also see no problems but both computers show this when doing a right click scan on the firefox folder; located in the program files folder. (I only checked doing it this way because of the smitfraud false positive reported in Internet explorer)
The malware scan shows nothing found; the heuristic scan shows the red caution symbol at: nsDefaultCLH.js __ Win32. Zhelatin.VG
The normal S&D scan shows no issues and neither Norton or Command anti-virus show anything.
Both computers: Windows XP sp3
S&D ver1.6 updated 7-16-08
Firefox ver.3.0.1
One computer is using Command AV ver.4.95.2
One computer is using Norton Internet Security Ver.15.5.0.23
I have no problems with pop-ups, etc; and no symptoms of infection. Checked a different computer and also see no problems but both computers show this when doing a right click scan on the firefox folder; located in the program files folder. (I only checked doing it this way because of the smitfraud false positive reported in Internet explorer)
The malware scan shows nothing found; the heuristic scan shows the red caution symbol at: nsDefaultCLH.js __ Win32. Zhelatin.VG
The normal S&D scan shows no issues and neither Norton or Command anti-virus show anything.
Both computers: Windows XP sp3
S&D ver1.6 updated 7-16-08
Firefox ver.3.0.1
One computer is using Command AV ver.4.95.2
One computer is using Norton Internet Security Ver.15.5.0.23
Last edited:
Thank you for reporting this, this false positive will be fixed with the next update of the trojans.sbi which is scheduled for today ( Wednesday ).
Also thanks to everyone else for feedback and reporting the other false positives.
bureaucrat
New member
Mozhelatin
Spybot v1.6 found what I hope is a false indication within Mozilla Firefox
v3.0.1 installer package.
I sometimes unzip installer packages and scan the contents.
Spybot did not report this before expanding the installer.
"Firefox Setup 3.0.1.exe\nonlocalized\components\nsDefaultCLH.js"
was marked as Win32.Zhelatin.vg by Spybot Heuristics.
MD5 for this file downloaded from Mozilla.org on 07/22/08-
(using MD5 Summer) acf41e73a9844a3f6410017f09c849al
I read recently that Firefox is now a mild form of spyware for Mozilla.org.
Spybot v1.6 found what I hope is a false indication within Mozilla Firefox
v3.0.1 installer package.
I sometimes unzip installer packages and scan the contents.
Spybot did not report this before expanding the installer.
"Firefox Setup 3.0.1.exe\nonlocalized\components\nsDefaultCLH.js"
was marked as Win32.Zhelatin.vg by Spybot Heuristics.
MD5 for this file downloaded from Mozilla.org on 07/22/08-
(using MD5 Summer) acf41e73a9844a3f6410017f09c849al
I read recently that Firefox is now a mild form of spyware for Mozilla.org.
1
129260
Guest
hey yodama,
I just wanted to report that now all my issues are fixed with the right click scanning now. I have yet to see any more problems with the latest updates. I will report if anything changes. Thanks so much!
I just wanted to report that now all my issues are fixed with the right click scanning now. I have yet to see any more problems with the latest updates. I will report if anything changes.
Thanks so much!zlib.dll - False Positive?
When I single scan my Blender folder, I get the following information:
Zlib.dll GuardianMonitor
This is under the Heuristic section only.
A regular scan with SpyBot does not show this.
My other security software does not show this.
Is this a false positive?
Windows Defender
Adaware 2008
AVG (paid version)
Windows XP Pro sp3
Internet Explorer 7, FireFox latest version
Latest spybot 1.6
Thank You.
When I single scan my Blender folder, I get the following information:
Zlib.dll GuardianMonitor
This is under the Heuristic section only.
A regular scan with SpyBot does not show this.
My other security software does not show this.
Is this a false positive?
Windows Defender
Adaware 2008
AVG (paid version)
Windows XP Pro sp3
Internet Explorer 7, FireFox latest version
Latest spybot 1.6
Thank You.
tashi
Member of Team Spybot
Thank you for the quick reply.
I am sorry but I do not understand the information you requested.
I have read the page suggested and have all the information that I can find.
The single file scan does not produce a log of any of its findings. I can find the regular scan log easily, but no trace of the single file/folder scan. The window also does not allow me to do anything about the stated file, such as fixing the problem.
Again, this happens when I right click and scan a single folder. The screen that I see has a red X in front of the file, zlib.dll.
Under “status”, it states it is a “GuardianMonitor”.
Could you please tell me what other information I can give to find out is this is a threat or a false positive.
Thank you for your time.
I am sorry but I do not understand the information you requested.
I have read the page suggested and have all the information that I can find.
The single file scan does not produce a log of any of its findings. I can find the regular scan log easily, but no trace of the single file/folder scan. The window also does not allow me to do anything about the stated file, such as fixing the problem.
Again, this happens when I right click and scan a single folder. The screen that I see has a red X in front of the file, zlib.dll.
Under “status”, it states it is a “GuardianMonitor”.
Could you please tell me what other information I can give to find out is this is a threat or a false positive.
Thank you for your time.
2 serious FPs found on 2 legit apps on Flash drive S&D context scan
Windows XP Professional SP-3
FireFox 3.0.1
Spybot S&D 1.6 update: 2008-08-27
Found on the right-click Spybot scan (context scan I think) of my usb flash drive
1. FixPolicies.exe, found here - http://cid-6aaab341ce47c5c2.skydrive.live.com/self.aspx/Public/FixPolicies.exe, was found under Spybot - Search & Destroy (Heuristic) as Virtumonde.
2. DCProSetup.exe, found here - http: //downloads.guru3d.com/download.php?det=745#download, was found under Spybot - Search & Destroy (Heuristic) as SpyFalcon.
Nothing was fix or deleted, they were just detected in the right-click Spybot scan and seemed to worry me, cause those are 2 very nasty things to have been detected.
Windows XP Professional SP-3
FireFox 3.0.1
Spybot S&D 1.6 update: 2008-08-27
Found on the right-click Spybot scan (context scan I think) of my usb flash drive
1. FixPolicies.exe, found here - http://cid-6aaab341ce47c5c2.skydrive.live.com/self.aspx/Public/FixPolicies.exe, was found under Spybot - Search & Destroy (Heuristic) as Virtumonde.
2. DCProSetup.exe, found here - http: //downloads.guru3d.com/download.php?det=745#download, was found under Spybot - Search & Destroy (Heuristic) as SpyFalcon.
Nothing was fix or deleted, they were just detected in the right-click Spybot scan and seemed to worry me, cause those are 2 very nasty things to have been detected.
Last edited by a moderator: