1
129260
Guest
thanks for getting back....
Hmm interesting....I hope we can figure out what is going on here...
Hmm interesting....I hope we can figure out what is going on here...
Need User Feedback: Teatimer 1.6.6.32 False Positives
- Thread starter Yodama
- Start date
Why - when I right-click on the Resident SYSTRAY icon, then click on "Show Log" - doesn't anything happen?
No log shows up. Shouldn't it have since it terminated "PestCapture"?
Or have I just got a setting wrong somewhere?
Also, all the fields in the "Settings" box are empty - are they supposed to be that way? Pete
No log shows up. Shouldn't it have since it terminated "PestCapture"?
Or have I just got a setting wrong somewhere?
Also, all the fields in the "Settings" box are empty - are they supposed to be that way? Pete
spy1, do you use CCleaner? If Spybot is ticked in CCleaner that explains why there is no TeaTimer logs coming up when you look for it.
StopSpazzing
New member
False Positive with Keepass's Plugin KeeForm
Windows Vista Ultimate 64bit
Internet Explorer 7, Maxthon 2.5.1 (uses IE as a base), FireFox 3.0.8
Spybot S&D 1.6.2.46, Last update 3/25/2009
Teatimer message when using the plugin KeeForm with Keepass to auto-enter login info website.
Log for teatimer contains:
Picture of false positive:
Keepass v1.15
Link to Keepass website: http://www.keepass.info/
Plugin: KeeForm v2.01
Link to KeeForm: http://keeform.sourceforge.net/
Windows Vista Ultimate 64bit
Internet Explorer 7, Maxthon 2.5.1 (uses IE as a base), FireFox 3.0.8
Spybot S&D 1.6.2.46, Last update 3/25/2009
Teatimer message when using the plugin KeeForm with Keepass to auto-enter login info website.
Log for teatimer contains:
Code:
3/28/2009 10:16:24 AM Encountered and terminated Spambot.mib in D:\Program Files\KeePass Password Safe\KeeForm.exe!
3/28/2009 10:27:35 AM Encountered and terminated Spambot.mib in D:\Program Files\KeePass Password Safe\KeeForm.exe!Picture of false positive:
Keepass v1.15
Link to Keepass website: http://www.keepass.info/
Plugin: KeeForm v2.01
Link to KeeForm: http://keeform.sourceforge.net/
Richard Ryder
New member
Keepass & keyform
I have also had the same issue with Keepass & KeeFORM. Thought it might be a problem with those 2 apps so have spent several [fruitless as it turns out] hours ensuring that neither of those 2 apps had been compromised - they weren't!
I just need to know how to resolve the problem - there doesn't seem to be any way to undo an action carried out by Spybot and there SHOULD BE
.
I have also had the same issue with Keepass & KeeFORM. Thought it might be a problem with those 2 apps so have spent several [fruitless as it turns out] hours ensuring that neither of those 2 apps had been compromised - they weren't!
I just need to know how to resolve the problem - there doesn't seem to be any way to undo an action carried out by Spybot and there SHOULD BE
.I was able to confirm the Keeform false positive, this will be fixed with the next detection update scheduled for 2009-04-22.
Most actions performed by Spybot S&D can be undone, there are just a couple of deletions which cannot be reverted. If you specifiy the issue you want to undo I may be able to tell if it is possible with Spybot S&D.
False Positive?
Very recent clean Win XP Pro fully Service Packed, ie 8, only running MS Office. Was installing Acrobat Reader 9.1 for the first time using "open" from adobe installer page. Was running an Ad-Aware scan in the background. System tray also has SUPERAntiSpyware 4.26.1000 Core: 3589 Trace: 1811 and Trend Micro Client/Server Security Agent latest pattern 5.981.00. Also have Malwarebytes' Anti-Malware with latest updates. Spybot/SD resident is 1.6.2.0 ssp is 1.6.6.32. SD recommends Killing and Deleting...
Very recent clean Win XP Pro fully Service Packed, ie 8, only running MS Office. Was installing Acrobat Reader 9.1 for the first time using "open" from adobe installer page. Was running an Ad-Aware scan in the background. System tray also has SUPERAntiSpyware 4.26.1000 Core: 3589 Trace: 1811 and Trend Micro Client/Server Security Agent latest pattern 5.981.00. Also have Malwarebytes' Anti-Malware with latest updates. Spybot/SD resident is 1.6.2.0 ssp is 1.6.6.32. SD recommends Killing and Deleting...
tashi
Member of Team Spybot
Hello Wayne_D,
Please see the first post in this thread: http://forums.spybot.info/showpost.php?p=301405&postcount=1
Best regards.
Please see the first post in this thread: http://forums.spybot.info/showpost.php?p=301405&postcount=1
Best regards.
false positive?: erunt\autoback.exe
Hi, I use erunt 1.1j for a long time, teatimer never found anything.
I updated S&D yesterday (rules from 24.06.2009). Today I got a teatimer-message (autoback starts with a batch file and following command line:
C:\Programme\ERUNT\AUTOBACK.EXE %systemroot%\ERDNT\#Date#_#Time# /days:3 /alwayscreate /noconfirmdelete /noprogresswindow)
29.06.2009 09:45:15 Encountered and terminated Win32.Agent.Bbzv in C:\Programme\ERUNT\AUTOBACK.EXE!
My OS is windows XP home SP3. I send you autoback.exe attached as a zip file.
Hi, I use erunt 1.1j for a long time, teatimer never found anything.
I updated S&D yesterday (rules from 24.06.2009). Today I got a teatimer-message (autoback starts with a batch file and following command line:
C:\Programme\ERUNT\AUTOBACK.EXE %systemroot%\ERDNT\#Date#_#Time# /days:3 /alwayscreate /noconfirmdelete /noprogresswindow)
29.06.2009 09:45:15 Encountered and terminated Win32.Agent.Bbzv in C:\Programme\ERUNT\AUTOBACK.EXE!
My OS is windows XP home SP3. I send you autoback.exe attached as a zip file.
Please make sure to fully update and upgrade Spybot S&D , then reboot your computer.
If the GoogleUpdaterService.exe should still be detected falsely please email it to detections@spybot.info with a reference to this thread.
Hi Yodama
Spybot S&D was updated. I had just made a reinstall of Spybot S&D, and rebooted, a few hours earlier (keeping app-data). I didn't delete the file and I haven't had any warnings later.
The program, GoogleToolbarNotifier.exe, has a valid certificate. That is why I think it was a false positive.
JR
Spybot S&D was updated. I had just made a reinstall of Spybot S&D, and rebooted, a few hours earlier (keeping app-data). I didn't delete the file and I haven't had any warnings later.
The program, GoogleToolbarNotifier.exe, has a valid certificate. That is why I think it was a false positive.
JR
thank you for these additional information, if you have not done so please email the GoogleToolbarNotifier.exe to detections@spybot.info with a reference to this thread so we can check if the file has a new digital signature which needs to be added to our white list.
Hi Yodama
First I apologize for mixing up two programs. As I wrote in my first post it was "GoogleUpdaterService.exe" not "GoogleToolbarNotifier.exe" that caused the warning.
I have just sent the program to you.
If anything like this should happen again with another program, wouldn't it be easier just to send the certificate instead of the program? If so, which format would you prefer?
JR
First I apologize for mixing up two programs. As I wrote in my first post it was "GoogleUpdaterService.exe" not "GoogleToolbarNotifier.exe" that caused the warning.
I have just sent the program to you.
If anything like this should happen again with another program, wouldn't it be easier just to send the certificate instead of the program? If so, which format would you prefer?
JR
Thank you for sending in the file, I have checked the digital signature and the file and added the signature to our white list.
In similar cases it would be better to send in the whole file and not only the certificate. Depending on the certificate it is not only important that the certificate itself is valid it is also important that the certificate belongs to the file it was attached to.
Having the file in question also allows us to check for a reason why it was flagged falsely in the first place.