Trojan in Spybot?

Has someone already uploaded the file to VirusTotal? :laugh:

Edit:
Tom.K did... ;)
 
Last edited:
I sent the file to Virustotal and Jotti and here are the results:

http://www.virustotal.com/es/analis...265e13a5d624887fb1ef189d89b2b31860-1270242057

http://virusscan.jotti.org/es/scanr...4b87/6413131f98fe7ee9b1c84ca2e056ab420d09105f

In Virustotal it seems that another antivirus like Antiy-AVL 2.0.3.7 reported SDShred.exe as positive (Virus/Win32.Daum.gen). Surprisingly McAfee din't say anything. Could you explain? :confused:

Jotti said the file in entirely safe. I'll be expecting the McAffe answer too.

Regards

kudo
 
Read through the whole thread and you'll get the answers you need.

Sorry, I must be very dummy :red:, but reading the entire thread the only thing I can discover is the possibility of a false positive, and reallly I think it must be, but need a confirmation.

Regards,

kudo
 
me too

I also had McAfee quarantine the same Spybot file but in addition to the shred file it also said the same trojan was in my system volume information restore file. Did anyone else experience this same scan result?
 
It's in System Volume Information folder because System Restore made a checkpoint with backup files which included Shredder in which makes that file in System Volume Information folder a false positive, too. There're some posts saying that trojan was detected in System Volume Information folder.

VirusTotal still didn't updated McAfee after 4 days...
 
For anybody wonder why McAfee doesn't report SDShred on VirusTotal: According to the posters, VirusTotal is using the 3/31/2010 DAT. The false positive started with the 4/1/2010 DAT. Is this McAfee's idea of an April Fools joke ;)
 
Hi,

I checked a reply I had in the McAfee Community and this user posted this reply:

"It appears that this issue has been fixed with DAT 5940.
Logged into work and rescanned the quarantined file SDSHRED
on my system. It reported that it was clean which allowed me to reatore it.

The bad thing is that I have yet to receive any email response
from McAfee. When I initially submitted the false positve they
gave me a case number. This is another failing on McAfee since
we have a gold support account with them. Anyhow, at least it
is fixed about 2 days after it was detected."

I restored my file this morning and it has not been detected. Yet. :) That's really bad that McAfee wouldn't answer them, even at least with a "checking on it" answer. Their Community site kept crashing the browser on another computer this weekend. That's really strange. (no it wasn't infected with anything.) I too submitted the file to VirusTotal on Sat. and McAfee still had a 3/31 date. Wow.

Mega Tornaconto:

I found all of the quarantine, send file to McAfee, etc., settings this morning that you mentioned to me earlier. It is buried deep into the McAfee program. This is the first I've had McAfee on any computer I've used so I'm still learning it. Came with their computer so I have not much choice.

Everyone have a great day.:)
 
Still waiting from Mcafee........

hello everybody,
still nothing received by mail about the "infected" files sent wednsday, so this morning I ask by phone to the telephone support; they said I have still to wait cause during these days they were on holidays (!!!) and so noone at laboratories could have a look at any files sent (no comment). Mcafee is astonishingly slow in this, Spybot's forum is really faster! Anyway I'm curious to see how many time they take to solve the problem although when the renewal of their license is near, they take my money one month first (and with no holidays problems).

Live long and prosper
 
To Eric: reinstalling shredder

Hi, Eric
I'm happy You at last found the quarantine window; if you have time, have a look as there're many other useful function "buried deep into the McAfee program".
Anyway, when this morning I talked with telephonic technical support about the possibility of taking back the files from the quarantine, they said me that "it could not work as first!!!":bomb:, so, in the case I have to erase it cause it doesn't work I'd like to know how you reload it on your system (reinstalling all Spybot or adding Shredder in some other ways).
Thanks for your attention

Live long and prosper
 
Hello,

With it's latest virus definitions (5939, 2-Apr-2010) McAfee detects the SDShred.exe of Spybot Search & Destroy as Generic.dx!qln (Trojan).

This is a false positive from McAfee that has already been fixed.
Please search for new updates (5940, 3-Apr-2010) for your McAfee version.

In case McAfee has deleted any of our files, to get Spybot - Search & Destroy back, please uninstall according to this guide.
Then download a fresh copy of Spybot-S&D 1.6.2. here.

P.S.: Sorry for the late response, but our office was closed for the easter holidays.

Best regards
Sandra
Team Spybot
 
Hi Sandra,
thanks for the response: effectly the problem begun with the 5938 DAT files. This morning was downoladed the 5942 version, so it ought to be all right. I hope I can recond the file from quarantine, otherwise I'll follow Your indications about uninstalling and then reinstall it again.
Have a good day

Live long and prosper
 
To Mega

Hi, Eric
I'm happy You at last found the quarantine window; if you have time, have a look as there're many other useful function "buried deep into the McAfee program".
Anyway, when this morning I talked with telephonic technical support about the possibility of taking back the files from the quarantine, they said me that "it could not work as first!!!":bomb:, so, in the case I have to erase it cause it doesn't work I'd like to know how you reload it on your system (reinstalling all Spybot or adding Shredder in some other ways).
Thanks for your attention

Hi Mega,
I don't know what McAfee meant by that but I just used the "Restore" in McAfee and it put it back where it was, in C:\Program Files\Spybot-Search & Destroy\SDShred.exe (Vista). My computer did not :bomb:. Do you think McAfee just does not like Spybot:tease: Before I tried the restore I did copy the SDShred.exe file out of Spybot from my other computer and put it on disk and was going to copy it into Spybot on this computer instead of reinstalling it. Its a standalone program so it should work. But then I found the restore setting.

Spybotsandra gave you the links to uninstall and reinstall if need be. But the restore should work fine. In my right-click menu I have Scan with Malwarebytes, Spybot and McAfee for individual files. So after I restored it, just to be on the safe side:), I scanned with each one and the file is just fine. Then just scanned my whole system. All is well.

I have DAT 5942 from 4/5/10 and still so far no infections. I did finally get a response from McAfee in their community yesterday but that was links to how to submit a file and two other links for something else, I forgot what they were now. So they aren't actually telling you anything but to submit the file.

At least its fixed now and glad its over. Everyone have a great day.:beerbeerb:
 
Succesfully restored

Eric, thanks for Your time.
I restored succesfully SHREDDER, at it likes to be all OK.
It seems like a joke as Mcafee tech support said "yes, you can try to restore, but maybe it will not work properly (WHY???) and your system could become unstable".
I restored it and it works. No trouble. Bah!!
Anyway still no payment new from Mcafee on my mail: but instead a free new directly from Sandra on my personal mail. That's incredible: not only Sandra found time to write on this forum but also wrote me personally. And it's all free: Spybot it's really another world.
Thank You all at Spybot for Your continuous work.

(May You) live long and prosper
 
Mega - Successfully Restored

Hi,

That is fantastic. Mega, you are quite welcome. No problem. Glad I could help in a small way.

I restored it and it works. No trouble. Bah!!

LOL. That is funny. Double Bah!!!
That would be a very sick joke.

Yes, this forum is the best. They are all very helpful.

Be safe out there.
 
Back
Top