Need User Feedback: Wordpad.exe, infected by "Fraud.MySecurityEngine"?

G

Grand_Duc

New member
Hello!

The title shows the main theme of my problem: I wanted to use Wordpad some minutes ago. My Spybot S&D thought that it would be useful to terminate the process, saying that "Fraud.MySecurityEngine" was found.

The corresponding log line reads:
24.09.2010 09:55:20 Encountered and terminated Fraud.MySecurityEngine in C:\Programme\Windows NT\Zubehör\wordpad.exe!
Click to expand...

My system is build as follows
XP SP3,
latest updates of S S&D applied
Avira Antivirus Personal edition with the latest updates applied running.
Click to expand...

As my Antivirus guard remained silent, I'm somewhat puzzled, especially since googling with
wordpad spybot "Fraud.MySecurityEngine"
Click to expand...
returned zero results. Has annybody a clue what happened here?

Greets, Grand-Duc
 
You might try submitting wordpad.exe to VirusTotal where it will be scanned by multiple antivirus programs. Post the results link back here.

Were you attempting to load a downloaded document into Wordpad when you got the alert? Older versions of Wordpad had a vulnerability in which an infected document could cause problems.
 
Advice followed, here is the link, there seems to be no positive result.

I wasn't trying to load/open a document into wordpad, I wanted a blank page to paste a text that I was about to post in a forum to preview it.

Thanks for help!

Grand-Duc
 
It's looking like a false positive. Does a Right Click scan of wordpad.exe with SpyBot S&D give the same result?

I'm running WinXP SP3 using SpyBot S&D 1.6.2.46 fully updated, and receive no alert with the right click scan. I have the English install of Windows, so that might be the reason. The wordpad.exe filesize and checksums are different.
 
I hope that I understood correctly that you expect this report here. Well, here it comes:

- Win XP SP3, german, fully updated.
- Browsers: IE7, FF 3.6.6, Opera 10.61, I use Firefox as main browser (but is this important here? My browsers weren't affected, AFAIK)
- Spybot S&D 1.6.2.46, latest update from September 22nd, 2010

I do not have a context menu entry for scanning with Spybot (I'm wondering why, I'm recalling that I've seen it sometimes ago, but possibly previous to my system rebuild).

To "where did the event occur", well, as said above, I wanted to preview a text typed in a forum post editor, so I copied it, went to the accessories entry in the Start menu and clicked on Wordpad to past it there. At this moment, the resident wanted to block the process "Wordpad.exe", I've overruled this by allowing it manually, being confident that my antivirus would have reacted in case of a real danger.

Nevertheless, here are 2 logfiles:

View attachment 5810, the resident log,
View attachment 5811, the current search log (from a search finished some minutes ago).

Greets, Grand-Duc
 
it appears that something is interfering with the TeaTimer which causes this false positive. Please make sure to only use one active background protection, if you use only the TeaTimer make sure to reboot after a Spybot S&D update or restart the TeaTimer.

If you wish to permanently disable the TeaTimer follow these steps:
  • start Spybot S&D
  • switch into advanced mode
  • navigate to Tools - Resident
  • disable the checkbox for Resident TeaTimer to shutdown the TeaTimer and remove it from system start
 
You must log in or register to reply here.
Back
Top