Different scanning results between Windows Defender and other programs:

Spybot
Smitfraud-C.Toolbar 888

Ad-aware (Full Scan)
Win32.Trojandownloader.zlob

Windows Defender (Full Scan)
Nothing.

Come on! Any suggestions?

Thanks!
Joaquin.

Hello Joaquin,

Go to Jotti's site
http://virusscan.jotti.org/
In the file to upload area press Browse then follow the path to the exe file :
Then press Submit and copy and paste the results to notepad and save them so
you can post back the results if needed.

For the benefit of the community reading this post, please rate the pºst.

I hope this post is helpful.

Let us know how it works ºut.

Еиçеl
--

"Joaquin" wrote:

> Different scanning results between Windows Defender and other programs:
>
> Spybot
> Smitfraud-C.Toolbar 888
>
> Ad-aware (Full Scan)
> Win32.Trojandownloader.zlob
>
> Windows Defender (Full Scan)
> Nothing.
>
> Come on! Any suggestions?
>
> Thanks!
> Joaquin.

Submit it via the process noted in Windows Defender Help, or here:
Report a possible spyware problem to Microsoft
http://www.microsoft.com/athome/secu...rtspyware.mspx

Is Ad-Aware updated
http://www.microsoft.com/communities...2-278429673fe4


"Joaquin" wrote:

> Different scanning results between Windows Defender and other programs:
>
> Spybot
> Smitfraud-C.Toolbar 888
>
> Ad-aware (Full Scan)
> Win32.Trojandownloader.zlob
>
> Windows Defender (Full Scan)
> Nothing.
>
> Come on! Any suggestions?
>
> Thanks!
> Joaquin.

Engel's posted the links for getting things submitted--please do it, if
possible.
--

"Joaquin" <(E-Mail Removed)> wrote in message
news:F99A595F-B301-4D4B-AAA1-(E-Mail Removed)...
> Different scanning results between Windows Defender and other programs:
>
> Spybot
> Smitfraud-C.Toolbar 888
>
> Ad-aware (Full Scan)
> Win32.Trojandownloader.zlob
>
> Windows Defender (Full Scan)
> Nothing.
>
> Come on! Any suggestions?
>
> Thanks!
> Joaquin.

Hello Bill,

My WD runs each morning at 2:00 AM or so. And I have Spybot scheduled to run
3 times a week.

Earlier this morning, Spybot ran 2 hours later than WD and picked up 3
instances of malware that WD did not report on. These are the items, below.

Alan

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Company:
Product: ErrorSafe
Threat: Malware

Description
ErrorSafe pretends to be an antivirus programm. It mainly appears in
connection with a Smitfraud-C infection
and is praised on a blue screen. Having installed the software one has to
accept an insufficient Privacy. There
is no button to deny this privacy. A scan with ErrorSafe reveals several
problems that allegedly need to be
removed urgently in order to rescue the computer. At this point the user is
requested to buy the whole
program for an unacceptable price.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Company:
Product: MediaMotor
Threat: Malware

Description
Gets installed through trojan horses. Loads popup windows on the desktop
without user consent.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Company:
Product: SystemDoctor2006
Threat: Trojan

Description
This startup entry is started automatically in Autorun in the registry,
copies itself to the system folder without
giving the user a possibility to cancel that process. Also downloads and
installs Smitfraud-C., Huntbar, Tango
etc.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

"Bill Sanderson MVP" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Engel's posted the links for getting things submitted--please do it, if
> possible.
> --
>
> "Joaquin" <(E-Mail Removed)> wrote in message
> news:F99A595F-B301-4D4B-AAA1-(E-Mail Removed)...
>> Different scanning results between Windows Defender and other programs:
>>
>> Spybot
>> Smitfraud-C.Toolbar 888
>>
>> Ad-aware (Full Scan)
>> Win32.Trojandownloader.zlob
>>
>> Windows Defender (Full Scan)
>> Nothing.
>>
>> Come on! Any suggestions?
>>
>> Thanks!
>> Joaquin.
>
>

Hmm--maybe I need to backtrack a bit. Spybot has been having a run of false
positives lately. If these detections have suddenly appeared on an
otherwise clean system without your knowingly having done something which
might have resulted in these files being place on the system, perhaps this
is a false positive. I haven't been tracking the details of Spybot
lately--too busy with real work.

So--If you can find the actual files related to these detections, and if you
can get confirmation, say, from virustotal or some other online scanner that
these are bad files, and if WD isn't detecting them--submit them! Lot of
ifs there, though.....

--

"Alan" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Hello Bill,
>
> My WD runs each morning at 2:00 AM or so. And I have Spybot scheduled to
> run 3 times a week.
>
> Earlier this morning, Spybot ran 2 hours later than WD and picked up 3
> instances of malware that WD did not report on. These are the items,
> below.
>
> Alan
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Company:
> Product: ErrorSafe
> Threat: Malware
>
> Description
> ErrorSafe pretends to be an antivirus programm. It mainly appears in
> connection with a Smitfraud-C infection
> and is praised on a blue screen. Having installed the software one has to
> accept an insufficient Privacy. There
> is no button to deny this privacy. A scan with ErrorSafe reveals several
> problems that allegedly need to be
> removed urgently in order to rescue the computer. At this point the user
> is requested to buy the whole
> program for an unacceptable price.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Company:
> Product: MediaMotor
> Threat: Malware
>
> Description
> Gets installed through trojan horses. Loads popup windows on the desktop
> without user consent.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Company:
> Product: SystemDoctor2006
> Threat: Trojan
>
> Description
> This startup entry is started automatically in Autorun in the registry,
> copies itself to the system folder without
> giving the user a possibility to cancel that process. Also downloads and
> installs Smitfraud-C., Huntbar, Tango
> etc.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> "Bill Sanderson MVP" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Engel's posted the links for getting things submitted--please do it, if
>> possible.
>> --
>>
>> "Joaquin" <(E-Mail Removed)> wrote in message
>> news:F99A595F-B301-4D4B-AAA1-(E-Mail Removed)...
>>> Different scanning results between Windows Defender and other programs:
>>>
>>> Spybot
>>> Smitfraud-C.Toolbar 888
>>>
>>> Ad-aware (Full Scan)
>>> Win32.Trojandownloader.zlob
>>>
>>> Windows Defender (Full Scan)
>>> Nothing.
>>>
>>> Come on! Any suggestions?
>>>
>>> Thanks!
>>> Joaquin.
>>
>>
>
>

Always go to the forum/newsgroup of the organization supporting the
application in question, not here since no one's up on everything (except me,
but I'm not always here cause I'm reading there, or there, or over there...
;>)

I was a busy weekend with false positives everywhere.

Spybot Search & Destroy False Positives forum
http://forums.spybot.info/forumdisplay.php?f=16

Sun Java Update 9 Detected as SystemDoctor2006 - (also ErrorSafe and
MediaMotor)
http://forums.spybot.info/showthread.php?t=8882

There are also some issues with Smitfraud-C, but the Toolbar 888 are
sometimes real, so this requires more in depth checking. They'll do this for
free (optional donation) in the Spybot Search & Destroy Malware Removal forum
for any infection:
http://forums.spybot.info/forumdisplay.php?f=22

When posting in Malware Removal always follow this thread:
"BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D
http://forums.spybot.info/showthread.php?t=288

Bitman

"Alan" wrote:

> Hello Bill,
>
> My WD runs each morning at 2:00 AM or so. And I have Spybot scheduled to run
> 3 times a week.
>
> Earlier this morning, Spybot ran 2 hours later than WD and picked up 3
> instances of malware that WD did not report on. These are the items, below.
>
> Alan
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Company:
> Product: ErrorSafe
> Threat: Malware
>
> Description
> ErrorSafe pretends to be an antivirus programm. It mainly appears in
> connection with a Smitfraud-C infection
> and is praised on a blue screen. Having installed the software one has to
> accept an insufficient Privacy. There
> is no button to deny this privacy. A scan with ErrorSafe reveals several
> problems that allegedly need to be
> removed urgently in order to rescue the computer. At this point the user is
> requested to buy the whole
> program for an unacceptable price.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Company:
> Product: MediaMotor
> Threat: Malware
>
> Description
> Gets installed through trojan horses. Loads popup windows on the desktop
> without user consent.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Company:
> Product: SystemDoctor2006
> Threat: Trojan
>
> Description
> This startup entry is started automatically in Autorun in the registry,
> copies itself to the system folder without
> giving the user a possibility to cancel that process. Also downloads and
> installs Smitfraud-C., Huntbar, Tango
> etc.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> "Bill Sanderson MVP" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Engel's posted the links for getting things submitted--please do it, if
> > possible.
> > --
> >
> > "Joaquin" <(E-Mail Removed)> wrote in message
> > news:F99A595F-B301-4D4B-AAA1-(E-Mail Removed)...
> >> Different scanning results between Windows Defender and other programs:
> >>
> >> Spybot
> >> Smitfraud-C.Toolbar 888
> >>
> >> Ad-aware (Full Scan)
> >> Win32.Trojandownloader.zlob
> >>
> >> Windows Defender (Full Scan)
> >> Nothing.
> >>
> >> Come on! Any suggestions?
> >>
> >> Thanks!
> >> Joaquin.
> >
> >
>
>
>

Thanks for the Spybot link, Bitman. It appears that the Spybot results
yesterday morning were, indeed, false positives.

There was an upside though: My PC got scanned by 7 or 8 different apps. My
hard drive is breathing a sigh of relief after all that work. :>

Alan

"Bitman" <(E-Mail Removed)> wrote in message
news:B5232AF8-0CD3-4C55-89E3-(E-Mail Removed)...
> Always go to the forum/newsgroup of the organization supporting the
> application in question, not here since no one's up on everything (except
> me,
> but I'm not always here cause I'm reading there, or there, or over
> there...
> ;>)
>
> I was a busy weekend with false positives everywhere.
>
> Spybot Search & Destroy False Positives forum
> http://forums.spybot.info/forumdisplay.php?f=16
>
> Sun Java Update 9 Detected as SystemDoctor2006 - (also ErrorSafe and
> MediaMotor)
> http://forums.spybot.info/showthread.php?t=8882
>
> There are also some issues with Smitfraud-C, but the Toolbar 888 are
> sometimes real, so this requires more in depth checking. They'll do this
> for
> free (optional donation) in the Spybot Search & Destroy Malware Removal
> forum
> for any infection:
> http://forums.spybot.info/forumdisplay.php?f=22
>
> When posting in Malware Removal always follow this thread:
> "BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D
> http://forums.spybot.info/showthread.php?t=288
>
> Bitman
>
> "Alan" wrote:
>
>> Hello Bill,
>>
>> My WD runs each morning at 2:00 AM or so. And I have Spybot scheduled to
>> run
>> 3 times a week.
>>
>> Earlier this morning, Spybot ran 2 hours later than WD and picked up 3
>> instances of malware that WD did not report on. These are the items,
>> below.
>>
>> Alan
>>
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> Company:
>> Product: ErrorSafe
>> Threat: Malware
>>
>> Description
>> ErrorSafe pretends to be an antivirus programm. It mainly appears in
>> connection with a Smitfraud-C infection
>> and is praised on a blue screen. Having installed the software one has to
>> accept an insufficient Privacy. There
>> is no button to deny this privacy. A scan with ErrorSafe reveals several
>> problems that allegedly need to be
>> removed urgently in order to rescue the computer. At this point the user
>> is
>> requested to buy the whole
>> program for an unacceptable price.
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> Company:
>> Product: MediaMotor
>> Threat: Malware
>>
>> Description
>> Gets installed through trojan horses. Loads popup windows on the desktop
>> without user consent.
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>
>> Company:
>> Product: SystemDoctor2006
>> Threat: Trojan
>>
>> Description
>> This startup entry is started automatically in Autorun in the registry,
>> copies itself to the system folder without
>> giving the user a possibility to cancel that process. Also downloads and
>> installs Smitfraud-C., Huntbar, Tango
>> etc.
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>
>> "Bill Sanderson MVP" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>> > Engel's posted the links for getting things submitted--please do it, if
>> > possible.
>> > --
>> >
>> > "Joaquin" <(E-Mail Removed)> wrote in message
>> > news:F99A595F-B301-4D4B-AAA1-(E-Mail Removed)...
>> >> Different scanning results between Windows Defender and other
>> >> programs:
>> >>
>> >> Spybot
>> >> Smitfraud-C.Toolbar 888
>> >>
>> >> Ad-aware (Full Scan)
>> >> Win32.Trojandownloader.zlob
>> >>
>> >> Windows Defender (Full Scan)
>> >> Nothing.
>> >>
>> >> Come on! Any suggestions?
>> >>
>> >> Thanks!
>> >> Joaquin.
>> >
>> >
>>
>>
>>