Tried "flavor of the month" (Trend-Micro Anti Spyware) & it had 100% FP rating I believe: 5 results/5 Fps. It showed legit apps as trojans, dialers, porno, etc.

Then, venerable Spybot also proclaimed an eSellerate (Registry) entry as being "true sword" (or I think that was the name) and I know not what that is, as Spybot also had no info on it. And, if that's the right name, that also appears to be a security app, from search I just did. So, now I'm a bit confused...

But, tell me please: am I wrong? I buy lots of stuff online, and eSellerate is a vendor often used: are they an "icky-sneaky" outfit, and their entry should NOT BE in the registry, then?

Thanks for any help/info, SG1 (Pat)

-{ Quote: "Then, venerable Spybot also proclaimed an eSellerate (Registry) entry as being "true sword" (or I think that was the name)" }-Since "True Sword" was added to Spybot's database in their July 28th update perhaps it is an FP and as such has not made the rounds in other forums. Having said that....would you mind going into Spybot and select Mode\Advanced mode if not already selected and then select Tools\View Report and View previous report. Select the date of the .log file that showed the eSellerate find and post the portion of the log that shows the registry entry location Please. If it turns out to be an FP I would suggest you create a thread at the official Spybot Forum and in particular their False Positives Forum (http://forums.spybot.info/forumdisplay.php?f=16) to inform them.

Bubba

--- Search result list ---
True Sword: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\eSellerateControl.350

True Sword: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\eSellerateControl.350.1

True Sword: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{25982EAA-87CC-4747-BE09-9913CF7DD2F1}

Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

SG1 (Pat)

-{ Quote: "
True Sword: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\eSellerateControl.350

True Sword: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\eSellerateControl.350.1" }-While I am not sure yet why the Spybot Team did not add info concerning those entries....I will say that their find of a possible True Sword infiltration appears to me to be legitimate since those are just some of the registry entries the actual True Sword ma;ware does add as noted in the Technical Details (http://www.symantec.com/security_response/writeup.jsp?docid=2006-062816-5804-99&tabid=2) of True Sword as outlined by Symantec Research.

-{ Quote: "4. Adds the following registry subkeys, which are related to the legitimate eSellerate component:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25982EAA-87CC-4747-BE09-9913CF7DD2F1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A3E27DCE-DD77-49F4-B566-03FA894C8308}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1E958A86-A23B-4659-A6AE-BD85FCD1D544}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eSellerateControl.350
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eSellerateControl.350.1" }-However....if I was an eSellerate user I would not be viewing Spybot's find as a False Positive but as an informational find that could be related to a True Sword infiltration.

Bubba

Yeah, well, here's the kicker: if you Google on True Sword, among other things, you'll find a downoad for it at...

http://www.pcworld.com/downloads/file/fid,26021;order,1;page,1;c,All%20Downloads/description.html

And, True Sword supposedly shot by the 9-12 security apps I run? If so, and it was never noticed by anything (but Spybot), well, I'll throw in the towel I guess. Damn.

I should let Spybot loose on this then, & see how it goes, Bubba?

Thanks, SG1 (Pat)

-{ Quote: "And, True Sword supposedly shot by the 9-12 security apps I run?" }-I'm not understanding why you feel True Sword "shot by the 9-12 security apps" :-\

Spybot found entries that are related to eSellerate only and if by chance you read the Symantec link mentioned above....which is also the link poster md usa spybot fan gave in your thread (http://forums.spybot.info/showthread.php?t=6224) at the Spybot Forums....you'll see that there is a relationship between eSellerate and True Sword but IMHO that's where the story ends. You do not have True Sword entries that are part of that software program but entries in the registry of eSellerate which as you said "you buy lots of stuff online, and eSellerate is a vendor often used".

My suggestion is to utilize the ignore feature provided in the Spybot program concerning that eSellerate entry that Spybot is reporting as True Sword.

For those following this thread....the Spybot Team has determined the eSellerate registry entries were indeed FP's.

http://forums.spybot.info/showthread.php?t=6224

-{ Quote: "I can confirm that there is a False Positive in the detection. It will be removed with the next update scheduled for the end of the week" }-