SpywareBlaster Need Developer Help

[_Kim_]

Hello,
At this moment I'm getting help from a security expert on an issue I'm having with an alternate data stream. We are investigating the file 5C321E34.tmp that can be found in the /ProgramData/TEMP and Users/All Users/TEMP directories. I found a link when reseraching this file that states it is created by SpywareBlaster, can a developer confirm or deny this please, because I dont want to waste this guys time on a false positive.

Thank you. Kim.

[Cudni]

Looking at a thread here it seems OA is detecting it
http://support.tallemu.com/vbforum/s...142#post126142
and at linked comment
http://support.tallemu.com/vbforum/s...76&postcount=2

it sounds more like an FP. What other software did you use to scan the machine? What makes you think SB is creating the file?

[_Kim_]

The first link you posted was created by me and yes OA++ has detected it. OTL and ADSspy are both detecting it also, the reason I think it was created by SpywareBlaster is this thread http://www.wilderssecurity.com/showthread.php?t=218483 It makes alot of sense for it to be a FP but I just want it confirmed.

[Cudni]

Thanks for the link. I see it on Win7 as well. I have deleted the file and on SB restart the file comes back.

[_Kim_]

Interesting Cudni, can I ask if you used ADSspy to scan for it? Alternate data streams can not be seen by explorer even with "show hidden files and folders" "hide protected operating system files" selected/unselected. I'm using Vista myself, there could be some difference there too.

[Cudni]

No, I used AlternateStreamView from Nirsoft

[_Kim_]

Well after a bit more work it seems I have a result, I would like it confirmed by a member of the developement team just to be sure.

Without SpywareBlaster.
http://img155.imageshack.us/img155/293/proofmi.jpg

With SpywareBlaster.
http://img64.imageshack.us/img64/9219/proof2z.jpg