Beta Signatures

Discussion in 'ewido anti-spyware beta forum' started by peter.ewido, Feb 4, 2006.

Thread Status:
Not open for further replies.
  1. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    As we will soon release an updated version of our database, it would be very nice if some of you could do some testscans to check for false positives... :)

    The setup contains the new database, it will delete all old signatures, install the new database and disable the automatic updates (if enabled). This is because as soon as you run an update, the beta database will be replaced with the current database. Therefore, if you want to switch back to the current database after testing, the only thing you have to do is to enable the automatic updates again or manually run an online-update.

    http://download.ewido.net/ewido-beta-signatures.exe

    This database is only for false positive testings. It should NOT be used for any other purpose. You should IGNORE everything that has been found and NOT clean/delete any of the detected files.

    It would be nice if you could post a scan log in this thread so we can select possibly false positives for submission.

    Thanks a lot :)
     
  2. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Hi Pete,

    Installed 1000.dat (German lang).
    Will let you know whats coming up.
    Best regards,

    gerard
     
  3. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Hi,

    Scanlog:

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 22:43:16, 4-2-2006
    + Report-Checksum: 34A0B650

    + Scan result:

    HKU\S-1-5-21-3421531514-2068777321-1300136471-1006\Software\Maxthon -> Adware.CramToolbar : Ignored
    HKU\S-1-5-21-3421531514-2068777321-1300136471-1006\Software\Maxthon\Dync -> Adware.CramToolbar : Ignored
    :mozilla.31:C:\Documents and Settings\my name\Application Data\Mozilla\Firefox\Profiles\2699jbch.default\cookies.txt -> Spyware.Cookie.Com : Ignored
    :mozilla.33:C:\Documents and Settings\my name\Application Data\Mozilla\Firefox\Profiles\2699jbch.default\cookies.txt -> Spyware.Cookie.Com : Ignored


    ::Report End

    In the attached status you'll see 7 items, but three I had already.
    Regards,

    Gerard
     

    Attached Files:

  4. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Hi Peter:

    Here is my scan Report!! Over 600,000 Objects Scanned!

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 9:17:52 PM, 04/02/2006
    + Report-Checksum: B0876D4D

    + Scan result:

    C:\Documents and Settings\My Name\Cookies\My Name @atdmt[2].txt[/email] -> Spyware.Cookie.Atdmt : Ignored
    C:\Documents and Settings\My Name\Cookies\My Name @targetnet[1].txt[/email] -> Spyware.Cookie.Targetnet : Ignored
    C:\Documents and Settings\My Name\Cookies\My Name @tribalfusion[2].txt[/email] -> Spyware.Cookie.Tribalfusion : Ignored


    ::Report End

    Cheers,
     
  5. Brandon

    Brandon Registered Member

    Joined:
    Sep 9, 2005
    Posts:
    222
    Hey Peter,

    Heres my log.

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 8:26:25 PM, 2/4/2006
    + Report-Checksum: 2052BFE8

    + Scan result:

    :mozilla.46:C:\Documents and Settings\My Name\Application Data\Mozilla\Firefox\Profiles\ggbpxczv.default\cookies-1.txt -> Spyware.Cookie.Burstnet : Ignored
    :mozilla.47:C:\Documents and Settings\My Name\Application Data\Mozilla\Firefox\Profiles\ggbpxczv.default\cookies-1.txt -> Spyware.Cookie.Burstnet : Ignored
    :mozilla.52:C:\Documents and Settings\My Name\Application Data\Mozilla\Firefox\Profiles\ggbpxczv.default\cookies-1.txt -> Spyware.Cookie.Burstbeacon : Ignored


    ::Report End
     
  6. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,449
    Location:
    North Carolina, USA
    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 22:14:25, 2/4/2006
    + Report-Checksum: 715D8103

    + Scan result:

    E:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Ignored


    ::Report End
     
  7. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Here you have my report:
    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 12:01:21, 05-02-2006
    + Report-Checksum: E0B45DCB

    + Scan result:

    HKU\S-1-5-21-484763869-1993962763-854245398-1003\Software\Maxthon -> Adware.CramToolbar : Ignored
    HKU\S-1-5-21-484763869-1993962763-854245398-1003\Software\Maxthon\Dync -> Adware.CramToolbar : Ignored
    C:\Program Files\NOD32\infected\2YUZAVCA.NQF -> Worm.NetSky.d : Ignored
    C:\Program Files\ScreenshotCaptor\KeyHook.dll -> Trojan.Mulin.a : Ignored
    D:\Software\Internet\E-mail\Mail PassView 1.34.zip/mailpv.exe -> Not-A-Virus.PSWTool.Win32.MailPassView.130 : Ignored
    D:\Software\Multimedia\Graphic\Graphic Capture\Screenshot Captor 2.11.01 beta.rar/ScreenshotCaptorSetup.exe/KeyHook.dll -> Trojan.Mulin.a : Ignored
    D:\Software\Security\Anti-Malware\Trojan Simulator.zip/TrojanSimulator.exe -> Not-A-Virus.Test.TrojanSimulator : Ignored
    D:\Software\Security\Anti-Malware\Trojan Simulator.zip/TSServ.exe -> Not-A-Virus.Test.TrojanSimulator : Ignored
    D:\Software\System\OS Enhancements\Protected Storage PassView 1.61.zip/pspv.exe -> Not-A-Virus.PSWTool.Win32.PassView.a : Ignored
    D:\Software\System\System Miscellaneous\RockXP 3.0.zip/RockXP 3.0.exe/xpkey.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Ignored
    D:\Software\System\System Miscellaneous\RockXP 3.0.zip/RockXP 3.0.exe/keyms.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Ignored
    D:\Software\System\System Miscellaneous\RockXP 3.0.zip/RockXP 3.0.exe/RAS.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Ignored


    ::Report End
     
  8. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    This probably won't help that much, but the signatures detected nothing :thumb: . Here is my report:

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 1:49:32 PM, 2/5/2006
    + Report-Checksum: 2EDDD5A0

    + Scan result:

    No infected objects found.


    ::Report End
     
  9. EZRyderNHawaii

    EZRyderNHawaii Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    1
    Location:
    Honolulu, HI
    From my system:
    WinXP Pro 2, EZArmor, AdAware, a2, SpyBot

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 05:14:42, 2/7/2006
    + Report-Checksum: CC3F97D4

    + Scan result:

    HKU\S-1-5-21-436374069-1965331169-1801674531-1003\Software\Maxthon -> Adware.CramToolbar : Ignored


    ::Report End
     
  10. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    No False positives after beta scan :(
     
  11. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    Poor Bubba :D
    In the meantime, the sigs have been released as final, thanks all for testing :)
     
  12. Brandon

    Brandon Registered Member

    Joined:
    Sep 9, 2005
    Posts:
    222
    I actually did another scan but it only still picked up cookies :p

    Any more beta signatures?
     
Thread Status:
Not open for further replies.