dr web -trojan.startpage.1505

Discussion in 'other anti-virus software' started by argus tuft, Jan 15, 2007.

Thread Status:
Not open for further replies.
  1. argus tuft

    argus tuft Registered Member

    Joined:
    Sep 20, 2006
    Posts:
    280
    Location:
    Australia
    Hi, Pretty much every time i scan w/ dr web cureit, it detects .trojan.StartPage.1505 in spybots snapshots, and also scattered through system restore. In the spybot snapshots trojan, the actual file name is RegUPB2b-user name.reg
    Scanning it with virus total only drweb shows this all others show it to be clean... I have sent the sample at least 3 times to dr web requesting that they let me know whether it's a fp or not, they have never replied... Has anyone else had this 'detection' and is it a 'real' problem or just a fp?
    Thanks :)
     
  2. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Hi Argus Tuft,
    I've got Cureit installed also, it appears to rely on a well developed sense of heuristics and so probably detected this based on behaviour. Seems like a FP alright. I have had a similar situation,(sp_rsser.exe) and the issue was resolved about three days after sending them the information.
     
  3. argus tuft

    argus tuft Registered Member

    Joined:
    Sep 20, 2006
    Posts:
    280
    Location:
    Australia
    Hi Tarq57,
    I first submitted it at least 3-4 weeks ago...
    Do you know whether they have a policy of only replying if its a real threat?
    As you say, it's most likely a(n) fp, but it'd be nice to be sure.
     
  4. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Don't know, sorry. I found the site to ask about FP's from the forum, where they do reply.
    Try updating it in a day or three, see if it still reports it as a virus.
    I agree, it would be nice to know.
     
  5. tsilo

    tsilo Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    376
    I hade same story 3 weeks ago and cure-it detected the same faile as trojan.startpage.1505 , it was registy file, I think only Dr.Web can detect such files as torojan... :thumbd:
    It;s false positiv!
     
  6. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    it could be a false positive, but i dont really understand the spybot program, all i know is on installation of spybot, there is nothing detected with drweb during installation or scan.

    maybe these snapshots arrive later?, as i said.. dont know.

    you must remember though, that its only 2 weeks into the new year, they probably have a backlog of submitted files, and probably didnt start taking christmas breaks till after new year either.
     
  7. argus tuft

    argus tuft Registered Member

    Joined:
    Sep 20, 2006
    Posts:
    280
    Location:
    Australia
    Thanks everyone for your input, I'm happy to report that Dr Web answered my latest email, and it is indeed a false positive.(phew) Apparently they have already fixed it. :)
     
Loading...
Similar Threads
  1. parham
    Replies:
    5
    Views:
    786
Thread Status:
Not open for further replies.