dr web -trojan.startpage.1505

Discussion in 'other anti-virus software' started by argus tuft, Jan 15, 2007.

Thread Status:
Not open for further replies.
  1. argus tuft

    argus tuft Registered Member

    Joined:
    Sep 20, 2006
    Posts:
    280
    Location:
    Australia
    Hi, Pretty much every time i scan w/ dr web cureit, it detects .trojan.StartPage.1505 in spybots snapshots, and also scattered through system restore. In the spybot snapshots trojan, the actual file name is RegUPB2b-user name.reg
    Scanning it with virus total only drweb shows this all others show it to be clean... I have sent the sample at least 3 times to dr web requesting that they let me know whether it's a fp or not, they have never replied... Has anyone else had this 'detection' and is it a 'real' problem or just a fp?
    Thanks :)
     
  2. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Hi Argus Tuft,
    I've got Cureit installed also, it appears to rely on a well developed sense of heuristics and so probably detected this based on behaviour. Seems like a FP alright. I have had a similar situation,(sp_rsser.exe) and the issue was resolved about three days after sending them the information.
     
  3. argus tuft

    argus tuft Registered Member

    Joined:
    Sep 20, 2006
    Posts:
    280
    Location:
    Australia
    Hi Tarq57,
    I first submitted it at least 3-4 weeks ago...
    Do you know whether they have a policy of only replying if its a real threat?
    As you say, it's most likely a(n) fp, but it'd be nice to be sure.
     
  4. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Don't know, sorry. I found the site to ask about FP's from the forum, where they do reply.
    Try updating it in a day or three, see if it still reports it as a virus.
    I agree, it would be nice to know.
     
  5. tsilo

    tsilo Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    376
    I hade same story 3 weeks ago and cure-it detected the same faile as trojan.startpage.1505 , it was registy file, I think only Dr.Web can detect such files as torojan... :thumbd:
    It;s false positiv!
     
  6. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    it could be a false positive, but i dont really understand the spybot program, all i know is on installation of spybot, there is nothing detected with drweb during installation or scan.

    maybe these snapshots arrive later?, as i said.. dont know.

    you must remember though, that its only 2 weeks into the new year, they probably have a backlog of submitted files, and probably didnt start taking christmas breaks till after new year either.
     
  7. argus tuft

    argus tuft Registered Member

    Joined:
    Sep 20, 2006
    Posts:
    280
    Location:
    Australia
    Thanks everyone for your input, I'm happy to report that Dr Web answered my latest email, and it is indeed a false positive.(phew) Apparently they have already fixed it. :)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.