FPs, I trust?

Discussion in 'other anti-malware software' started by SG1, Jul 30, 2006.

Thread Status:
Not open for further replies.
  1. SG1

    SG1 Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    430
    Tried "flavor of the month" (Trend-Micro Anti Spyware) & it had 100% FP rating I believe: 5 results/5 Fps. It showed legit apps as trojans, dialers, porno, etc.

    Then, venerable Spybot also proclaimed an eSellerate (Registry) entry as being "true sword" (or I think that was the name) and I know not what that is, as Spybot also had no info on it. And, if that's the right name, that also appears to be a security app, from search I just did. So, now I'm a bit confused...

    But, tell me please: am I wrong? I buy lots of stuff online, and eSellerate is a vendor often used: are they an "icky-sneaky" outfit, and their entry should NOT BE in the registry, then?

    Thanks for any help/info, SG1 (Pat)
     
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Since "True Sword" was added to Spybot's database in their July 28th update perhaps it is an FP and as such has not made the rounds in other forums. Having said that....would you mind going into Spybot and select Mode\Advanced mode if not already selected and then select Tools\View Report and View previous report. Select the date of the .log file that showed the eSellerate find and post the portion of the log that shows the registry entry location Please. If it turns out to be an FP I would suggest you create a thread at the official Spybot Forum and in particular their False Positives Forum to inform them.

    Bubba
     
  3. SG1

    SG1 Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    430
    --- Search result list ---
    True Sword: Root class (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\eSellerateControl.350

    True Sword: Root class (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\eSellerateControl.350.1

    True Sword: Class ID (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{25982EAA-87CC-4747-BE09-9913CF7DD2F1}

    Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2


    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    SG1 (Pat)
     
  4. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    While I am not sure yet why the Spybot Team did not add info concerning those entries....I will say that their find of a possible True Sword infiltration appears to me to be legitimate since those are just some of the registry entries the actual True Sword ma;ware does add as noted in the Technical Details of True Sword as outlined by Symantec Research.

    However....if I was an eSellerate user I would not be viewing Spybot's find as a False Positive but as an informational find that could be related to a True Sword infiltration.

    Bubba
     
  5. SG1

    SG1 Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    430
  6. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    I'm not understanding why you feel True Sword "shot by the 9-12 security apps" :doubt:

    Spybot found entries that are related to eSellerate only and if by chance you read the Symantec link mentioned above....which is also the link poster md usa spybot fan gave in your thread at the Spybot Forums....you'll see that there is a relationship between eSellerate and True Sword but IMHO that's where the story ends. You do not have True Sword entries that are part of that software program but entries in the registry of eSellerate which as you said "you buy lots of stuff online, and eSellerate is a vendor often used".

    My suggestion is to utilize the ignore feature provided in the Spybot program concerning that eSellerate entry that Spybot is reporting as True Sword.
     
  7. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    For those following this thread....the Spybot Team has determined the eSellerate registry entries were indeed FP's.

    http://forums.spybot.info/showthread.php?t=6224

     
Loading...
Thread Status:
Not open for further replies.