Spy Sweeper FP? sdbot

Discussion in 'other anti-malware software' started by betauser2, Jan 2, 2006.

Thread Status:
Not open for further replies.
  1. betauser2

    betauser2 Guest

    hi all, i have just done a fresh reinstall of XP this weekend and today i updated and ran spy sweeper. it found one item sdbot as adiras.ini

    http://img443.imageshack.us/img443/4303/spysweeper7hx.jpg

    adiras.exe (any relation?) is on my startup list and after googling i found that this was related to my adsl modem (usb). Is a false alarm?

    thanks

    betauser2

    Note there are two traces of this the second on my Firstdefence-ISR snapshot.
     
    Last edited by a moderator: Jan 2, 2006
  2. betauser2

    betauser2 Guest

    right i have checked the adiras.ini hat spy sweeper flagged as sdbot on both virustotal and jotti's nothing was detected.

    also converted it into a text file (with txt extension) and this is what i can read

    [RASSettingNT]
    Device="USB ADSL WAN Adapter"
    DeviceType=ISDN
    PhoneNumber=adsl
    ConnectionName=Internet ADSL
    ShortcutName=Internet ADSL
    [RASSetting9X]
    Device="USBADSL-LINE0"
    DeviceType=ISDN
    PhoneNumber=adsl
    ConnectionName=Internet ADSL
    ShortcutName=Internet ADSL
    [Connection]
    ShortcutName=Connection
    FolderName=
    IconConnection=

    can i conclude this as a false positive?

    this is how webroot define it

    "TROJAN HORSE Description: Name:SDBot Author: Category: Trojan Horse Threat Assessment: Critical" more info @ http://www.webroot.com/php/spysweeper_spydesc.php

    anyone else encountered this? :doubt:

    i will ignore it for now, unless someone objects

    betauser2
     
  3. Pedant

    Pedant Registered Member

    Joined:
    Feb 24, 2006
    Posts:
    1
    I`ve just had the exactly the same experience with webroot.I checked the date that adiras.ini was created.It was the same date I got my adsl modem.;)
     
  4. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,639
    if u wish, u may post about this false positive at the castlecops forum, in the spysweeper section.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.