Spy Sweeper FP? sdbot

Discussion in 'other anti-malware software' started by betauser2, Jan 2, 2006.

Thread Status:
Not open for further replies.
  1. betauser2

    betauser2 Guest

    hi all, i have just done a fresh reinstall of XP this weekend and today i updated and ran spy sweeper. it found one item sdbot as adiras.ini

    http://img443.imageshack.us/img443/4303/spysweeper7hx.jpg

    adiras.exe (any relation?) is on my startup list and after googling i found that this was related to my adsl modem (usb). Is a false alarm?

    thanks

    betauser2

    Note there are two traces of this the second on my Firstdefence-ISR snapshot.
     
    Last edited by a moderator: Jan 2, 2006
  2. betauser2

    betauser2 Guest

    right i have checked the adiras.ini hat spy sweeper flagged as sdbot on both virustotal and jotti's nothing was detected.

    also converted it into a text file (with txt extension) and this is what i can read

    [RASSettingNT]
    Device="USB ADSL WAN Adapter"
    DeviceType=ISDN
    PhoneNumber=adsl
    ConnectionName=Internet ADSL
    ShortcutName=Internet ADSL
    [RASSetting9X]
    Device="USBADSL-LINE0"
    DeviceType=ISDN
    PhoneNumber=adsl
    ConnectionName=Internet ADSL
    ShortcutName=Internet ADSL
    [Connection]
    ShortcutName=Connection
    FolderName=
    IconConnection=

    can i conclude this as a false positive?

    this is how webroot define it

    "TROJAN HORSE Description: Name:SDBot Author: Category: Trojan Horse Threat Assessment: Critical" more info @ http://www.webroot.com/php/spysweeper_spydesc.php

    anyone else encountered this? :doubt:

    i will ignore it for now, unless someone objects

    betauser2
     
  3. Pedant

    Pedant Registered Member

    Joined:
    Feb 24, 2006
    Posts:
    1
    I`ve just had the exactly the same experience with webroot.I checked the date that adiras.ini was created.It was the same date I got my adsl modem.;)
     
  4. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    if u wish, u may post about this false positive at the castlecops forum, in the spysweeper section.
     
Loading...
Similar Threads
  1. FanJ
    Replies:
    10
    Views:
    786
Thread Status:
Not open for further replies.