Spybot 1.4 RC2 F/P

Discussion in 'Trojan Defence Suite' started by dog, Apr 29, 2005.

Thread Status:
Not open for further replies.
  1. dog

    dog Guest

    Hi All, ;)

    Just an FYI

    The latest Spybot (RC2) and using TDS latest Radius file
    Code:
    06:24:15 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
    06:24:24 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
    06:24:24 [Init] • Systems Initialised [53484 references - 27446 primaries/13812 traces/12226 variants/other]
    06:24:24 [Init] Radius Systems loaded. <Databases updated 29-04-2005>
    Flags the Spybot blindman.exe as RAT.Delf.we2
    Code:
    Scan Control Dumped @ 10:37:54 29-04-05
    Positive identification: RAT.Delf.we2
      File: c:\program files\spybot - search & destroy\blindman.exe
    
    I have submitted the file to DCS thru TDS-3 internal SMTP feature

    attached: screen shot of blindman's file properties

    Regards,

    Steve
     

    Attached Files:

  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    They got it fixed before....and I know they'll get it fixed again :cool:
     
  3. FanJ

    FanJ Guest

    Hi Steve,

    First of all of course: thanks ! ;)

    Steve,
    Have you checked it with the Radius-update of Friday 29-April-2005:
    [53638 references - 27561 primaries/13851 traces/12226 variants/other]

    I noticed that those are newer TDS-definitions than you posted ;)

    Sorry, at the moment I have not yet installed that Spybot 1.4 RC2.

    Warm regards, Jan.
     
  4. dog

    dog Guest

    No unfortunately the radius file I was using was from the day before, which I had updated ealy this morning my time (EST). And when you use a proxy for updates, the current date is loaded regardless of the actually radius file date. ;) I will update and rescan when I return home, I'm @ work ATM. :p ~Shhh don't tell the boss~ :ninja: :D
     
  5. FanJ

    FanJ Guest

    Hi Steve,

    Yep, I can confirm your alert ;)

    I did (as quick as possible) a new installation of Spybot 1.4 RC2 on my W98SE system.
    The MD5 checksum of the installation file:
    The file <D:\SpyBotSD\Version 1_4 RC2\spybotsd14rc2.exe> has the following Checksum(s)
    MD5 - B84ECFF06476E0FD975A6AE54A273963

    The MD5 checksum of blindman.exe:
    The file <C:\Program Files\Spybot - Search & Destroy\blindman.exe> has the following Checksum(s)
    MD5 - B6F987EF44A780E1CBB3C277810F7FC1

    My TDS-3 definitions:
    [53638 references - 27561 primaries/13851 traces/12226 variants/other]

    And the scandump with respect to that Spybot S&D file:
    Scan Control Dumped @ 02:44:18 30-04-05
    Positive identification: RAT.Delf.we2
    File: c:\program files\spybot - search & destroy\blindman.exe

    ======

    Well, as Bubba already also mentioned ;) :
    I am sure that Gavin will have a look at it after the weekend, and will fix it :D

    Cheers, Jan.
     
  6. dog

    dog Guest

    OK I just got Home :)

    Yes indeed with today's radius update it is detected:
    And just to confirm, I have the same checksums
    ******
    No doubt about it ;) Never any worries from me. :)

    Thanks and Have a Great Weekend Jan, ;)

    Steve

    Ps. Thanks too Bubba, I wouldn't have searched the forum for possible past issues, as I had no doubt it was a F/P (even though it's a rarity for DCS). Thanks kindly for the added info. ;) :)
     
  7. dog

    dog Guest

    Update: Received a reply this morning (430am EST) from DCS regarding the file submission - prompt and courtesies as usual - issue solved as of today's radius update -
    Regards;

    Steve
     
    Last edited by a moderator: May 2, 2005
Thread Status:
Not open for further replies.