Spybot v.1.4 script virus

Discussion in 'NOD32 version 2 Forum' started by deerfern, Jul 21, 2005.

Thread Status:
Not open for further replies.
  1. deerfern

    deerfern Registered Member

    Joined:
    Nov 10, 2003
    Posts:
    14
    I installed Spybot Search & Destroy v.1.4 and my NOD32 anti virus software says it has an unknown script virus.

    When I uninstalled it and reinstalled v.1.3, no such warning appears. Upon reinstallation of 1.4 again, NOD again says, "Probably unknown script virus". I do not install Tea Timer when I install either version.

    I downloaded from 3 separate downloads directly from safer-networking website link (in case I had an infected download for some reason) Each time, NOD32 says it has a script virus.

    It says it's in a file as below

    C:\Documents and Settings\All Users\Application Data\Spybot - Search and Destroy\Backups\regLocal.reg

    NOD 32 quarantines and deletes the file, so I cannot submit it for analysis.

    Has anyone else had this problem, and does anyone know what to do about it?

    Thanks Carol
     
  2. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    If the file was quarantined there should be a copy in the quarantine folder, it is located on the NOD32 System Tools tab. Highlight the file and click the "submit for analysis" button.

    I also have Spybot 1.4 and don't have any files flagged. The folder indicated is for Spybot to store backups should you wish to undo any changes Spybot made so it should also show up somewhere else on your system unless Spybot cleaned the infection as it does handle some of the more well known virii and trojans in addition to spyware.
     
  3. gnervt

    gnervt Registered Member

    Joined:
    May 6, 2005
    Posts:
    53
    Location:
    Germany
    hi! this file was an backup of the SOFTWARE hive from your registry. if you install spybot it asks you if you would do an registry backup. i would not send it to eset because its to big and it contains serial numbers and clsids!
     
Thread Status:
Not open for further replies.