Trojan Hunter Giving False Positive On SpyBotS&D??

Discussion in 'other anti-trojan software' started by WE Sim, Nov 20, 2002.

Thread Status:
Not open for further replies.
  1. WE Sim

    WE Sim Guest


    Just downloaded the latest definitions for TH, 25x-2002-11-19, and it detected SpyBotS&D 1.11 executable file as having double extensions ie


    Anyone has this problem? Is this a trojan or a false positive?
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Apr 27, 2002
    Hi WE Sim,

    I did a search on my system for spybotsd
    I found several file with double extensions, but none of them exe.exe
    What I found were xml.sig exe.sig
    I´ve got version 1.1 rel 3


  3. Magnus Mischel

    Magnus Mischel Security Expert

    Oct 24, 2002

    TrojanHunter's "double extension checker" checks files for double extensions but cannot give any positive identification of any file as a trojan or other malware. Many trojans and other malware files have double extensions to try to hide their real extension from the user in Windows Explorer. In this case, it's almost guaranteed to be a "false warning" since SpyBot is a legitimate application. Why SpyBot's developer would name the file SpyBot.exe.exe isn't entirely clear to me, though. Summary: These are only warnings, meant to inform you of executable files with double extensions.
  4. Primrose

    Primrose Registered Member

    Sep 21, 2002
    Can you tell me the link where you downloaded an application that has the name .....

    SpyBotSD.exe.exe o_Oo_O
  5. mikevop

    mikevop Guest

    That's a very good question.
  6. WE Sim

    WE Sim Guest

    Hi Primrose!

    FYI, as I could not download SpyBot updates automatically (as mentioned in one of my previous threads) I downloaded Spybot 1.1 rel 3 and its updates directly from its website.

    It was a warning given to me by TH and as explained by MM himself its just a warning that the exe file carries a double extensions.

    To MM,

    Thank you for the explanation.
  7. Primrose

    Primrose Registered Member

    Sep 21, 2002
    Yes I understood all fact I was in the same position as you on the transition and then install of the Spybot 1.1 rel 3..but never have I run into a sybotsd.exe.exe and I still have copies of all his work before .95 and now the new rel4beta1.. so I was trying to figure out how it was created for you..I was not questioning it that's for sure :)..I am just a guy who loves a mystery.

    If you see it happen again on any other..give me a jungle if you can.



    I guess i was wondering if you download that rel3" to" your desktop and then tried to install it..or had you asked for it to be installed "from" that site and that when you had the alert.

    Did you physically ever have a logo on your desktop or in a zip folder in this process call spybotsd.exe.exe that you could see and keep?
  8. the Tester

    the Tester Registered Member

    Jul 28, 2002
    The Gateway to the Blue Hills,WI.
    Hello.I saw this thread and I have both Trojan Hunter and Spybot installed and updated.I have the 1.1 rel.3 version of Spybot.So I scanned with Trojan Hunter.I was curious to see if I would find the same result.Trojan Hunter didn't detect anything related to Spybot on my XP home edition system.I'm not positive, but I believe that I dl'ed Spybot from LurkHere.
  9. WE Sim

    WE Sim Guest

    Hi Primrose & the Tester!

    I just checked my SpyBot executable file and found that its named as SpyBotSD.exe. Similarly, the SpyBot icon on my W2K SP3 desktop is also labeled likewise.

    Is the 2nd part of the extension (i.e. the other exe) hidden. If it is, is there anyway to display the full filename? I went to 'View' --> 'Details' but it didn't show up the 2nd exe.

    Any feedback?
  10. Paul Wilders

    Paul Wilders Administrator

    Jul 1, 2001
    The Netherlands
    WE Sim,

    Have a look here.


  11. WE Sim

    WE Sim Guest

    Hi everyone!

    I solved the problem by renaming SpyBotSD.exe to SpyBotSD and similarly for the desktop icon as well. I believe SpyBotSD is still an exe file because it works without problem and TH didn't show anything this time round.

    Thanks for all the feedback.

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.