SDInfo.sdp tagged as W32-Trojan-Gen

Viruses and worms
1

I’m assuming this is a false positive, since this is a spyware doctor file and it was located in the proper place?

This was from the 7/4 database update, btw.

As of now, I have avast set to ignore the SD directory for scans and real-time protection.

Has anyone else had this problem?

I’d upload the file to avast, but it’s too big. Almost 100 megs.

The error came up on bootup into windows.

2

It doesn’t seem that avast is alone in this, http://www.google.co.uk/search?q=SDInfo.sdp as others are also flagging this file. This one from the PCTools forum http://www.pctools.com/forum/showthread.php?t=51663. Obviously some of the hits are old but it shows that file has had detection issues in the past.

I suspect that this contains virus signatures that aren’t encrypted, though I don’t know for sure.

You could send a report email to virus (at) avast dot com without an attached file.

Provide some information about the detection, file name, location, spyware doctor version, etc. It would be useful to give the link to this topic.

3

I’m having a different problem with Spyware Doctor… False rootkit detections…

4

Yeah, I pretty much don’t use any sort of automatic rootkit detection with security software, because all rootkit diagnostics are exclusively based on heuristics. Normally I’ll run a program specific for that issue, like rootkit revealer or rootkit unhooker. Especially since I normally need someone else to take a look at it. It’s incredibly difficult for me to decipher a lot of that and determine what might be a legitimate threat and what is a false positive.

I had a suspicion that there was a strong possibility that this was a false positive, especially because of the diagnosis. (i.e. generic trojan, as opposed to a specific one.) False positives that indicate a specific infection definitely give me a few more gray hairs.

I know false negatives are much worse… but FPs certainly do increase the adrenalin and the jitters until I figure out what is going on. :wink:

5

Yeah… hope there isn’t a certification in curse nowadays… avast will fail for sure, too many false positives due to generic signatures… :cry: