Spyware Doctor resident false positive?

General Topics
1

Strange detection from Spyware Doctor (Starter Edition) resident.
Any comments? ???

2

Well it is entirely possible that something avast unpacked to scan could be spyware that isn’t detected by avast. You could check it at VT or Jotti, but that would only help in checking if it were an FP on spyware doctor.

It wouldn’t be a lot of help to you as it wouldn’t give any indication as to what archive it was unpacked from so the detection if correct would just indicate you have an infected file in an archive that is undetected by avast. You would have to run a scan of everything including archive files with spyware doctor to find and remove it.

3

I don’t have that temporary file anymore… I’ll try to be faster next time and save it in another folder…

4

Even if you managed to save it to a different folder it wouldn’t identify where it was extracted from. All it could do is confirm or deny the Spyware Doctor (SD) detection and if good that you have malware undetected by avast on the system.

Is there no option in SD to do an on-demand scan including archives to be able to find this file again ?

5

Sure it is. The paid version only allows scheduling, but the free has all options. I’ll run them but I think I’ll find nothing related to this…

6

I wasn’t considering scheduling, just starting an on-demand scan like we do in the SUI of avast. Well if SD is able to find it when avast unpacks it surely it should be able to unpack and scan the same archives. Unless it doesn’t support many packers.

7

Run a full on-demand with SD and nothing related (just few cookies…).

8

Looks like you will have to rely on an avast scan unpacking it again and SD catching it and you saving it.

9

I’ll wait my next scheduled full scanning with avast 8)

10

When i run Spyware Doctor today it founds: Trojan-Spy.Delf.MQ in win32.dll

Virustotal says:

AhnLab-V3 2008.2.16.10 2008.02.15 -
AntiVir 7.6.0.67 2008.02.15 -
Authentium 4.93.8 2008.02.15 -
Avast 4.7.1098.0 2008.02.15 -
AVG 7.5.0.516 2008.02.15 -
BitDefender 7.2 2008.02.16 -
CAT-QuickHeal None 2008.02.16 -
ClamAV 0.92.1 2008.02.15 -
DrWeb 4.44.0.09170 2008.02.16 -
eSafe 7.0.15.0 2008.02.14 -
eTrust-Vet 31.3.5541 2008.02.15 -
Ewido 4.0 2008.02.16 -
FileAdvisor 1 2008.02.16 -
Fortinet 3.14.0.0 2008.02.16 -
F-Prot 4.4.2.54 2008.02.15 -
F-Secure 6.70.13260.0 2008.02.15 -
Ikarus T3.1.1.20 2008.02.16 -
Kaspersky 7.0.0.125 2008.02.16 -
McAfee 5231 2008.02.15 -
Microsoft 1.3204 2008.02.16 -
NOD32v2 2880 2008.02.15 -
Norman 5.80.02 2008.02.15 -
Panda 9.0.0.4 2008.02.16 -
Prevx1 V2 2008.02.16 -
Rising 20.31.50.00 2008.02.16 -
Sophos 4.26.0 2008.02.16 -
Sunbelt 2.2.907.0 2008.02.14 -
Symantec 10 2008.02.16 -
TheHacker 6.2.9.221 2008.02.15 -
VBA32 3.12.6.1 2008.02.14 -
VirusBuster 4.3.26:9 2008.02.15 -
Webwasher-Gateway 6.6.2 2008.02.15 -

It looks like a false positive …

Edit: When shut down Spyware Doctor the computer crashed. Bye Bye Spyware Doctor - never again! >:(