Spysweeper 5.3 Virus Found

[Tarkus.]

 
I was trying to update to the latest 5.3 and Avast has tagged the file SpysweeperUI.exe as containing Win32:Delf-BPK [Trj]. Also the same for tmp files created if the option to update definitions during installetion is chosen.
 
Tarkus.

[Lisandro]

Well, it's a problem (false positive) from spysweeper for sure...
Two residents programs could, from time to time, conflict each other.
Can you inform Spysweeper manufactures?

[DavidR]

Tech the detection is coming from avast ON spysweeper.

@ Tarkus.
You could also check the SpysweeperUI.exe file at: VirusTotal - Multi engine on-line virus scanner Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can't do this with the file in the chest, you will need to move it out.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Also see (Mini Sticky) False Positives, how to report it to avast! and what to do to exclude them until the problem is corrected.

The files in temp may be signature updates that aren't encrypted being detected by avast.

[Lisandro]

Tech the detection is coming from avast ON spysweeper.

Sorry, my fault... I'm sleeping...

[polonus]

Hi Tarkus,

Hope you report back here, what was found by either jotti, virustotal or DrWeb av online virus scanner. So whenever it was a FP the avast team can act accordingly.

polonus

[Tarkus.]

Complete scanning result of "SpySweeperUI.exe", received in VirusTotal at 01.30.2007, 18:51:33 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.33 01.30.2007  no virus found
Authentium 4.93.8 01.30.2007 could be a corrupted executable file
Avast 4.7.936.0 01.30.2007 Win32:Delf-BPK
AVG 386 01.30.2007  no virus found
BitDefender 7.2 01.30.2007  no virus found
CAT-QuickHeal 9.00 01.30.2007  no virus found
ClamAV devel-20060426 01.30.2007  no virus found
DrWeb 4.33 01.30.2007  no virus found
eSafe 7.0.14.0 01.30.2007  no virus found
eTrust-InoculateIT 23.73.128 01.30.2007  no virus found
eTrust-Vet 30.3.3358 01.29.2007  no virus found
Ewido 4.0 01.30.2007  no virus found
Fortinet 2.85.0.0 01.30.2007 suspicious
F-Prot 4.2.1.29 01.30.2007  no virus found
Ikarus T3.1.0.27 01.30.2007  no virus found
Kaspersky 4.0.2.24 01.30.2007  no virus found
McAfee 4951 01.29.2007  no virus found
Microsoft 1.2101 01.30.2007  no virus found
NOD32v2 2021 01.30.2007  no virus found
Norman 5.80.02 01.30.2007  no virus found
Panda 9.0.0.4 01.30.2007  no virus found
Prevx1 V2 01.30.2007  no virus found
Sophos 4.13.0 01.28.2007  no virus found
Sunbelt 2.2.907.0 01.26.2007  no virus found
Symantec 10 01.30.2007  no virus found
TheHacker 6.0.3.159 01.28.2007  no virus found
UNA 1.83 01.29.2007  no virus found
VBA32 3.11.2 01.29.2007  no virus found
VirusBuster 4.3.19:9 01.30.2007 no virus found


Aditional Information
File size: 4865600 bytes
MD5: 4a0974ff8f9ef313ce5e6998b1b3bbc3
SHA1: d0b311354d399933f29ace95d2a556c337d24b2f
packers: embedded


File sent to virus@avast.com

Tarkus.

[DavidR]

I think that is fairly conclusive, if you haven't done so already, send the sample to avast, see the False Positive link in my previous post and you can temporarily exclude it as previously mentioned.

However, since the file is quite large, possibly too large for your ISP email attachments, etc. You can use the ftp server to upload big files. Upload them to ftp://ftp.avast.com/incoming.

[Ampzilla]

I have the same problem. Now I don't know how two re-install spysweeper

1 What option do I choose when Avast 4.7 alerts me

Ampzilla

[Lisandro]

I have the same problem. Now I don't know how two re-install spysweeper

Maybe if you go to Control Panel > Add/Remove programs > Uninstall it and booting
Then install it again (downloading the last version, perhaps).
I suppose you've kept your license key in a safe place...

1 What option do I choose when Avast 4.7 alerts me

No action...
As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the 'a' blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button...
You can use wildcards like * and ?. But be carefull, you should 'exclude' that many files that let your system in danger.
After that, please, periodically check it - scan it into Chest, right clicking the file -  there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected as being infected then you can also remove it from the Exclusion list.

[DavidR]

I have the same problem. Now I don't know how two re-install spysweeper

1 What option do I choose when Avast 4.7 alerts me

Ampzilla

Provided you didn't also uninstall spysweeper (or didn't opt to delete the file) just that because the file isn't present spysweeper isn't able to run, this can be rectified.

If you sent the spysweeperui.exe to the virus chest, open it, right click the avast icon, select Start avast! Antivirus, Menu, Virus Chest. Go to the Infected Files section, find the file, right click and select Restore, that should send it back to the original location.

The standard shield will likely alert, choose No Action, you must add the file to the exclusions as previously mentioned until it is corrected.

[airviva]

I've made a phone call from Portugal to Webroot at CO ,USA  about the new version 5.3.1  of Spysweeper and the SUPPOSED trojan and they reply me that it's a Avast problem and they have already advised them , however problem persists. Any other anti virus detects that trojan. As I'm using a Free edition I can't complain to Avast...?!

sorry for the poor English.
Humberto Carreiro
humberto_carreiro@clix.pt

[DavidR]

You can add the file to the exclusions lists until such time as the problem is rectified, which I doubt will be long.

Standard Shield, Customize, Advanced, Add (see image)
Program Settings, Exclusions)

Periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.

There is nothing stopping you from complaining, your doing it on the forums and action will be taken it doesn't matter if you are using the free version of avast!.
This does make a change as it was spysweeper that previously reported incorrectly ashDisp.exe was infected, so as you can see false positive detections are a fact of life in security programs.

[Ampzilla]

When will Avast fix the bug With Spysweeper

Ampzilla

[DavidR]

I don't know I'm just an avast user like yourself, but until then that is why I suggested excluding the file from scans so spysweeper will work. Periodically scan the copy of the spysweeperui.exe in the chest. When it is no longer detected you will know it have been corrected in the VPS and you can remove the exclusion.

[airviva]

Problem solved by Avast with the 1st Feb update. No more trojan reports in Spysweeper.

Humberto Carreiro