hello:) , ive been getting this fp for about a week now 'unvise32.exe' 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Sh aredDlls##C:\WINDOWS\unvise32.exe', kaspersky reports clean aswell as my on demand scanners & on-line scans with jotti & virus total. i came across a post on the spybot forum http://forums.spybot.info/showthread.php?t=18382 which they confirmed it as a false poss. Unvise32.exe is malicious unvise32.exe is a uninstaller for markvision software.. sd is up to date with todays sig;)

http://img211.imageshack.us/img211/2350/sdfpfo3.th.png (http://img211.imageshack.us/my.php?image=sdfpfo3.png)

[log]
Spyware Doctor ReportSpyware Doctor Activity Report
Generated on 14/02/2008 16:11:06Spyware Doctor HomepagePC
Tools HomepageTechnical Support
Scans (basic information only):

Scan Results:
scan start:14/02/2008 16:12:02
scan stop:14/02/2008 16:13:29
scanned items:16993
found items:1
found and ignored:0
tools used:Registry Scanner

Infection NameLocationRisk
Application.Keystroke
SpyHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ SharedDlls##C:\WINDOWS\unvise32.exeMedium

Scan Results:
scan start:14/02/2008 16:52:52
scan stop:14/02/2008 16:52:55
scanned items:46
found items:0
found and ignored:0
tools used:General Scanner, Process Scanner, LSP
Scanner, Startup Scanner, Registry Scanner,
Hosts Scanner, Browser Scanner, Browser Activity
Scanner, Disk Scanner, ActiveX Scanner
Infection NameLocationRisk

Scan Results:
scan start:14/02/2008 16:53:16
scan stop:14/02/2008 16:58:14
scanned items:40948
found items:2
found and ignored:0
tools used:Registry Scanner, Disk Scanner
Infection NameLocationRisk
Application.Keystroke SpyC:\WINDOWS\unvise32.exeMedium
Application.Keystroke
SpyHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ SharedDlls##C:\WINDOWS\unvise32.exeMedium
Other Sections:
Copyright ? 2003 PC Tools. All rights reserved.Legal Notice


xp home sp2
sd version 4.1.0.1
database version 3.09210

sygate
kaspersky
spywareblaster
spyware doctor [on demand]
superantispyware [on demand]
avgantispyware [on demand]
Hijackthis

Highjackthis Training http://malwareremoval.com/

Thanks for the info jondow, this does appear to be a FP and will be resolved in the next database update :)

copy that AChen, thanks:)

Hi Achen, the fp is still there after todays 18/2/08 sig update v3.09230

I'd also deduced this was a false positive but with 18/2/08 sig update v3.09230 installed I'm still getting 3 infections of Keystroke Spy identified. Identical infection to that reported by jondow.

Either the update promised by AChen hasn't happened or it isn't a false positive but a real threat. Either way this does not reflect well on Spyware Doctor - please get it sorted.

Thank you.

hello beefheart yes sd does flag 3 enteries for Keystroke when a full scan is run,1.reg key 2.file in windows directory 'unvise32.exe' 3.entry in system restore 'back up' the trouble with fp's is that the every day user is going to trust sd & remove what is flagged as malicious.

make that 4 enteries that sd flags as infected. 1 reg key, 1 file in windows, & 2 in restore, ive just done a fresh full scan with todays 3.09230 sig

http://img158.imageshack.us/img158/8758/sdfpsc4.th.png (http://img158.imageshack.us/my.php?image=sdfpsc4.png)

Thanks, we found the problem and this will be resolved in the next update :)

thank you AChen:)

Thanks, we found the problem and this will be resolved in the next update :)

Does this mean it is definitely a false positive and can be ignored?

Hi
Yes it does :)

Thanks, Matt.

thank you all sorted