Today I awoke to a crashed Spyware Doctor due to ZoneAlarm having quarantined SDInfo.sdp because it supposedly detected a variant of Rbot. Even after uninstalling Spyware Doctor and attemping to reinstall it, ZoneAlarm keeps quarantining the same file over and over again rendering Spyware Doctor unusable. I'm using the standalone version of Spyware Doctor 5.5.1.322, and the latest version of ZoneAlarm SS for WinXP Home SP3.

Yep, same here after the last updates. Looks like a uninstall, Reg clean then a reinstall.

Even after a registry clean I can't seem to re-install successfully unless I add it to the exceptions. Would this be a false positive on ZA's part?

I guess the answer for your question is yes,
It seems ZA false positive

Can someone from PCTools post here when this problem is fixed. Its hard to uninstall when part of the software has been deleted by another app.


I have wasted some time tonight trying to uninstall, reinstall ....

in the end I had to manually remove drivers/ services with Autoruns (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx)

Is there a "standalone" uninstall/remove program for when this happens?

Hi All,

Could someone please provide a screenshot of the detection and we'll have to contact ZA to correct this.

Avira antivirus reports the following:-
"during the scan a virus or unwanted program was found!
C:\Program Files/Spyware Doctor/SDInfo.sdp
Contains detection pattern of the worm WORM/Rbot.923528"

File contains Trojan program and cannot be Disinfected

Trojan program:
Backdoor.Win32.Rbot.pjh

File:
C:\program files\spyware doctor\sdinfo.sdp

Spyware doctor will not run because KIS will not allow - Attempt of access to the file will be blocked. File will not be changed or deleted.

If it is an antivirus detection send the file in a password protected zip to newvirus at kaspersky dot com. Subject: false positive. Include password in the e-mail.

Zone Alarm uses Kaspersky for its antivirus software. They must receive the file to test it and then remove it from their database.

In the past they have responded within 2 hours of receipt of these false positive files.

Thanks SirMaru - I sent the password protected file off to Kaspersky. Lets
see what happens.

two screen shots ..

Spyware Doctor screen shot 1 (http://www.parry-thomas.co.uk/temp/SpywareDoctor_error_1.jpg)


Spyware Doctor screen shot 2 (http://www.parry-thomas.co.uk/temp/SpywareDoctor_error_2.jpg)

Please note these screen shots will only be on the server for 72 hours.

I have had the same problem. Downloaded SD5.5, installed it Ok. Next bootup Kaspersky V7 said I had backdoor trojan 'Win32.Rbot.pjh' in sdinfo. A lot of messing about but then checked the download file with KIS7 and it said the trojan was there! Deleted, downloaded again - same result.
I am back to SD v 5.1 and appears to be no problems. Here was my next port of call ....

Kaspersky has resolved the false positve for SDinfo.sdf.

Run KIS update to get the updates.

Hello,

SDInfo.sdp

No malicious code was found in this file.

Please quote all when answering.

--
Best regards, Kirill Erakhtin
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

Hi - thanks for that - KIS7 got quite agitated about it all. Download file now scans good so will install - tomorrow I think after a bit of R&R!

Avira have now said that this is a false positive and that it will be corrected in one of the next updates.

SO,it is in fact a false positive right?