How soon can it take before a false positive results in a data base change or reply from support?
The Threat Name - Trojan-Downloader.Delf
Type - Registry Value
Risk Level - High
Infection - HKEY_CLASSES_ROOT\AppID\iebho.dll, AppID

Was found again. As in last post at http://www.pctools.com/forum/showthread.php?t=54659 iebho.dll was scanned via many other programs and NON had a problem with it,

Hi John,

If an FP is reported, normally these will be fixed within the day. I have escalated this to the MRC team to investigate and will provide an update shortly.

Hi again,

We have searched the following registry key which you reported as a false positive and found that it is related to spyware. But to further investigate it, we require the DLL to check if it is a legitimate file which also uses the registry key.

Could you go to (HKEY_CLASSES_ROOT\AppID\iebho.dll) and send this to my email address?

Hi have sent it to you at your e-mail address. Sorry for delay but been out! Have tried again via zip with pasword.

John

Seems like it a smitfraud baddie. Check this out from the Kaspersky forum.

http://forum.kaspersky.com/lofiversion/index.php/t68803.html

Thanks for link, As said before this dll was checked by many online sites and a number of on line and installed programs, Non other than Spyware Dr found a problem and even DS is OK with the dll only the registry entry. Its able to remove it with no problem, The dll is part of an HP program installed on the new lap top from new and after a reinstall. The only internet activity was that to update during the reinstalling. I have uninstalled the HP program, file sanitizer and reinstalled it and in all cases ONLY SD picks up there being a problem, and as said then is OK with the dll when a through scan was done. It all looks to me to be a false positive or every one else and HP are wrong.

Sorry about that. Interested to see what PCT finds out.

Here is another interesting find.

http://www.threatexpert.com/files/iebho.dll.html

Thanks for the file John. This is a legitimate file which uses the same registry key as other spyware applications. We have resolved this and hopefully will be available in the next Smart Update :)

Thanks, given this is on every HP PC I am suprised others havn't been effected!

Thanks for the file John. This is a legitimate file which uses the same registry key as other spyware applications. We have resolved this and hopefully will be available in the next Smart Update :)


I have downloaded two days updates and still
17/11/2008 14:40:55:129 Infection was detected on this computer
Threat Name - Trojan-Downloader.Delf
Type - Registry Value
Risk Level - High
Infection - HKEY_CLASSES_ROOT\AppID\iebho.dll, AppID

17/11/2008 14:40:55:129 Infection was detected on this computer
Threat Name - Trojan-Downloader.Delf
Type - Registry Key
Risk Level - High
Infection - HKEY_CLASSES_ROOT\AppID\iebho.dll

iebho.dll is a dll file that contain threats it is also a very dangerous threat.

Please click this link for detailed information
http://www.2-spyware.com/remove-iesearch.html
www.superantispyware.com/definition/iebho/
www.threatexpert.com/files/iebho.dll.htm

Best Regards

Khim

iebho.dll is a dll file that contain threats it is also a very dangerous threat.

Please click this link for detailed information
http://www.2-spyware.com/remove-iesearch.html
www.superantispyware.com/definition/iebho/
www.threatexpert.com/files/iebho.dll.htm

Best Regards

Khim

Hi if you read above
Thanks for the file John. This is a legitimate file which uses the same registry key as other spyware applications. We have resolved this and hopefully will be available in the next Smart Update :)
the dll this registry entry is pointing to IS NOT a problem. The problem is every other scan on line and from installed programs (Avast, Sybot ) have been able to distinguish between a legitimate link and an unwanted one. I do not know why HP use the dll name (maybe that’s why the problem one was given that name, but its OK and has now been cleared by PC Tools as well (Spyware Dr NEVER picked up the dll only the registry entry so somehow an exclusion based on a legitimate dll needs to be in the data base, it would appear others could well have done this!).