virus in spyware doctor 5

Tetrarch · #1 03-28-2007, 08:43 PM

i have the same general laggin erros as the rest with v5, i thaught lets give a reinstall a go before looking for v4, you never know. HOWEVER.. while i was installing kaspersky pop ups and announces that an email worm is in the installation files .. uhuh ..
found: virus Email-Worm.Win32.Zhelatin.bg File: D:\Program Files\Spyware Doctor\is-B8EGN.tmp
deleted: virus Email-Worm.Win32.Zhelatin.bg File: D:\DOCUME~1\Govert\LOCALS~1\Temp\is-HKSMG.tmp\SPORDER.dll

among others .. these poped up during installation ..

clean up your files will you ?
this is embarrasing..

tom.tdw · #2 03-28-2007, 08:50 PM

could you send the file you installed from to me by PM? it may be a false detection but i will scan them and if i find anything i will pass them on. from the location D:/ it looks like you were installing from a cd. it could have got infected

tom.tdw · #3 03-28-2007, 09:06 PM

i have scanned the installer and it seems ok. still send me the files as it might be an infection on your pc

Tetrarch · #4 03-28-2007, 09:23 PM

i d love to .. but this being my first time in this forum, how ?

mjq424 · #5 03-28-2007, 10:23 PM

Hi
Tetrarch, the "sporder.dll" file has been picked up as a false positive in a previous post (cant find the post right now)

WarrenG · #6 03-28-2007, 10:27 PM

Quote:

Originally Posted by Tetrarch

i have the same general laggin erros as the rest with v5, i thaught lets give a reinstall a go before looking for v4, you never know. HOWEVER.. while i was installing kaspersky pop ups and announces that an email worm is in the installation files .. uhuh ..
found: virus Email-Worm.Win32.Zhelatin.bg File: D:\Program Files\Spyware Doctor\is-B8EGN.tmp
deleted: virus Email-Worm.Win32.Zhelatin.bg File: D:\DOCUME~1\Govert\LOCALS~1\Temp\is-HKSMG.tmp\SPORDER.dll

among others .. these poped up during installation ..

clean up your files will you ?
this is embarrasing..

Those files you mentioned are the exact files that were being detected by NOD32 antivirus a month or so ago. Looks like kaspersky doest want this software to go anywhere either. Dont blame PC tools for this, write a post on kasperskys website its their fault.

allibear · #7 03-28-2007, 10:37 PM

Quote:

Originally Posted by Tetrarch

i have the same general laggin erros as the rest with v5, i thaught lets give a reinstall a go before looking for v4, you never know. HOWEVER.. while i was installing kaspersky pop ups and announces that an email worm is in the installation files .. uhuh ..
found: virus Email-Worm.Win32.Zhelatin.bg File: D:\Program Files\Spyware Doctor\is-B8EGN.tmp
deleted: virus Email-Worm.Win32.Zhelatin.bg File: D:\DOCUME~1\Govert\LOCALS~1\Temp\is-HKSMG.tmp\SPORDER.dll

among others .. these poped up during installation ..

clean up your files will you ?
this is embarrasing..

Where these picked up by the real-time File Scanner or where they pop-ups from Proactive Defence? This makes a big difference on how you interpret this. If it's the later you will need to add them to the Trusted Zone.

Make sure Kaspersky is exited in the system tray before doing an installation, (or any other AV for that matter).

Mario Brothers · #8 03-28-2007, 10:42 PM

Sorry I think everyone else is right. It sounds to me like Kasperky has a False Positive.

tvaz · #9 03-28-2007, 10:45 PM

I got the same thing with the Kaspersky engine in Zone Alarm Internet Security 7. I'm sure that it's a false positive. I got it when trying to download an update that said something about being a helper for license renewal (or something like that). It quarantined the file. When I scanned my system it found and quarantined 7 files related to this from the restore folder. I rescanned and my system is now clean. Kaspersky's site says that this worm was discovered on 3-13 and that the definition for it was released on the same day. They could not have known ahead of time about SD's update and written a definition to sabotage it! The file just has a pattern that is similar to the definition for this worm.
This happened with the "174" release of SD5. I removed the program because even with most of the services shut off it was slowing down my computer. I will watch for new releases but will not install SD5 again unless there is some real improvement. Without it my computer is running very well. The new ZAIS 7 is capable of blocking most of the things that SD5 can handle.

allibear · #10 03-28-2007, 11:11 PM

Quote:

Originally Posted by tvaz

I got the same thing with the Kaspersky engine in Zone Alarm Internet Security 7. I'm sure that it's a false positive. I got it when trying to download an update that said something about being a helper for license renewal (or something like that). It quarantined the file. When I scanned my system it found and quarantined 7 files related to this from the restore folder. I rescanned and my system is now clean. Kaspersky's site says that this worm was discovered on 3-13 and that the definition for it was released on the same day. They could not have known ahead of time about SD's update and written a definition to sabotage it! The file just has a pattern that is similar to the definition for this worm.
This happened with the "174" release of SD5. I removed the program because even with most of the services shut off it was slowing down my computer. I will watch for new releases but will not install SD5 again unless there is some real improvement. Without it my computer is running very well. The new ZAIS 7 is capable of blocking most of the things that SD5 can handle.

I think also it's just a behaviour based heuristic detection and simply needs to be added to Kaspersky's Trusted Zone.