Jump to content

New Tdsskiller False Positives & Contact Us Error Message


ritchie58

Recommended Posts

While launching TDSSKiller anti-rootkit utility today I recieved several quarantine responses by the SPERO detection engine when the executable attempted to update from version 3.0.0.25 to 3.0.0.26. This is not normal as I've never had any conflicts with this utility and Immunet before. Even after restoring 3.0.0.25 Immunet also attempted to quarantine the zip file (quarantine failed) for the new 3.0.0.26 build after downloading to C:\Users\Ritchie\Downloads\Software Installers. Since I place the .exe on my Desktop I used this exclusion which seems to have corrected the problem for now, C:\Users\Ritchie\Desktop\TDSSKiller. With this exclusion added the TDSSKiller GUI will launch and a scan is possible.

 

I have included the MD5-SHA256 for the newest build (see Images). Let me know if you would also like the SDT dump sent in.

 

OS: Win 7 Ultimate x64 SP1 - Immunet Plus version (TETRA enabled, ClamAV disabled): 3.1.8.9583

 

TDSSKiller 3.0.0.26 zip installer: tdsskiller3.0.0.26.zip

 

post-175-0-67782000-1395782789_thumb.jpgpost-175-0-55167400-1395782790_thumb.jpg

post-175-0-87008200-1395783370_thumb.jpg

Link to comment
Share on other sites

Forum member DimitriAus also had dificulty uplaoading a FP report at the same site. His thread can be found at the previous False Positives topic. He may not have archived the file in question to a .zip file prior to submission as he didn't mention that though. The file I attempted to submit "WAS" a .zip file and I filled in all necessary text fields but still got the error message.

Link to comment
Share on other sites

Cool! Thanks Jose. I do have a Sceduled Scan in place where it scans my entire C:\ drive once a week and SPERO did hit on the 3.0.0.25 installer with the same detection name that I have archived. I like to keep the previous installer of any software I'm using just in case.

Link to comment
Share on other sites

Yup, that's the case Jose. I took a screen shot. It's really no big deal though. I doubt I'd have a reason to revert back to the old build since version .26 is working without issues. I'm assuming it would be ok now to delete that exclusion I made for the .26 executable on my Desktop. One way to find out is delete the exclusion and launch the program to see what happens I guess.

 

Deleted the exception and the .26 executable launched with no detection! Sweet! I did decide to delete the old .25 zip file so it wouldn't cause me any more problems and another detection occured when moving the file to the Recycle Bin. I did expect that to happen though so I had Immunet delete the file after the quarantine response.

 

post-175-0-47759600-1396390435_thumb.jpg

Link to comment
Share on other sites

Got some bad news Jose. While attempting to update to the newest 3.0.0.30 version the exact same thing happened. While downloading the .zip file and moving the .exe to the Desktop I encountered the exact same quarantine responses with the same detection name as before (see images). Do you want me to run the Hash calculator for this build too? Something has to be done so future builds of TDSSKiller do not keep getting quarantined. This utility does get updated quite frequently!

 

Cheers, Ritchie...

 

post-175-0-31684000-1396999712_thumb.jpgpost-175-0-83025900-1396999724_thumb.jpg

Link to comment
Share on other sites

  • 2 weeks later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...