PDA

View Full Version : Iopus Again



SurferJoe46
01-06-2006, 02:31 AM
I found something very interesting about Iopus. It shows up in the Beta version scan of Spybot only.

Since I use the Beta version of Spybot, it never dawned on me that Iopus even existed until last week. When I did my Spybot scan, it found it and fixed the problem.

Fast forward to today; I suggested that a friend install Spybot Beta version for the increased security, and guess what? First thing outta the box, it too finds Iopus on a machine that never has shown that as a result before.

I went to Google, and found this: (http://forums.spybot.info/showthread.php?p=26775) .

Now I wonder; is the Beta version the only one that finds Iopus? Is it a false positive?

More clarity: I also run FilAlyzer, FolderAlyzer and WebAlyzer, all from Safer Networking (Spybot's home). Maybe Iopus is in one of them? The other machine that had the results on Iopus has just had those other utilities added too.

Coincidence?

BTW: a local true-geek here in my group says that Iopus does NOT have to be entered via keyboard and operator request: it can be inserted into an e-mail, arrive as a trojan in a attachment or even encrypted into the body of a jpeg.

With all the rukus Iopus has caused (me assuming someone had access to my equiptment and downloading the keylogger/screenshotter/password-hacker from the internet against and without my knowledge), things have been a little (NZ term here:) dodgy.

The entries look like this:

Iopus: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\The Silicon Realms Toolworks

Wincontrol: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\ST6UNST #1

...and then this:

Hello,

Both entrys (Iopus and Wincontrol) are F/Ps and will be removed from our beta detection.
Thank you for your help!

Markus MisterW
Member of Team Spybot

So, it looks like Team Spybot knows of a false positive and will fix it next week. And I was worried! :blush:

Jen
01-06-2006, 05:33 PM
I did wonder at the time whether it was a false-positive when you first posted about it. However, seeing you posted the registry key to clean it out in your previous post I assumed you had found that registry key in your system ruling out my false-positive theory. :p

SurferJoe46
02-06-2006, 01:15 PM
I did wonder at the time whether it was a false-positive when you first posted about it. However, seeing you posted the registry key to clean it out in your previous post I assumed you had found that registry key in your system ruling out my false-positive theory. :p

Yeah, Jen...that's what amazes me too...the registry key was there, but then again, I get this message from Spybot techo-s that it's a false positive...could be a coincidence?

I think not..but time will tell..

BTW: there's a new Firefox update today too...