I found something very interesting about Iopus. It shows up in the Beta version scan of Spybot only.

Since I use the Beta version of Spybot, it never dawned on me that Iopus even existed until last week. When I did my Spybot scan, it found it and fixed the problem.

Fast forward to today; I suggested that a friend install Spybot Beta version for the increased security, and guess what? First thing outta the box, it too finds Iopus on a machine that never has shown that as a result before.

I went to Google, and found this: (http://forums.spybot.info/showthread.php?p=26775) .

Now I wonder; is the Beta version the only one that finds Iopus? Is it a false positive?

More clarity: I also run FilAlyzer, FolderAlyzer and WebAlyzer, all from Safer Networking (Spybot's home). Maybe Iopus is in one of them? The other machine that had the results on Iopus has just had those other utilities added too.


BTW: a local true-geek here in my group says that Iopus does NOT have to be entered via keyboard and operator request: it can be inserted into an e-mail, arrive as a trojan in a attachment or even encrypted into the body of a jpeg.

With all the rukus Iopus has caused (me assuming someone had access to my equiptment and downloading the keylogger/screenshotter/password-hacker from the internet against and without my knowledge), things have been a little (NZ term here dodgy.

The entries look like this:

Iopus: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\The Silicon Realms Toolworks

Wincontrol: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\ST6UNST #1

...and then this:


Both entrys (Iopus and Wincontrol) are F/Ps and will be removed from our beta detection.
Thank you for your help!

Markus MisterW
Member of Team Spybot

So, it looks like Team Spybot knows of a false positive and will fix it next week. And I was worried!