Results 1 to 3 of 3

Thread: Iopus Again

  1. #1
    Smiling Down On Youse SurferJoe46's Avatar
    Join Date
    May 2005
    Location
    Hamilton, Montana, USA
    Posts
    14,317

    Default Iopus Again

    I found something very interesting about Iopus. It shows up in the Beta version scan of Spybot only.

    Since I use the Beta version of Spybot, it never dawned on me that Iopus even existed until last week. When I did my Spybot scan, it found it and fixed the problem.

    Fast forward to today; I suggested that a friend install Spybot Beta version for the increased security, and guess what? First thing outta the box, it too finds Iopus on a machine that never has shown that as a result before.

    I went to Google, and found this: (http://forums.spybot.info/showthread.php?p=26775) .

    Now I wonder; is the Beta version the only one that finds Iopus? Is it a false positive?

    More clarity: I also run FilAlyzer, FolderAlyzer and WebAlyzer, all from Safer Networking (Spybot's home). Maybe Iopus is in one of them? The other machine that had the results on Iopus has just had those other utilities added too.

    Coincidence?

    BTW: a local true-geek here in my group says that Iopus does NOT have to be entered via keyboard and operator request: it can be inserted into an e-mail, arrive as a trojan in a attachment or even encrypted into the body of a jpeg.

    With all the rukus Iopus has caused (me assuming someone had access to my equiptment and downloading the keylogger/screenshotter/password-hacker from the internet against and without my knowledge), things have been a little (NZ term here dodgy.

    The entries look like this:

    Iopus: Settings (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\The Silicon Realms Toolworks

    Wincontrol: Uninstall settings (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\ST6UNST #1


    ...and then this:

    Hello,

    Both entrys (Iopus and Wincontrol) are F/Ps and will be removed from our beta detection.
    Thank you for your help!

    Markus MisterW
    Member of Team Spybot


    So, it looks like Team Spybot knows of a false positive and will fix it next week. And I was worried!


    Warum werden wir so früh alt und klug so spät?

  2. #2
    Moderator Jen's Avatar
    Join Date
    Dec 2004
    Location
    Auckland
    Posts
    8,210

    Default Re: Iopus Again

    I did wonder at the time whether it was a false-positive when you first posted about it. However, seeing you posted the registry key to clean it out in your previous post I assumed you had found that registry key in your system ruling out my false-positive theory.

  3. #3
    Smiling Down On Youse SurferJoe46's Avatar
    Join Date
    May 2005
    Location
    Hamilton, Montana, USA
    Posts
    14,317

    Default Re: Iopus Again

    Quote Originally Posted by Jen
    I did wonder at the time whether it was a false-positive when you first posted about it. However, seeing you posted the registry key to clean it out in your previous post I assumed you had found that registry key in your system ruling out my false-positive theory.
    Yeah, Jen...that's what amazes me too...the registry key was there, but then again, I get this message from Spybot techo-s that it's a false positive...could be a coincidence?

    I think not..but time will tell..

    BTW: there's a new Firefox update today too...


    Warum werden wir so früh alt und klug so spät?

Similar Threads

  1. iopus, Where Does It Come From?
    By SurferJoe46 in forum PressF1
    Replies: 8
    Last Post: 27-05-2006, 10:42 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •