I just did a SpyBot scan, clean; Adaware scan, clean; and a NOD32 scan.

On NOD I got a list of files that look like this:

C:\WINDOWS\ALLUSERS\APPLICATIONDATA\SPYBOT\RECOVER Y\GAINGator.zip>>ZIPsb RECOVERY.ini --error-- the file is password protected.

Some of the others were
C:\...RECOVERY.reg

C:\...ZIP>>ginst_001_1234_4201.exe

all with the notation-- 'error--the file is password protected'

there were some files listed as "archive damaged" and some "next archive volume not found"

Is this a problem or just a record of SpyBot's activity?

Likely, Budfred is best to answer this since he uses and has been using NOD32 for, I guess, a long time. To directly answer what I think ... I have almost exactly the same sort of results when I run NOD32 (running trial version for 3 days or so). My guess is that the Spybot related files are remnants left from when we ran Spybot, it found baddies (e.g., GainGator), and we said clean it up. I think Spybot, and Adaware for that matter, keep this stuff in some form (archive/PW protected) so that if it was a false positive, we could safely recover. So, for my part, I'll eventually go into Spybot and Adaware and tell them to remove the offensive archives. Or I'll do it manually, if needed.

Budfred?

Same here Donn, if I do the 'In-Depth Analysis' mode of scan. Those you are mentioning are put in blue so they are not severe threats if a threat at all.

There's another thread here about false positives and I was getting those also. They are listed in red and related to Java. Paul K responded and I did not have a setting correctly in Control Panel. I've made the changes now but haven't rebooted yet so they can take effect. But prior to seeing his post, I had already deleted everything in the cache file of Sun Java anyway so the next scan will not show those socalled trojans and/or virii. Maybe after a week or so some may return, we'll see.

I'm in about day 5 of NOD32 myself.

FTT, I saw Paul K's post, but I do not have that Java plug in my Control Panel, I don't have any java plug in CP, but isn't that the Java machine that Shredder points to to remove it. Is it Shredder or something else?

pop pop, y'know what kinda made me sit up was the phrase "password protected". I thought, "Oh great, something that needs a password got passed SpyBot. . ." :( That still makes me wonder. . .why is there a password there?

The folder APPLICATIONDATA\SPYBOT\RECOVER Y is the location of the backups SPybot makes when removing things. It is in effect password protected so that it cannot be inadvertently opend, and the files replaced. The actual folder \spybot\recovery could be deleted as it will be recreated when you run spybot again.

Donn,
I thought the recommendation around these parts was to install Sun Java and disable MS's? Is it the version? (Edit: Oops, you won't see anything to enable/disable until you DO install SUN)

Did you mean CWS remover has some warning? If so, I'll d/l the latest and run it to see what it says.

FTT: No it's not in this latest version, I already looked. But I seem to recall that the first time I ran Shredder there was an icon at the end that said something like "Click here to learn how to prevent Shredder from installing. . ." and it took you to a site to remove the MS JVM. . .wasn't that it? Or am I thinking of something else. . .?

Edit:

Thaks, David, that'll put me totally at ease. . . :cool: