Guest Deleted_Account Posted August 4, 2010 Share Posted August 4, 2010 I was running Anti-meter on my Windows XP VM and it picks up TeaTimer.exe as a meterpreter shell. I was wondering if any one else can verify if this is a false positive? I was just testing it out and it did successfully kill the meterpreter shell i had running but now it picks out TeaTimer.exe which is legit. Any ways would have asked in IRC but it seems to be down :P Thanks Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted August 4, 2010 Share Posted August 4, 2010 I was running Anti-meter on my Windows XP VM and it picks up TeaTimer.exe as a meterpreter shell. I was wondering if any one else can verify if this is a false positive? I was just testing it out and it did successfully kill the meterpreter shell i had running but now it picks out TeaTimer.exe which is legit. Any ways would have asked in IRC but it seems to be down :P Thanks It should definitely be a False Positive. I use Spybot in my computer at home and never ran into this issue. I would suggest running http://wwwvirustotal.com/ against Teatimer.exe, just to stay on the safe side. Teatimer.exe is a program file which may have been installed on your computer as a spyware scanner or spyware remover. Normally this file is part of spybot search and destroy, which is a free spyware and adware scanning program. The exact disk location of teatimer.exe is also shown below to verfiy it is not spyware, as many spyware programs use similiar names and just locate them elsewhere on your hard drive. Always check the proper disk location of your programs if you are suspicious. If you are running this in real time mode, chances are good you will see this file in your task list, as it monitors spyware, malware, and adware in real time mode. Teatimer.exe is not considered to be a virus or spyware related. Quote Link to comment Share on other sites More sharing options...
Guest Deleted_Account Posted August 4, 2010 Share Posted August 4, 2010 It should definitely be a False Positive. I use Spybot in my computer at home and never ran into this issue. I would suggest running http://wwwvirustotal.com/ against Teatimer.exe, just to stay on the safe side. Teatimer.exe is a program file which may have been installed on your computer as a spyware scanner or spyware remover. Normally this file is part of spybot search and destroy, which is a free spyware and adware scanning program. The exact disk location of teatimer.exe is also shown below to verfiy it is not spyware, as many spyware programs use similiar names and just locate them elsewhere on your hard drive. Always check the proper disk location of your programs if you are suspicious. If you are running this in real time mode, chances are good you will see this file in your task list, as it monitors spyware, malware, and adware in real time mode. Teatimer.exe is not considered to be a virus or spyware related. Thanks. And definitely a false positive checked it with Virus total and ran Avast! on my system to be sure. Double checked the location and it is in spybot's folder so guess it does something that throws off anti-meter maybe a conflict or something. Thanks x942 Quote Link to comment Share on other sites More sharing options...
digip Posted August 4, 2010 Share Posted August 4, 2010 (edited) Are you sure something else didnt inject it into a running or existing process? Possible you were hacked by any chance? Make sure you dont have more than one TeaTimer.exe somewhere on your machine. Malware could be impersonating the legit program from another location on your machine to try and thwart detection. Edited August 4, 2010 by digip Quote Link to comment Share on other sites More sharing options...
Guest Deleted_Account Posted August 4, 2010 Share Posted August 4, 2010 Are you sure something else didnt inject it into a running or existing process? Possible you were hacked by any chance? Make sure you dont have more than one TeaTimer.exe somewhere on your machine. Malware could be impersonating the legit program from another location on your machine to try and thwart detection. Only have one process and one copy and it's in the proper folder. Is it possible the meterpreter infected it? I was experimenting with the New version of set and it allows you to place the payload in autorun on a flash drive. I then told it to backdoor a legit exe (i think it just uses a copy calc.exe) for the "encoding" method. I scanned again with Avast and with ClamAV from my multiboot. Alls clean. Maybe it's just a false positive or maybe it's not detected because of the encoding. Not 100% sure but if thats the case shouldn't it be detected once loaded into memory? plus Avast! use code emulation before running the .exe. I'll reinstall spybot to be on the safe side though. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.