Jump to content

Spybot Teatimer.exe Detected As Meterpreter Shell?


Guest Deleted_Account
 Share

Recommended Posts

Guest Deleted_Account

I was running Anti-meter on my Windows XP VM and it picks up TeaTimer.exe as a meterpreter shell. I was wondering if any one else can verify if this is a false positive? I was just testing it out and it did successfully kill the meterpreter shell i had running but now it picks out TeaTimer.exe which is legit. Any ways would have asked in IRC but it seems to be down :P

Thanks

Link to comment
Share on other sites

I was running Anti-meter on my Windows XP VM and it picks up TeaTimer.exe as a meterpreter shell. I was wondering if any one else can verify if this is a false positive? I was just testing it out and it did successfully kill the meterpreter shell i had running but now it picks out TeaTimer.exe which is legit. Any ways would have asked in IRC but it seems to be down :P

Thanks

It should definitely be a False Positive. I use Spybot in my computer at home and never ran into this issue.

I would suggest running http://wwwvirustotal.com/ against Teatimer.exe, just to stay on the safe side.

Teatimer.exe is a program file which may have been installed on your computer as a spyware scanner or spyware remover. Normally this file is part of spybot search and destroy, which is a free spyware and adware scanning program. The exact disk location of teatimer.exe is also shown below to verfiy it is not spyware, as many spyware programs use similiar names and just locate them elsewhere on your hard drive. Always check the proper disk location of your programs if you are suspicious. If you are running this in real time mode, chances are good you will see this file in your task list, as it monitors spyware, malware, and adware in real time mode. Teatimer.exe is not considered to be a virus or spyware related.

Link to comment
Share on other sites

Guest Deleted_Account
It should definitely be a False Positive. I use Spybot in my computer at home and never ran into this issue.

I would suggest running http://wwwvirustotal.com/ against Teatimer.exe, just to stay on the safe side.

Teatimer.exe is a program file which may have been installed on your computer as a spyware scanner or spyware remover. Normally this file is part of spybot search and destroy, which is a free spyware and adware scanning program. The exact disk location of teatimer.exe is also shown below to verfiy it is not spyware, as many spyware programs use similiar names and just locate them elsewhere on your hard drive. Always check the proper disk location of your programs if you are suspicious. If you are running this in real time mode, chances are good you will see this file in your task list, as it monitors spyware, malware, and adware in real time mode. Teatimer.exe is not considered to be a virus or spyware related.

Thanks. And definitely a false positive checked it with Virus total and ran Avast! on my system to be sure. Double checked the location and it is in spybot's folder so guess it does something that throws off anti-meter maybe a conflict or something.

Thanks

x942

Link to comment
Share on other sites

Are you sure something else didnt inject it into a running or existing process? Possible you were hacked by any chance? Make sure you dont have more than one TeaTimer.exe somewhere on your machine. Malware could be impersonating the legit program from another location on your machine to try and thwart detection.

Edited by digip
Link to comment
Share on other sites

Guest Deleted_Account
Are you sure something else didnt inject it into a running or existing process? Possible you were hacked by any chance? Make sure you dont have more than one TeaTimer.exe somewhere on your machine. Malware could be impersonating the legit program from another location on your machine to try and thwart detection.

Only have one process and one copy and it's in the proper folder. Is it possible the meterpreter infected it? I was experimenting with the New version of set and it allows you to place the payload in autorun on a flash drive. I then told it to backdoor a legit exe (i think it just uses a copy calc.exe) for the "encoding" method. I scanned again with Avast and with ClamAV from my multiboot. Alls clean. Maybe it's just a false positive or maybe it's not detected because of the encoding. Not 100% sure but if thats the case shouldn't it be detected once loaded into memory? plus Avast! use code emulation before running the .exe. I'll reinstall spybot to be on the safe side though.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...