dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
14030

dp
MVM
join:2000-12-08
Greensburg, PA

2 edits

1 recommendation

dp

MVM

Ad-Aware Sept. 12 Update - FP??

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{48e59291-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{48e59290-9880-11cf-9754-00aa00c00908}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 3

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : inetctls.inet

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : inetctls.inet.1

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 5

Corrine
Premium Member
join:2004-08-27

1 recommendation

Corrine

Premium Member

Appears to be. I received an inquiry at another site from a malware fighter where the following popped up after the update:

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1671070149-3917440862-2804098082-500\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}

Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Virus
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1671070149-3917440862-2804098082-500\software\microsoft\windows\currentversion\ext\stats\{b45ff030-4447-11d2-85de-00c04fa35c89}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2

Bubba
GIT-R-DONE
MVM
join:2002-08-19
St. Andrews

1 recommendation

Bubba to dp

MVM

to dp
Hope you don't mind DP but I would like to post an additional possible FP for Shockwave Flash Object ?
quote:
Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, September 12, 2006 9:20:43 AM
Using definitions file:SE1R123 12.09.2006

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1708537768-1897051121-1801674531-1003\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}

Corrine
Premium Member
join:2004-08-27

1 recommendation

Corrine to dp

Premium Member

to dp
CalamityJane advised that these have been reported to LS Research

GuestFromFrance
@abo.wanadoo.fr

GuestFromFrance to Bubba

Anon

to Bubba
I found the following and am totally not sure what to do.

ArchiveData(auto-quarantine- 2006-09-12 16-47-14.bckp)
Referencefile : SE1R123 12.09.2006
======================================================

WIN32.TROJAN.DOWNLOADER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Regkey : clsid\{48e59293-9880-11cf-9754-00aa00c00908}
obj[1]=Regkey : interface\{48e59291-9880-11cf-9754-00aa00c00908}
obj[2]=Regkey : typelib\{48e59290-9880-11cf-9754-00aa00c00908}
obj[5]=Regkey : inetctls.inet
obj[6]=Regkey : inetctls.inet.1
obj[7]=Regkey : software\microsoft\windows\currentversion\policies\activedesktop

BARGAINBUDDY
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[3]=Regkey : S-1-5-21-3111597347-2737576788-3210619613-1007\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}

WIN32.TROJAN.AGENT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[4]=Regkey : S-1-5-21-3111597347-2737576788-3210619613-1007\software\microsoft\windows\currentversion\ext\stats\{b45ff030-4447-11d2-85de-00c04fa35c89}
obj[8]=RegValue : software\microsoft\internet explorer\main "Window title"
obj[9]=RegValue : software\microsoft\windows\currentversion\explorer\advanced "Start_ShowRun"

Please Help

CalamityJane
Premium Member
join:2002-08-27
Eustis, FL

CalamityJane

Premium Member

Hello GuestFromFrance,

Those are most likely false postives. Just ignore them for now until Lavasoft Research has a chance to look at these, and then issue a corrected update.

Chris 313
Because It's Geekier
Premium Member
join:2004-07-18
Houma, LA
·AT&T FTTP
·Comcast XFINITY

Chris 313

Premium Member

said by CalamityJane:

Hello GuestFromFrance,

Those are most likely false postives. Just ignore them for now until Lavasoft Research has a chance to look at these, and then issue a corrected update.
I got those FPs as well and removed them. Was there any problem with that?
Gianni45
join:2004-08-22

1 recommendation

Gianni45 to dp

Member

to dp
Same problem here...

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{48e59291-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{48e59290-9880-11cf-9754-00aa00c00908}

Adware.AdMedia Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-242286658-708711241-2795454051-1008\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-242286658-708711241-2795454051-1008\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}

Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Virus
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-242286658-708711241-2795454051-1008\software\microsoft\windows\currentversion\ext\stats\{b45ff030-4447-11d2-85de-00c04fa35c89}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 6

i didn't remove anything...THANKS for heads-up!

Normandie
join:2006-09-12

Normandie to CalamityJane

Member

to CalamityJane
So should we restore them if we took them out! What problems might this cause if we don't restore them and shut down the computer?

Thanks,
Normandie (formerly "GuestFromFrance")

sashwa
Mod
join:2001-01-29
Alcatraz
446.4 4.0

1 recommendation

sashwa to dp

Mod

to dp
I ended up with 13 --

ArchiveData(auto-quarantine- 2006-09-12 09-02-23.bckp)
Referencefile : SE1R123 12.09.2006
======================================================

WIN32.TROJAN.DOWNLOADER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Regkey : clsid\{48e59293-9880-11cf-9754-00aa00c00908}
obj[1]=Regkey : interface\{48e59291-9880-11cf-9754-00aa00c00908}
obj[2]=Regkey : typelib\{48e59290-9880-11cf-9754-00aa00c00908}
obj[7]=Regkey : inetctls.inet
obj[8]=Regkey : inetctls.inet.1

ADWARE.ADMEDIA
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[3]=Regkey : S-1-5-21-1348100749-3355621399-706083027-1006\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}
obj[9]=Regkey : software\microsoft\windows\currentversion\internet settings\zonemap\domains\media-motor.net
obj[10]=Regkey : software\microsoft\windows\currentversion\internet settings\zonemap\domains\mmohsix.com

BARGAINBUDDY
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[4]=Regkey : S-1-5-21-1348100749-3355621399-706083027-1006\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}
obj[11]=RegData : software\microsoft\internet explorer\main "Use Search Asst"

WIN32.TROJAN.AGENT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[5]=Regkey : S-1-5-21-1348100749-3355621399-706083027-1006\software\microsoft\windows\currentversion\ext\stats\{b45ff030-4447-11d2-85de-00c04fa35c89}
obj[12]=RegValue : software\microsoft\windows\currentversion\explorer\advanced "Start_ShowRun"

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[6]=IECache Entry : Cookie:XXXXXX@apmebf.com/
Jer03
join:2006-08-16
Las Cruces, NM

Jer03 to dp

Member

to dp
I also got the "trojan downloader" and barginbuddy on both of my computers when I scanned with AdAware. They are in quarantine. I thought they were FP, and I have scanned with BD, KAV6, F-Secure, Counterspy, Zero Spyware, and SuperAntiSpywsre without any detections.

Remove them from quarantine or just let them sit for awhile?

Thanks,
Jerry

CalamityJane
Premium Member
join:2002-08-27
Eustis, FL

CalamityJane to Normandie

Premium Member

to Normandie
Normandie and anyone else wondering or have already removed them,

Look in your quarantine list and restore them from there. I'm pretty sure these are FPs so let's wait to see before you remove anything permanently.

Open your quarantine list from the main screen. Locate the items removed on the last scan and rightclick the item in the list. Then choose *Restore selected*

Normandie
join:2006-09-12

1 edit

1 recommendation

Normandie

Member

CalamityJane,

Thanks, have restored them and now will wait and see.

Have a good day,
Normandie

jmorlan
Hmm... That's funny.
MVM
join:2001-02-05
Pacifica, CA
ARRIS BGW210-700
Obihai OBi200

1 recommendation

jmorlan to dp

MVM

to dp
I got 10 plus one "tracking cookie":

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{48e59291-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1710738407-720897496-4103935507-1005\software\classes\typelib\{48e59290-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{48e59290-9880-11cf-9754-00aa00c00908}

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1710738407-720897496-4103935507-1005\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}

Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Virus
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1710738407-720897496-4103935507-1005\software\microsoft\windows\currentversion\ext\stats\{b45ff030-4447-11d2-85de-00c04fa35c89}

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : inetctls.inet

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : inetctls.inet.1

BargainBuddy Object Recognized!
Type : RegData
Data : no
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

Win32.Trojan.Agent Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Virus
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\explorer\advanced
Value : Start_ShowRun

CalamityJane
Premium Member
join:2002-08-27
Eustis, FL

CalamityJane to Normandie

Premium Member

to Normandie
Ok, Normandie! We'll post here when the new update is available
CalamityJane

CalamityJane to dp

Premium Member

to dp
It is the new regsitry entries you are seeing for these two:

Win32.Trojan.Agent
BargainBuddy


And additionally in Sashwa's log, these two which are probably from Eric Howe's IESPYAD in the restricted zone. I had these yesterday in the beta release and reported them, but maybe they missed my report. In any case these are FPs too, I'm pretty sure (I had the same ones)

obj[9]=Regkey : software\microsoft\windows\currentversion\internet settings\zonemap\domains\media-motor.net

obj[10]=Regkey : software\microsoft\windows\currentversion\internet settings\zonemap\domains\mmohsix.com

Check the dword value on those keys Sash and if they are a 4 then that is ok

Mokey2000
Mokey
join:2001-02-22
Dixie

Mokey2000 to dp

Member

to dp
Got 11 New critical objects, how many are FP's

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{48e59291-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{48e59290-9880-11cf-9754-00aa00c00908}

Alexa Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 11
Objects found so far: 11

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11

CalamityJane
Premium Member
join:2002-08-27
Eustis, FL

1 edit

CalamityJane

Premium Member

I believe just the first two three Mokey2000. The ones that are id'd as:
Win32.Trojan.Downloader

I have not seen any reports of the ones seen as Alexa being an FP

Edit: Can't count

sashwa
Mod
join:2001-01-29
Alcatraz

sashwa to CalamityJane

Mod

to CalamityJane
Janie, both those Dword values of those entries are 4.

Also, I'm not using Eric Howe's IESPYAD. I do use Spybot immunization though. So maybe Spybot has them listed too.

CalamityJane
Premium Member
join:2002-08-27
Eustis, FL

CalamityJane

Premium Member

said by sashwa:

Janie, both those Dword values of those entries are 4.

Also, I'm not using Eric Howe's IESPYAD. I do use Spybot immunization though. So maybe Spybot has them listed too.
Ok, a 4 is good. Whatever put it there has put that site into the IE restricted zone. So don't "fix it", it's a FP, too.

sashwa
Mod
join:2001-01-29
Alcatraz

sashwa

Mod

Thanks, Janie. I restored the quarantined files and waiting to hear about a fix before I put the stuff back in quarantine.

johnburns
join:2004-10-14
Oklahoma City, OK

johnburns to dp

Member

to dp
I seem to have a very similar problem: After I downloaded the LavaSoft AdAware new definitions today, I got this:

ArchiveData(auto-quarantine- 2006-09-12 11-18-18.bckp)
Referencefile : SE1R123 12.09.2006
======================================================

MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU FileReference : C:\Documents and Settings\John R Burns\recent\Desktop.ini
obj[2]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
obj[3]=MRU RegReference : S-1-5-21-3818105423-895719299-1048318793-1006\software\microsoft\microsoft management console\recent file list

WIN32.TROJAN.DOWNLOADER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[3]=Regkey : clsid\{48e59293-9880-11cf-9754-00aa00c00908}
obj[4]=Regkey : interface\{48e59291-9880-11cf-9754-00aa00c00908}
obj[5]=Regkey : typelib\{48e59290-9880-11cf-9754-00aa00c00908}
obj[6]=Regkey : inetctls.inet
obj[7]=Regkey : inetctls.inet.1
obj[8]=Regkey : software\microsoft\windows\currentversion\policies\activedesktop

Buddel
If it ain't broke, don't fix it.
Premium Member
join:2004-03-06
EU

Buddel to dp

Premium Member

to dp
Same problems here. Let's hope they will soon be fixed.

onDvine
Grown up Flower Child
Premium Member
join:2005-01-29
So. CA, USA

1 edit

1 recommendation

onDvine to dp

Premium Member

to dp
I thought it was odd that I'd picked up stuff without going anyplace unfamiliar. Have restored the items from quarantine, as well. Thanks.

PCFlyer
@dsl.net

1 recommendation

PCFlyer to CalamityJane

Anon

to CalamityJane
Object : inetctls.inet
Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}

FP! These two are related to inetctls.inet and are totally valid for at least some VB & VB.Net applications, especially for developers. If you remove them, I bet your VB apps won't run, compile, and/or load properly.

I do not know about the BarginBuddy entry.
{d27cdb6e-ae6d-11cf-96b8-444553540000}

Fortunately I was thinking FPs as soon as I saw these. So I ran full bore Norton AV, SpyBot, Windows Defender, Hijack,etc., none of which found or reported these.
.
fulltext
join:2000-10-14
Miami, FL

1 recommendation

fulltext to onDvine

Member

to onDvine
8 here - Note running IE7 RC2, Norton 360 Beta

Using definitions file:SE1R123 12.09.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy(TAC index:8):2 total references
Win32.Trojan.Agent(TAC index:10):1 total references
Win32.Trojan.Downloader(TAC index:10):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{48e59291-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{48e59290-9880-11cf-9754-00aa00c00908}

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-1844237615-839522115-1003\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}

Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Virus
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-1844237615-839522115-1003\software\microsoft\windows\currentversion\ext\stats\{b45ff030-4447-11d2-85de-00c04fa35c89}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 5

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : inetctls.inet

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : inetctls.inet.1

BargainBuddy Object Recognized!
Type : RegData
Data : no
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 8

puzzled-guest
@optonline.net

puzzled-guest to dp

Anon

to dp
so what if you've already deleted all these entries and don't have them in quarantine.

can they be replaced from another source?

mikeStrz
@201.230.x.x

mikeStrz

Anon

Same here!

I guess XP's SystemRestore would do the trick

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

antdude to CalamityJane

Premium Member

to CalamityJane
Me too just now. I ignored them after reading this forum. Thank you!

Is it me or have there been too many FPs lately?

mers2
Premium Member
join:2004-03-20
USA

mers2 to dp

Premium Member

to dp
FPs are the reason to always quarantine and not delete.