dp MVM join:2000-12-08 Greensburg, PA 2 edits
1 recommendation |
dp
MVM
2006-Sep-12 9:53 am
Ad-Aware Sept. 12 Update - FP??Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojan.Downloader Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}
Win32.Trojan.Downloader Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{48e59291-9880-11cf-9754-00aa00c00908}
Win32.Trojan.Downloader Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{48e59290-9880-11cf-9754-00aa00c00908}
Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 3 Objects found so far: 3
Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 3
Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojan.Downloader Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : inetctls.inet
Win32.Trojan.Downloader Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : inetctls.inet.1
Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 5 |
|
Corrine Premium Member join:2004-08-27
1 recommendation |
Corrine
Premium Member
2006-Sep-12 10:46 am
Appears to be. I received an inquiry at another site from a malware fighter where the following popped up after the update:
Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1671070149-3917440862-2804098082-500\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}
Win32.Trojan.Agent Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Virus Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1671070149-3917440862-2804098082-500\software\microsoft\windows\currentversion\ext\stats\{b45ff030-4447-11d2-85de-00c04fa35c89}
Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 2 |
|
BubbaGIT-R-DONE MVM join:2002-08-19 St. Andrews
1 recommendation |
Bubba to dp
MVM
2006-Sep-12 10:47 am
to dp
Hope you don't mind DP but I would like to post an additional possible FP for Shockwave Flash Object ? quote: Ad-Aware SE Build 1.06r1 Logfile Created on:Tuesday, September 12, 2006 9:20:43 AM Using definitions file:SE1R123 12.09.2006
BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1708537768-1897051121-1801674531-1003\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}
|
|
Corrine Premium Member join:2004-08-27
1 recommendation |
Corrine to dp
Premium Member
2006-Sep-12 11:15 am
to dp
CalamityJane advised that these have been reported to LS Research |
|
|
GuestFromFrance to Bubba
Anon
2006-Sep-12 11:45 am
to Bubba
I found the following and am totally not sure what to do.
ArchiveData(auto-quarantine- 2006-09-12 16-47-14.bckp) Referencefile : SE1R123 12.09.2006 ======================================================
WIN32.TROJAN.DOWNLOADER »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[0]=Regkey : clsid\{48e59293-9880-11cf-9754-00aa00c00908} obj[1]=Regkey : interface\{48e59291-9880-11cf-9754-00aa00c00908} obj[2]=Regkey : typelib\{48e59290-9880-11cf-9754-00aa00c00908} obj[5]=Regkey : inetctls.inet obj[6]=Regkey : inetctls.inet.1 obj[7]=Regkey : software\microsoft\windows\currentversion\policies\activedesktop
BARGAINBUDDY »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[3]=Regkey : S-1-5-21-3111597347-2737576788-3210619613-1007\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}
WIN32.TROJAN.AGENT »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[4]=Regkey : S-1-5-21-3111597347-2737576788-3210619613-1007\software\microsoft\windows\currentversion\ext\stats\{b45ff030-4447-11d2-85de-00c04fa35c89} obj[8]=RegValue : software\microsoft\internet explorer\main "Window title" obj[9]=RegValue : software\microsoft\windows\currentversion\explorer\advanced "Start_ShowRun"
Please Help |
|
|
Hello GuestFromFrance, Those are most likely false postives. Just ignore them for now until Lavasoft Research has a chance to look at these, and then issue a corrected update. |
|
Chris 313Because It's Geekier Premium Member join:2004-07-18 Houma, LA ·AT&T FTTP ·Comcast XFINITY
|
Chris 313
Premium Member
2006-Sep-12 12:13 pm
said by CalamityJane:Hello GuestFromFrance, Those are most likely false postives. Just ignore them for now until Lavasoft Research has a chance to look at these, and then issue a corrected update. I got those FPs as well and removed them. Was there any problem with that? |
|
1 recommendation |
to dp
Same problem here... Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Win32.Trojan.Downloader Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908} Win32.Trojan.Downloader Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{48e59291-9880-11cf-9754-00aa00c00908} Win32.Trojan.Downloader Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{48e59290-9880-11cf-9754-00aa00c00908} Adware.AdMedia Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Adware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-242286658-708711241-2795454051-1008\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863} BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-242286658-708711241-2795454051-1008\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000} Win32.Trojan.Agent Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Virus Comment : Rootkey : HKEY_USERS Object : S-1-5-21-242286658-708711241-2795454051-1008\software\microsoft\windows\currentversion\ext\stats\{b45ff030-4447-11d2-85de-00c04fa35c89} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 6 Objects found so far: 6 i didn't remove anything...THANKS for heads-up! |
|
|
to CalamityJane
So should we restore them if we took them out! What problems might this cause if we don't restore them and shut down the computer?
Thanks, Normandie (formerly "GuestFromFrance") |
|
sashwa Mod join:2001-01-29 Alcatraz 446.4 4.0
1 recommendation |
to dp
I ended up with 13 --
ArchiveData(auto-quarantine- 2006-09-12 09-02-23.bckp) Referencefile : SE1R123 12.09.2006 ======================================================
WIN32.TROJAN.DOWNLOADER »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[0]=Regkey : clsid\{48e59293-9880-11cf-9754-00aa00c00908} obj[1]=Regkey : interface\{48e59291-9880-11cf-9754-00aa00c00908} obj[2]=Regkey : typelib\{48e59290-9880-11cf-9754-00aa00c00908} obj[7]=Regkey : inetctls.inet obj[8]=Regkey : inetctls.inet.1
ADWARE.ADMEDIA »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[3]=Regkey : S-1-5-21-1348100749-3355621399-706083027-1006\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863} obj[9]=Regkey : software\microsoft\windows\currentversion\internet settings\zonemap\domains\media-motor.net obj[10]=Regkey : software\microsoft\windows\currentversion\internet settings\zonemap\domains\mmohsix.com
BARGAINBUDDY »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[4]=Regkey : S-1-5-21-1348100749-3355621399-706083027-1006\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000} obj[11]=RegData : software\microsoft\internet explorer\main "Use Search Asst"
WIN32.TROJAN.AGENT »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[5]=Regkey : S-1-5-21-1348100749-3355621399-706083027-1006\software\microsoft\windows\currentversion\ext\stats\{b45ff030-4447-11d2-85de-00c04fa35c89} obj[12]=RegValue : software\microsoft\windows\currentversion\explorer\advanced "Start_ShowRun"
TRACKING COOKIE »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[6]=IECache Entry : Cookie:XXXXXX@apmebf.com/ |
|
|
Jer03 join:2006-08-16 Las Cruces, NM |
Jer03 to dp
Member
2006-Sep-12 1:41 pm
to dp
I also got the "trojan downloader" and barginbuddy on both of my computers when I scanned with AdAware. They are in quarantine. I thought they were FP, and I have scanned with BD, KAV6, F-Secure, Counterspy, Zero Spyware, and SuperAntiSpywsre without any detections.
Remove them from quarantine or just let them sit for awhile?
Thanks, Jerry |
|
|
to Normandie
Normandie and anyone else wondering or have already removed them, Look in your quarantine list and restore them from there. I'm pretty sure these are FPs so let's wait to see before you remove anything permanently. Open your quarantine list from the main screen. Locate the items removed on the last scan and rightclick the item in the list. Then choose *Restore selected* |
|
1 edit
1 recommendation |
CalamityJane,
Thanks, have restored them and now will wait and see.
Have a good day, Normandie |
|
jmorlanHmm... That's funny. MVM join:2001-02-05 Pacifica, CA ARRIS BGW210-700 Obihai OBi200
1 recommendation |
to dp
I got 10 plus one "tracking cookie":
Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojan.Downloader Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}
Win32.Trojan.Downloader Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{48e59291-9880-11cf-9754-00aa00c00908}
Win32.Trojan.Downloader Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1710738407-720897496-4103935507-1005\software\classes\typelib\{48e59290-9880-11cf-9754-00aa00c00908}
Win32.Trojan.Downloader Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{48e59290-9880-11cf-9754-00aa00c00908}
BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1710738407-720897496-4103935507-1005\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}
Win32.Trojan.Agent Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Virus Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1710738407-720897496-4103935507-1005\software\microsoft\windows\currentversion\ext\stats\{b45ff030-4447-11d2-85de-00c04fa35c89}
Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojan.Downloader Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : inetctls.inet
Win32.Trojan.Downloader Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : inetctls.inet.1
BargainBuddy Object Recognized! Type : RegData Data : no TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Use Search Asst Data : no
Win32.Trojan.Agent Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Virus Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\windows\currentversion\explorer\advanced Value : Start_ShowRun |
|
|
to Normandie
Ok, Normandie! We'll post here when the new update is available |
|
CalamityJane |
to dp
It is the new regsitry entries you are seeing for these two: Win32.Trojan.Agent BargainBuddyAnd additionally in Sashwa's log, these two which are probably from Eric Howe's IESPYAD in the restricted zone. I had these yesterday in the beta release and reported them, but maybe they missed my report. In any case these are FPs too, I'm pretty sure (I had the same ones) obj[9]=Regkey : software\microsoft\windows\currentversion\internet settings\zonemap\domains\media-motor.net obj[10]=Regkey : software\microsoft\windows\currentversion\internet settings\zonemap\domains\mmohsix.com Check the dword value on those keys Sash and if they are a 4 then that is ok |
|
|
to dp
Got 11 New critical objects, how many are FP's
Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0
Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojan.Downloader Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}
Win32.Trojan.Downloader Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{48e59291-9880-11cf-9754-00aa00c00908}
Win32.Trojan.Downloader Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{48e59290-9880-11cf-9754-00aa00c00908}
Alexa Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Alexa Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : MenuStatusBar
Alexa Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : Script
Alexa Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : clsid
Alexa Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : Icon
Alexa Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : HotIcon
Alexa Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} Value : ButtonText
Alexa Object Recognized! Type : RegValue Data : TAC Rating : 5 Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 11 Objects found so far: 11
Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 11 |
|
1 edit |
I believe just the first two three Mokey2000. The ones that are id'd as: Win32.Trojan.Downloader I have not seen any reports of the ones seen as Alexa being an FP Edit: Can't count |
|
sashwa Mod join:2001-01-29 Alcatraz |
to CalamityJane
Janie, both those Dword values of those entries are 4.
Also, I'm not using Eric Howe's IESPYAD. I do use Spybot immunization though. So maybe Spybot has them listed too. |
|
|
said by sashwa:Janie, both those Dword values of those entries are 4. Also, I'm not using Eric Howe's IESPYAD. I do use Spybot immunization though. So maybe Spybot has them listed too. Ok, a 4 is good. Whatever put it there has put that site into the IE restricted zone. So don't "fix it", it's a FP, too. |
|
sashwa Mod join:2001-01-29 Alcatraz |
sashwa
Mod
2006-Sep-12 4:23 pm
Thanks, Janie. I restored the quarantined files and waiting to hear about a fix before I put the stuff back in quarantine. |
|
|
to dp
I seem to have a very similar problem: After I downloaded the LavaSoft AdAware new definitions today, I got this:
ArchiveData(auto-quarantine- 2006-09-12 11-18-18.bckp) Referencefile : SE1R123 12.09.2006 ======================================================
MRU LIST »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[0]=MRU FileReference : C:\Documents and Settings\John R Burns\recent\Desktop.ini obj[2]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name obj[3]=MRU RegReference : S-1-5-21-3818105423-895719299-1048318793-1006\software\microsoft\microsoft management console\recent file list
WIN32.TROJAN.DOWNLOADER »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[3]=Regkey : clsid\{48e59293-9880-11cf-9754-00aa00c00908} obj[4]=Regkey : interface\{48e59291-9880-11cf-9754-00aa00c00908} obj[5]=Regkey : typelib\{48e59290-9880-11cf-9754-00aa00c00908} obj[6]=Regkey : inetctls.inet obj[7]=Regkey : inetctls.inet.1 obj[8]=Regkey : software\microsoft\windows\currentversion\policies\activedesktop |
|
BuddelIf it ain't broke, don't fix it. Premium Member join:2004-03-06 EU |
Buddel to dp
Premium Member
2006-Sep-12 4:34 pm
to dp
Same problems here. Let's hope they will soon be fixed. |
|
onDvineGrown up Flower Child Premium Member join:2005-01-29 So. CA, USA 1 edit
1 recommendation |
onDvine to dp
Premium Member
2006-Sep-12 4:47 pm
to dp
I thought it was odd that I'd picked up stuff without going anyplace unfamiliar. Have restored the items from quarantine, as well. Thanks. |
|
1 recommendation |
to CalamityJane
Object : inetctls.inet Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}
FP! These two are related to inetctls.inet and are totally valid for at least some VB & VB.Net applications, especially for developers. If you remove them, I bet your VB apps won't run, compile, and/or load properly.
I do not know about the BarginBuddy entry. {d27cdb6e-ae6d-11cf-96b8-444553540000}
Fortunately I was thinking FPs as soon as I saw these. So I ran full bore Norton AV, SpyBot, Windows Defender, Hijack,etc., none of which found or reported these. . |
|
1 recommendation |
to onDvine
8 here - Note running IE7 RC2, Norton 360 Beta
Using definitions file:SE1R123 12.09.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» BargainBuddy(TAC index:8):2 total references Win32.Trojan.Agent(TAC index:10):1 total references Win32.Trojan.Downloader(TAC index:10):5 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojan.Downloader Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}
Win32.Trojan.Downloader Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{48e59291-9880-11cf-9754-00aa00c00908}
Win32.Trojan.Downloader Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{48e59290-9880-11cf-9754-00aa00c00908}
BargainBuddy Object Recognized! Type : Regkey Data : TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-527237240-1844237615-839522115-1003\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}
Win32.Trojan.Agent Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Virus Comment : Rootkey : HKEY_USERS Object : S-1-5-21-527237240-1844237615-839522115-1003\software\microsoft\windows\currentversion\ext\stats\{b45ff030-4447-11d2-85de-00c04fa35c89}
Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 5 Objects found so far: 5
Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Win32.Trojan.Downloader Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : inetctls.inet
Win32.Trojan.Downloader Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : inetctls.inet.1
BargainBuddy Object Recognized! Type : RegData Data : no TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Use Search Asst Data : no
Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 3 Objects found so far: 8 |
|
|
puzzled-guest to dp
Anon
2006-Sep-12 11:03 pm
to dp
so what if you've already deleted all these entries and don't have them in quarantine.
can they be replaced from another source? |
|
|
mikeStrz
Anon
2006-Sep-13 1:07 am
Same here! I guess XP's SystemRestore would do the trick |
|
antdudeMatrix Ant Premium Member join:2001-03-25 US |
to CalamityJane
Me too just now. I ignored them after reading this forum. Thank you! Is it me or have there been too many FPs lately? |
|
mers2 Premium Member join:2004-03-20 USA |
mers2 to dp
Premium Member
2006-Sep-13 2:32 am
to dp
FPs are the reason to always quarantine and not delete. |
|