lilhurricaneCrunchin' For Cures Numquam oblita join:2003-01-11 Purple Zone |
to Stoffe
Re: Ad-Aware Sept. 12 Update - FP??All fine here now..& thanks for the quick correction |
|
FFH5 Premium Member join:2002-03-03 Tavistock NJ |
to Santori3
Re: Ad-Aware Sept. 13 Update - FP??said by Santori3:DIAREMOVER ArchiveData(Diaremover.bckp)Referencefile : SE1R123 13.09.2006====================================================== DIAREMOVER»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»obj[0]=Regkey : S-1-5-21-357967339-2304659736-1445258045-1005\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863} I had this one too...Looks like a FP...?... I had the same thing. Probably another false positive. |
|
BubbaGIT-R-DONE MVM join:2002-08-19 St. Andrews |
Bubba to dp
MVM
2006-Sep-13 7:12 am
to dp
Re: Ad-Aware Sept. 12 Update - FP??Just a tad more tweaking needed concerning Class ID 72267f6a-a6f9-11d0-bc94-00c04fb67863**Yesterdays log result using definitions file:SE1R123 12.09.2006:** quote: Adware.AdMedia Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Adware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1708537768-1897051121-1801674531-1003\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}
**Todays log result using definitions file:SE1R123 13.09.2006:** quote: Diaremover Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1708537768-1897051121-1801674531-1003\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}
|
|
|
to Santori3
Re: Ad-Aware Sept. 13 Update - FP??yep, sounds as they fixed 'old' FPs and added a NEW 1 imo... Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Diaremover Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-242286658-708711241-2795454051-1008\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 1 |
|
jmorlanHmm... That's funny. MVM join:2001-02-05 Pacifica, CA ARRIS BGW210-700 Obihai OBi200
|
to dp
Re: Ad-Aware Sept. 12 Update - FP??Latest definitions fixed all my FPs except this one:
Tracking Cookie Object Recognized! Type : IECache Entry Data : xxx xxxxx@live365[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:5 Value : Cookie:xxx xxxxx@live365.com/ Expires : 9-15-2011 7:38:32 AM LastSync : Hits:5 UseCount : 0 Hits : 5
Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 1
I have placed this cookie on my "ignore" list many times, but AdAware always detects it anyway.
Thanks. |
|
|
sashwa Mod join:2001-01-29 Alcatraz |
to dp
Thanks for the update. I'll try when I get home tonight. |
|
norwegian Premium Member join:2005-02-15 Outback |
to dp
Didn't know of this issue till tonight (here), only got one serious issue, but looking at the rest here, it seems relative to a similar key :-
Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Diaremover Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-1336601894-725345543-1004\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863} |
|
1 recommendation |
said by norwegian:Didn't know of this issue till tonight (here), only got one serious issue, but looking at the rest here, it seems relative to a similar key :- Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Diaremover Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-1336601894-725345543-1004\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863} Thanks for the reports all. I don't think we had that one last night - but it's been reported now, so please don't delete that one either until Research has had a chance to examine it. |
|
antdudeMatrix Ant Premium Member join:2001-03-25 US
1 recommendation |
to Buddel
said by Buddel:~~~INFO ONLY~~~ SE1R123 13.09.2006 Is Now Available, New Definition file for Ad-Aware SE ============================================ Definition file Notification - Lavasoft News ============================================ SE1R123 13.09.2006 Thanks. It works fine on my home machine now. |
|
norwegian Premium Member join:2005-02-15 Outback |
to dp
Thanks C.J. for the report, and no didn't delete that one either, so will leave it as is.
Antdude,
My detected key was using that update. Internal build 150 though, are you refering to a change in the internal build, or will it be a different definitions.
|
|
|
polly want a cracker to dp
Anon
2006-Sep-13 8:50 pm
to dp
I get this FP using the September 13 2006 update.
Diaremover HKEY_USERS S-1-5-21-1482476501-2139871995-682003330-1004\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}
Logfile of HijackThis v1.99.1 Scan saved at 5:47:28 PM, on 9/13/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\LEXBCES.EXE F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\system32\lexpps.exe F:\WINDOWS\system32\svchost.exe G:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe F:\WINDOWS\system32\notepad.exe F:\Documents and Settings\Office Admin\My Documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing) O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE |
|
4 recommendations |
to dp
Today's latest update resolves the Diaremover false detection. Check for the new reference file on the updates: SE1R123 14.09.2006 » SE1R123 14.09.2006 is now availiable, new definition file for Ad |
|
sashwa Mod join:2001-01-29 Alcatraz
1 recommendation |
sashwa
Mod
2006-Sep-14 10:33 am
Thanks, Janie. I'll try it when I get home. |
|
sashwa
1 recommendation |
to CalamityJane
No FP this time. |
|
norwegian Premium Member join:2005-02-15 Outback
1 recommendation |
to dp
All good here too. |
|