 lilhurricaneCrunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone |
to Stoffe
Re: Ad-Aware Sept. 12 Update - FP??All fine here now..& thanks for the quick correction |
|
 FFH5
Premium Member
join:2002-03-03
Tavistock NJ |
to Santori3
Re: Ad-Aware Sept. 13 Update - FP??said by Santori3:DIAREMOVER ArchiveData(Diaremover.bckp)Referencefile : SE1R123 13.09.2006====================================================== DIAREMOVER»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»obj[0]=Regkey : S-1-5-21-357967339-2304659736-1445258045-1005\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863} I had this one too...Looks like a FP...?... I had the same thing. Probably another false positive. |
|
 BubbaGIT-R-DONE
MVM
join:2002-08-19
St. Andrews |
Bubba to dp
MVM
2006-Sep-13 7:12 am
to dp
Re: Ad-Aware Sept. 12 Update - FP??Just a tad more tweaking needed concerning Class ID 72267f6a-a6f9-11d0-bc94-00c04fb67863**Yesterdays log result using definitions file:SE1R123 12.09.2006:** quote:
Adware.AdMedia Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1708537768-1897051121-1801674531-1003\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}
**Todays log result using definitions file:SE1R123 13.09.2006:** quote:
Diaremover Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1708537768-1897051121-1801674531-1003\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}
|
|
| |
to Santori3
Re: Ad-Aware Sept. 13 Update - FP??yep, sounds as they fixed 'old' FPs and added a NEW 1 imo...  Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Diaremover Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-242286658-708711241-2795454051-1008\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 1 |
|
 jmorlanHmm... That's funny.
MVM
join:2001-02-05
Pacifica, CA
Obihai OBi200
|
to dp
Re: Ad-Aware Sept. 12 Update - FP??Latest definitions fixed all my FPs except this one:
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : xxx xxxxx@live365[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:xxx xxxxx@live365.com/
Expires : 9-15-2011 7:38:32 AM
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1
I have placed this cookie on my "ignore" list many times, but AdAware always detects it anyway.
Thanks. |
|
|
 sashwa
Mod
join:2001-01-29
Alcatraz |
to dp
Thanks for the update. I'll try when I get home tonight. |
|
 norwegian
Premium Member
join:2005-02-15
Outback |
to dp
Didn't know of this issue till tonight (here), only got one serious issue, but looking at the rest here, it seems relative to a similar key :-
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Diaremover Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-1336601894-725345543-1004\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863} |
|
1 recommendation |
said by norwegian:Didn't know of this issue till tonight (here), only got one serious issue, but looking at the rest here, it seems relative to a similar key :- Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Diaremover Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1935655697-1336601894-725345543-1004\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863} Thanks for the reports all. I don't think we had that one last night - but it's been reported now, so please don't delete that one either until Research has had a chance to examine it. |
|
 antdudeMatrix Ant
Premium Member
join:2001-03-25
US
1 recommendation |
to Buddel
said by Buddel:~~~INFO ONLY~~~ SE1R123 13.09.2006 Is Now Available, New Definition file for Ad-Aware SE ============================================ Definition file Notification - Lavasoft News ============================================ SE1R123 13.09.2006 Thanks. It works fine on my home machine now.  |
|
norwegian
Premium Member
join:2005-02-15
Outback |
to dp
Thanks C.J. for the report, and no didn't delete that one either, so will leave it as is.
Antdude,
My detected key was using that update. Internal build 150 though, are you refering to a change in the internal build, or will it be a different definitions.
|
|
| |
polly want a cracker to dp
Anon
2006-Sep-13 8:50 pm
to dp
I get this FP using the September 13 2006 update.
Diaremover
HKEY_USERS
S-1-5-21-1482476501-2139871995-682003330-1004\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}
Logfile of HijackThis v1.99.1
Scan saved at 5:47:28 PM, on 9/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\lexpps.exe
F:\WINDOWS\system32\svchost.exe
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
F:\WINDOWS\system32\notepad.exe
F:\Documents and Settings\Office Admin\My Documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE |
|
4 recommendations |
to dp
Today's latest update resolves the Diaremover false detection. Check for the new reference file on the updates: SE1R123 14.09.2006 » SE1R123 14.09.2006 is now availiable, new definition file for Ad |
|
sashwa
Mod
join:2001-01-29
Alcatraz
1 recommendation |
sashwa
Mod
2006-Sep-14 10:33 am
Thanks, Janie. I'll try it when I get home. |
|
sashwa
1 recommendation |
to CalamityJane
No FP this time.  |
|
norwegian
Premium Member
join:2005-02-15
Outback
1 recommendation |
to dp
All good here too. |
|
