dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
13114
share rss forum feed


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
reply to Stoffe

Re: Ad-Aware Sept. 12 Update - FP??

All fine here now..& thanks for the quick correction



FFH
Premium
join:2002-03-03
Tavistock NJ
kudos:5
reply to Santori3

Re: Ad-Aware Sept. 13 Update - FP??

said by Santori3:

DIAREMOVER
ArchiveData(Diaremover.bckp)Referencefile : SE1R123 13.09.2006====================================================== DIAREMOVER»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»obj[0]=Regkey : S-1-5-21-357967339-2304659736-1445258045-1005\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}

I had this one too...Looks like a FP...?...
I had the same thing. Probably another false positive.
--
--
Join Red Room Forum
BLOG tkjunkmail.blogspot.com
My Web Page


Bubba
GIT-R-DONE
Premium,MVM
join:2002-08-19
St. Andrews
Reviews:
·Pickwick Cablevi..
·DIRECTV
reply to dp

Re: Ad-Aware Sept. 12 Update - FP??

Just a tad more tweaking needed concerning Class ID 72267f6a-a6f9-11d0-bc94-00c04fb67863

**Yesterdays log result using definitions file:SE1R123 12.09.2006:**
quote:
Adware.AdMedia Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1708537768-1897051121-1801674531-1003\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}
**Todays log result using definitions file:SE1R123 13.09.2006:**
quote:
Diaremover Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1708537768-1897051121-1801674531-1003\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}

Gianni45

join:2004-08-22
reply to Santori3

Re: Ad-Aware Sept. 13 Update - FP??

yep, sounds as they fixed 'old' FPs and added a NEW 1 imo...

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Diaremover Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-242286658-708711241-2795454051-1008\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


jmorlan
Hmm... That's funny.
Premium,MVM
join:2001-02-05
Pacifica, CA
kudos:4
reply to dp

Re: Ad-Aware Sept. 12 Update - FP??

Latest definitions fixed all my FPs except this one:

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : xxx xxxxx@live365[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:xxx xxxxx@live365.com/
Expires : 9-15-2011 7:38:32 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1

I have placed this cookie on my "ignore" list many times, but AdAware always detects it anyway.

Thanks.



sashwa
Premium,Mod
join:2001-01-29
Alcatraz
kudos:17
reply to dp

Thanks for the update. I'll try when I get home tonight.



norwegian
Premium
join:2005-02-15
Outback
reply to dp

Didn't know of this issue till tonight (here), only got one serious issue, but looking at the rest here, it seems relative to a similar key :-

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Diaremover Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-1336601894-725345543-1004\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke


CalamityJane
Premium,MVM
join:2002-08-27
Eustis, FL
kudos:8

1 recommendation

said by norwegian:

Didn't know of this issue till tonight (here), only got one serious issue, but looking at the rest here, it seems relative to a similar key :-

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Diaremover Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1935655697-1336601894-725345543-1004\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}
Thanks for the reports all. I don't think we had that one last night - but it's been reported now, so please don't delete that one either until Research has had a chance to examine it.
--

It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals)


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable

1 recommendation

reply to Buddel

said by Buddel:

~~~INFO ONLY~~~

SE1R123 13.09.2006 Is Now Available, New Definition file for Ad-Aware SE

============================================
Definition file Notification - Lavasoft News
============================================
SE1R123 13.09.2006
Thanks. It works fine on my home machine now.
--
Ant @ The Ant Farm: »antfarm.ma.cx ... Please do not IM/e-mail me for technical support. Use the forum (I check often)! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.


norwegian
Premium
join:2005-02-15
Outback
reply to dp


Thanks C.J. for the report, and no didn't delete that one either, so will leave it as is.

Antdude,

My detected key was using that update. Internal build 150 though, are you refering to a change in the internal build, or will it be a different definitions.
--
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke


reply to dp

I get this FP using the September 13 2006 update.

Diaremover
HKEY_USERS
S-1-5-21-1482476501-2139871995-682003330-1004\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}

Logfile of HijackThis v1.99.1
Scan saved at 5:47:28 PM, on 9/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\lexpps.exe
F:\WINDOWS\system32\svchost.exe
G:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
F:\WINDOWS\system32\notepad.exe
F:\Documents and Settings\Office Admin\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE


CalamityJane
Premium,MVM
join:2002-08-27
Eustis, FL
kudos:8

4 recommendations

reply to dp

Today's latest update resolves the Diaremover false detection.
Check for the new reference file on the updates: SE1R123 14.09.2006
»SE1R123 14.09.2006 is now availiable, new definition file for Ad



sashwa
Premium,Mod
join:2001-01-29
Alcatraz
kudos:17

1 recommendation

Thanks, Janie. I'll try it when I get home.



sashwa
Premium,Mod
join:2001-01-29
Alcatraz
kudos:17

1 recommendation

reply to CalamityJane

No FP this time.



norwegian
Premium
join:2005-02-15
Outback

1 recommendation

reply to dp

All good here too.