dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
9
share rss forum feed


Bubba
GIT-R-DONE
Premium,MVM
join:2002-08-19
St. Andrews
Reviews:
·Pickwick Cablevi..
·DIRECTV

1 recommendation

reply to dp

Re: Ad-Aware Sept. 12 Update - FP??

Hope you don't mind DP but I would like to post an additional possible FP for Shockwave Flash Object ?

quote:
Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, September 12, 2006 9:20:43 AM
Using definitions file:SE1R123 12.09.2006

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1708537768-1897051121-1801674531-1003\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}


GuestFromFrance

@abo.wanadoo.fr

I found the following and am totally not sure what to do.

ArchiveData(auto-quarantine- 2006-09-12 16-47-14.bckp)
Referencefile : SE1R123 12.09.2006
======================================================

WIN32.TROJAN.DOWNLOADER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Regkey : clsid\{48e59293-9880-11cf-9754-00aa00c00908}
obj[1]=Regkey : interface\{48e59291-9880-11cf-9754-00aa00c00908}
obj[2]=Regkey : typelib\{48e59290-9880-11cf-9754-00aa00c00908}
obj[5]=Regkey : inetctls.inet
obj[6]=Regkey : inetctls.inet.1
obj[7]=Regkey : software\microsoft\windows\currentversion\policies\activedesktop

BARGAINBUDDY
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[3]=Regkey : S-1-5-21-3111597347-2737576788-3210619613-1007\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}

WIN32.TROJAN.AGENT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[4]=Regkey : S-1-5-21-3111597347-2737576788-3210619613-1007\software\microsoft\windows\currentversion\ext\stats\{b45ff030-4447-11d2-85de-00c04fa35c89}
obj[8]=RegValue : software\microsoft\internet explorer\main "Window title"
obj[9]=RegValue : software\microsoft\windows\currentversion\explorer\advanced "Start_ShowRun"

Please Help


CalamityJane
Premium,MVM
join:2002-08-27
Eustis, FL
kudos:8

Hello GuestFromFrance,

Those are most likely false postives. Just ignore them for now until Lavasoft Research has a chance to look at these, and then issue a corrected update.



Chris 313
Come get some
Premium
join:2004-07-18
Houma, LA
kudos:1
Reviews:
·AT&T U-Verse
·Vonage
·Comcast
·Comcast Digital ..

said by CalamityJane:

Hello GuestFromFrance,

Those are most likely false postives. Just ignore them for now until Lavasoft Research has a chance to look at these, and then issue a corrected update.
I got those FPs as well and removed them. Was there any problem with that?


Normandie

join:2006-09-12
reply to CalamityJane

So should we restore them if we took them out! What problems might this cause if we don't restore them and shut down the computer?

Thanks,
Normandie (formerly "GuestFromFrance")



CalamityJane
Premium,MVM
join:2002-08-27
Eustis, FL
kudos:8

Normandie and anyone else wondering or have already removed them,

Look in your quarantine list and restore them from there. I'm pretty sure these are FPs so let's wait to see before you remove anything permanently.

Open your quarantine list from the main screen. Locate the items removed on the last scan and rightclick the item in the list. Then choose *Restore selected*
--

It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals)


Normandie

join:2006-09-12

1 edit

1 recommendation

CalamityJane,

Thanks, have restored them and now will wait and see.

Have a good day,
Normandie



CalamityJane
Premium,MVM
join:2002-08-27
Eustis, FL
kudos:8

Ok, Normandie! We'll post here when the new update is available



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable
reply to CalamityJane

Me too just now. I ignored them after reading this forum. Thank you!

Is it me or have there been too many FPs lately?



Normandie

join:2006-09-12
reply to CalamityJane

CalamityJane,

There is a new update out, this morning,(Europe Time), I am testing it now and will get back in a few minutes.

Normandie



kcazzie
One Of Jerry's Kids
Premium
join:2000-08-13
Morton Grove, IL

2 edits

said by Normandie:

CalamityJane,

There is a new update out, this morning,(Europe Time), I am testing it now and will get back in a few minutes.

Normandie
Same here in the U.S., also testing...{New update Date is 9/13/06}

Edit; Just ended testing new update and all looks just fine on my two PCs...