dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
13138
share rss forum feed


dp
Premium,MVM
join:2000-12-08
Greensburg, PA
kudos:7

2 edits

1 recommendation

Ad-Aware Sept. 12 Update - FP??

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{48e59291-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{48e59290-9880-11cf-9754-00aa00c00908}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 3

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : inetctls.inet

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : inetctls.inet.1

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 5
--
Write your questions down on the back of a $20 dollar bill and send them to me
Microsoft MVP/Windows Security 2004-2006



Corrine
Premium
join:2004-08-27
kudos:2

1 recommendation

Appears to be. I received an inquiry at another site from a malware fighter where the following popped up after the update:

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1671070149-3917440862-2804098082-500\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}

Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Virus
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1671070149-3917440862-2804098082-500\software\microsoft\windows\currentversion\ext\stats\{b45ff030-4447-11d2-85de-00c04fa35c89}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2
--
Microsoft MVP, Windows - Security; Admin Council; Charter Member
ASAP; Take a walk though the Security Garden, Where Everything is Coming up Roses"


Bubba
GIT-R-DONE
Premium,MVM
join:2002-08-19
St. Andrews
Reviews:
·Pickwick Cablevi..
·DIRECTV

1 recommendation

reply to dp

Hope you don't mind DP but I would like to post an additional possible FP for Shockwave Flash Object ?

quote:
Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, September 12, 2006 9:20:43 AM
Using definitions file:SE1R123 12.09.2006

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1708537768-1897051121-1801674531-1003\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}


Corrine
Premium
join:2004-08-27
kudos:2

1 recommendation

reply to dp

CalamityJane advised that these have been reported to LS Research



GuestFromFrance

@abo.wanadoo.fr
reply to Bubba

I found the following and am totally not sure what to do.

ArchiveData(auto-quarantine- 2006-09-12 16-47-14.bckp)
Referencefile : SE1R123 12.09.2006
======================================================

WIN32.TROJAN.DOWNLOADER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Regkey : clsid\{48e59293-9880-11cf-9754-00aa00c00908}
obj[1]=Regkey : interface\{48e59291-9880-11cf-9754-00aa00c00908}
obj[2]=Regkey : typelib\{48e59290-9880-11cf-9754-00aa00c00908}
obj[5]=Regkey : inetctls.inet
obj[6]=Regkey : inetctls.inet.1
obj[7]=Regkey : software\microsoft\windows\currentversion\policies\activedesktop

BARGAINBUDDY
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[3]=Regkey : S-1-5-21-3111597347-2737576788-3210619613-1007\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}

WIN32.TROJAN.AGENT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[4]=Regkey : S-1-5-21-3111597347-2737576788-3210619613-1007\software\microsoft\windows\currentversion\ext\stats\{b45ff030-4447-11d2-85de-00c04fa35c89}
obj[8]=RegValue : software\microsoft\internet explorer\main "Window title"
obj[9]=RegValue : software\microsoft\windows\currentversion\explorer\advanced "Start_ShowRun"

Please Help


CalamityJane
Premium,MVM
join:2002-08-27
Eustis, FL
kudos:8

Hello GuestFromFrance,

Those are most likely false postives. Just ignore them for now until Lavasoft Research has a chance to look at these, and then issue a corrected update.



Chris 313
Come get some
Premium
join:2004-07-18
Houma, LA
kudos:1
Reviews:
·AT&T U-Verse
·Vonage
·Comcast
·Comcast Digital ..

said by CalamityJane:

Hello GuestFromFrance,

Those are most likely false postives. Just ignore them for now until Lavasoft Research has a chance to look at these, and then issue a corrected update.
I got those FPs as well and removed them. Was there any problem with that?

Gianni45

join:2004-08-22

1 recommendation

reply to dp

Same problem here...

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{48e59291-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{48e59290-9880-11cf-9754-00aa00c00908}

Adware.AdMedia Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-242286658-708711241-2795454051-1008\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-242286658-708711241-2795454051-1008\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}

Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Virus
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-242286658-708711241-2795454051-1008\software\microsoft\windows\currentversion\ext\stats\{b45ff030-4447-11d2-85de-00c04fa35c89}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 6

i didn't remove anything...THANKS for heads-up!


Normandie

join:2006-09-12
reply to CalamityJane

So should we restore them if we took them out! What problems might this cause if we don't restore them and shut down the computer?

Thanks,
Normandie (formerly "GuestFromFrance")



sashwa
Premium,Mod
join:2001-01-29
Alcatraz
kudos:17
Reviews:
·Comcast

1 recommendation

reply to dp

I ended up with 13 --

ArchiveData(auto-quarantine- 2006-09-12 09-02-23.bckp)
Referencefile : SE1R123 12.09.2006
======================================================

WIN32.TROJAN.DOWNLOADER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Regkey : clsid\{48e59293-9880-11cf-9754-00aa00c00908}
obj[1]=Regkey : interface\{48e59291-9880-11cf-9754-00aa00c00908}
obj[2]=Regkey : typelib\{48e59290-9880-11cf-9754-00aa00c00908}
obj[7]=Regkey : inetctls.inet
obj[8]=Regkey : inetctls.inet.1

ADWARE.ADMEDIA
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[3]=Regkey : S-1-5-21-1348100749-3355621399-706083027-1006\software\microsoft\windows\currentversion\ext\stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863}
obj[9]=Regkey : software\microsoft\windows\currentversion\internet settings\zonemap\domains\media-motor.net
obj[10]=Regkey : software\microsoft\windows\currentversion\internet settings\zonemap\domains\mmohsix.com

BARGAINBUDDY
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[4]=Regkey : S-1-5-21-1348100749-3355621399-706083027-1006\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}
obj[11]=RegData : software\microsoft\internet explorer\main "Use Search Asst"

WIN32.TROJAN.AGENT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[5]=Regkey : S-1-5-21-1348100749-3355621399-706083027-1006\software\microsoft\windows\currentversion\ext\stats\{b45ff030-4447-11d2-85de-00c04fa35c89}
obj[12]=RegValue : software\microsoft\windows\currentversion\explorer\advanced "Start_ShowRun"

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[6]=IECache Entry : Cookie:XXXXXX@apmebf.com/
--
Team Helix ~ Extended Pacific Northwest ~ Northern California

Jer03

join:2006-08-16
Las Cruces, NM
reply to dp

I also got the "trojan downloader" and barginbuddy on both of my computers when I scanned with AdAware. They are in quarantine. I thought they were FP, and I have scanned with BD, KAV6, F-Secure, Counterspy, Zero Spyware, and SuperAntiSpywsre without any detections.

Remove them from quarantine or just let them sit for awhile?

Thanks,
Jerry



CalamityJane
Premium,MVM
join:2002-08-27
Eustis, FL
kudos:8
reply to Normandie

Normandie and anyone else wondering or have already removed them,

Look in your quarantine list and restore them from there. I'm pretty sure these are FPs so let's wait to see before you remove anything permanently.

Open your quarantine list from the main screen. Locate the items removed on the last scan and rightclick the item in the list. Then choose *Restore selected*
--

It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals)


Normandie

join:2006-09-12

1 edit

1 recommendation

CalamityJane,

Thanks, have restored them and now will wait and see.

Have a good day,
Normandie



jmorlan
Hmm... That's funny.
Premium,MVM
join:2001-02-05
Pacifica, CA
kudos:4

1 recommendation

reply to dp

I got 10 plus one "tracking cookie":

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{48e59291-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1710738407-720897496-4103935507-1005\software\classes\typelib\{48e59290-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{48e59290-9880-11cf-9754-00aa00c00908}

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1710738407-720897496-4103935507-1005\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}

Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Virus
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1710738407-720897496-4103935507-1005\software\microsoft\windows\currentversion\ext\stats\{b45ff030-4447-11d2-85de-00c04fa35c89}

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : inetctls.inet

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : inetctls.inet.1

BargainBuddy Object Recognized!
Type : RegData
Data : no
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

Win32.Trojan.Agent Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Virus
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\explorer\advanced
Value : Start_ShowRun


CalamityJane
Premium,MVM
join:2002-08-27
Eustis, FL
kudos:8
reply to Normandie

Ok, Normandie! We'll post here when the new update is available



CalamityJane
Premium,MVM
join:2002-08-27
Eustis, FL
kudos:8
reply to dp

It is the new regsitry entries you are seeing for these two:

Win32.Trojan.Agent
BargainBuddy


And additionally in Sashwa's log, these two which are probably from Eric Howe's IESPYAD in the restricted zone. I had these yesterday in the beta release and reported them, but maybe they missed my report. In any case these are FPs too, I'm pretty sure (I had the same ones)

obj[9]=Regkey : software\microsoft\windows\currentversion\internet settings\zonemap\domains\media-motor.net

obj[10]=Regkey : software\microsoft\windows\currentversion\internet settings\zonemap\domains\mmohsix.com

Check the dword value on those keys Sash and if they are a 4 then that is ok
--

It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals)



Mokey2000
Mokey

join:2001-02-22
Dixie
reply to dp

Got 11 New critical objects, how many are FP's

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{48e59291-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{48e59290-9880-11cf-9754-00aa00c00908}

Alexa Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 11
Objects found so far: 11

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11
--
Hybrid System, DW3000 Modem, AOL+ Grey Dish, SatMex5 1230, Gateway 66.82.156.161, 4.2.1.10, Win98se



CalamityJane
Premium,MVM
join:2002-08-27
Eustis, FL
kudos:8

1 edit

I believe just the first two three Mokey2000. The ones that are id'd as:
Win32.Trojan.Downloader

I have not seen any reports of the ones seen as Alexa being an FP

Edit: Can't count



sashwa
Premium,Mod
join:2001-01-29
Alcatraz
kudos:17
reply to CalamityJane

Janie, both those Dword values of those entries are 4.

Also, I'm not using Eric Howe's IESPYAD. I do use Spybot immunization though. So maybe Spybot has them listed too.



CalamityJane
Premium,MVM
join:2002-08-27
Eustis, FL
kudos:8

said by sashwa:

Janie, both those Dword values of those entries are 4.

Also, I'm not using Eric Howe's IESPYAD. I do use Spybot immunization though. So maybe Spybot has them listed too.
Ok, a 4 is good. Whatever put it there has put that site into the IE restricted zone. So don't "fix it", it's a FP, too.
--

It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals)


sashwa
Premium,Mod
join:2001-01-29
Alcatraz
kudos:17

Thanks, Janie. I restored the quarantined files and waiting to hear about a fix before I put the stuff back in quarantine.



johnburns

join:2004-10-14
Oklahoma City, OK
reply to dp

I seem to have a very similar problem: After I downloaded the LavaSoft AdAware new definitions today, I got this:

ArchiveData(auto-quarantine- 2006-09-12 11-18-18.bckp)
Referencefile : SE1R123 12.09.2006
======================================================

MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU FileReference : C:\Documents and Settings\John R Burns\recent\Desktop.ini
obj[2]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
obj[3]=MRU RegReference : S-1-5-21-3818105423-895719299-1048318793-1006\software\microsoft\microsoft management console\recent file list

WIN32.TROJAN.DOWNLOADER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[3]=Regkey : clsid\{48e59293-9880-11cf-9754-00aa00c00908}
obj[4]=Regkey : interface\{48e59291-9880-11cf-9754-00aa00c00908}
obj[5]=Regkey : typelib\{48e59290-9880-11cf-9754-00aa00c00908}
obj[6]=Regkey : inetctls.inet
obj[7]=Regkey : inetctls.inet.1
obj[8]=Regkey : software\microsoft\windows\currentversion\policies\activedesktop



Buddel
If it ain't broke, don't fix it.
Premium
join:2004-03-06
EU
kudos:3
reply to dp

Same problems here. Let's hope they will soon be fixed.



onDvine
Don't Litter. Spay-Neuter.
Premium
join:2005-01-29
So. CA, USA
kudos:9

1 edit

1 recommendation

reply to dp

I thought it was odd that I'd picked up stuff without going anyplace unfamiliar. Have restored the items from quarantine, as well. Thanks.
--
I base most of my fashion taste on what doesn't itch. Gilda Radner



PCFlyer

@dsl.net

1 recommendation

reply to CalamityJane

Object : inetctls.inet
Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}

FP! These two are related to inetctls.inet and are totally valid for at least some VB & VB.Net applications, especially for developers. If you remove them, I bet your VB apps won't run, compile, and/or load properly.

I do not know about the BarginBuddy entry.
{d27cdb6e-ae6d-11cf-96b8-444553540000}

Fortunately I was thinking FPs as soon as I saw these. So I ran full bore Norton AV, SpyBot, Windows Defender, Hijack,etc., none of which found or reported these.
.


fulltext

join:2000-10-14
Miami, FL

1 recommendation

reply to onDvine

8 here - Note running IE7 RC2, Norton 360 Beta

Using definitions file:SE1R123 12.09.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy(TAC index:8):2 total references
Win32.Trojan.Agent(TAC index:10):1 total references
Win32.Trojan.Downloader(TAC index:10):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{48e59291-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{48e59290-9880-11cf-9754-00aa00c00908}

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-1844237615-839522115-1003\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}

Win32.Trojan.Agent Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Virus
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-1844237615-839522115-1003\software\microsoft\windows\currentversion\ext\stats\{b45ff030-4447-11d2-85de-00c04fa35c89}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 5

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : inetctls.inet

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : inetctls.inet.1

BargainBuddy Object Recognized!
Type : RegData
Data : no
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 8


puzzled-guest

@optonline.net
reply to dp

so what if you've already deleted all these entries and don't have them in quarantine.

can they be replaced from another source?



mikeStrz

@201.230.x.x

Same here!

I guess XP's SystemRestore would do the trick



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable
reply to CalamityJane

Me too just now. I ignored them after reading this forum. Thank you!

Is it me or have there been too many FPs lately?



mers2
Premium,MVM
join:2004-03-20
USA
kudos:8
reply to dp

FPs are the reason to always quarantine and not delete.
--
Team Discovery