site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > Ad-Aware Sept. 12 Update - FP??

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies


CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
kudos:8

reply to dp

Re: Ad-Aware Sept. 12 Update - FP??

It is the new regsitry entries you are seeing for these two:

Win32.Trojan.Agent
BargainBuddy

And additionally in Sashwa's log, these two which are probably from Eric Howe's IESPYAD in the restricted zone. I had these yesterday in the beta release and reported them, but maybe they missed my report. In any case these are FPs too, I'm pretty sure (I had the same ones)

obj[9]=Regkey : software\microsoft\windows\currentversion\internet settings\zonemap\domains\media-motor.net

obj[10]=Regkey : software\microsoft\windows\currentversion\internet settings\zonemap\domains\mmohsix.com

Check the dword value on those keys Sash and if they are a 4 then that is ok
--

It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals)
to forum · permalink · 2006-09-12 14:19:19 ·


sashwa
Pixie Cat Crunchin' n Foldin'
Premium,Mod
join:2001-01-29
Alcatraz
kudos:15

Janie, both those Dword values of those entries are 4.

Also, I'm not using Eric Howe's IESPYAD. I do use Spybot immunization though. So maybe Spybot has them listed too.

to forum · permalink · 2006-09-12 16:10:36 ·


CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
kudos:8

said by sashwa:

Janie, both those Dword values of those entries are 4.

Also, I'm not using Eric Howe's IESPYAD. I do use Spybot immunization though. So maybe Spybot has them listed too.
Ok, a 4 is good. Whatever put it there has put that site into the IE restricted zone. So don't "fix it", it's a FP, too.
--

It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals)
to forum · permalink · 2006-09-12 16:20:43 ·


sashwa
Pixie Cat Crunchin' n Foldin'
Premium,Mod
join:2001-01-29
Alcatraz
kudos:15

Thanks, Janie. I restored the quarantined files and waiting to hear about a fix before I put the stuff back in quarantine.

to forum · permalink · 2006-09-12 16:23:05 ·


PCFlyer

@dsl.net

approval from:
CalamityJane See Profile

reply to CalamityJane
Object : inetctls.inet
Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}

FP! These two are related to inetctls.inet and are totally valid for at least some VB & VB.Net applications, especially for developers. If you remove them, I bet your VB apps won't run, compile, and/or load properly.

I do not know about the BarginBuddy entry.
{d27cdb6e-ae6d-11cf-96b8-444553540000}

Fortunately I was thinking FPs as soon as I saw these. So I ran full bore Norton AV, SpyBot, Windows Defender, Hijack,etc., none of which found or reported these.
.

to forum · permalink · 2006-09-12 19:42:59 ·
Forums > Broadband Tech > Security > Security

Monday, 20-May 17:59:18 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 13.5 years online © 1999-2013 dslreports.com.
Most commented news this week
Hot Topics