Hi malware fighters,
After quite some while started a smart scan again with my updated a-squared free scanner. It came up with a brilliant FP according to my knowledge of malware definitions. 34 instances of the Netcraft Toolbar anti-phishing toolbar, very safe according to me, a medium security risk according to a-squared. Here is my scan log:
//////////////////////////
a-squared Free - Version 2.1
Scan settings:
Objects: Memory, Traces, Cookies, C:\WINDOWS\, C:\Program Files
Scan archives: On
Heuristics: On
ADS Scan: On
Scan start: 24-5-2007 9:14:10
C:\Program Files\netcraft toolbar detected: Trace.Directory.Netcraft Toolbar
C:\Program Files\netcraft toolbar\localblock.dat detected: Trace.File.Netcraft Toolbar
C:\Program Files\netcraft toolbar\logo.bmp detected: Trace.File.Netcraft Toolbar
C:\Program Files\netcraft toolbar\menu.xml detected: Trace.File.Netcraft Toolbar
C:\Program Files\netcraft toolbar\nctb.dll detected: Trace.File.Netcraft Toolbar
C:\Program Files\netcraft toolbar\netcraft.xml detected: Trace.File.Netcraft Toolbar
C:\Program Files\netcraft toolbar\retrievepage.dll detected: Trace.File.Netcraft Toolbar
C:\Program Files\netcraft toolbar\updater.exe detected: Trace.File.Netcraft Toolbar
C:\Program Files\netcraft toolbar\xss.dat detected: Trace.File.Netcraft Toolbar
Value: HKEY_CURRENT_USER\Software\Netcraft\Toolbar\Logo --> LastModified detected: Trace.Registry.Netcraft Toolbar
Value: HKEY_CURRENT_USER\Software\Netcraft\Toolbar\Menu --> LastModified detected: Trace.Registry.Netcraft Toolbar
Value: HKEY_CURRENT_USER\Software\Netcraft\Toolbar\Settings --> GUID detected: Trace.Registry.Netcraft Toolbar
Value: HKEY_CURRENT_USER\Software\Netcraft\Toolbar\Settings --> LastCheckedDLL detected: Trace.Registry.Netcraft Toolbar
Value: HKEY_CURRENT_USER\Software\Netcraft\Toolbar\Settings --> LastCheckedLBF detected: Trace.Registry.Netcraft Toolbar
Value: HKEY_CURRENT_USER\Software\Netcraft\Toolbar\Settings --> LastCheckedLogo detected: Trace.Registry.Netcraft Toolbar
Value: HKEY_CURRENT_USER\Software\Netcraft\Toolbar\Settings --> LastCheckedMenu detected: Trace.Registry.Netcraft Toolbar
Value: HKEY_CURRENT_USER\Software\Netcraft\Toolbar\Settings --> LastCheckedNetcraftMenu detected: Trace.Registry.Netcraft Toolbar
Value: HKEY_CURRENT_USER\Software\Netcraft\Toolbar\Settings --> LastCheckedXSS detected: Trace.Registry.Netcraft Toolbar
Value: HKEY_CURRENT_USER\Software\Netcraft\Toolbar\Settings --> Licensed detected: Trace.Registry.Netcraft Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar --> {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} detected: Trace.Registry.Netcraft Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00F87673-B929-4644-9322-7243E8289B54} --> DisplayName detected: Trace.Registry.Netcraft Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00F87673-B929-4644-9322-7243E8289B54} --> DisplayVersion detected: Trace.Registry.Netcraft Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00F87673-B929-4644-9322-7243E8289B54} --> EstimatedSize detected: Trace.Registry.Netcraft Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00F87673-B929-4644-9322-7243E8289B54} --> HelpLink detected: Trace.Registry.Netcraft Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00F87673-B929-4644-9322-7243E8289B54} --> InstallLocation detected: Trace.Registry.Netcraft Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00F87673-B929-4644-9322-7243E8289B54} --> InstallSource detected: Trace.Registry.Netcraft Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00F87673-B929-4644-9322-7243E8289B54} --> Language detected: Trace.Registry.Netcraft Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00F87673-B929-4644-9322-7243E8289B54} --> ModifyPath detected: Trace.Registry.Netcraft Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00F87673-B929-4644-9322-7243E8289B54} --> Publisher detected: Trace.Registry.Netcraft Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00F87673-B929-4644-9322-7243E8289B54} --> UninstallString detected: Trace.Registry.Netcraft Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00F87673-B929-4644-9322-7243E8289B54} --> URLInfoAbout detected: Trace.Registry.Netcraft Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00F87673-B929-4644-9322-7243E8289B54} --> URLUpdateInfo detected: Trace.Registry.Netcraft Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00F87673-B929-4644-9322-7243E8289B54} --> Version detected: Trace.Registry.Netcraft Toolbar
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{00F87673-B929-4644-9322-7243E8289B54} --> WindowsInstaller detected: Trace.Registry.Netcraft Toolbar
Scanned
Files: 52097
Traces: 115060
Cookies: 1
Processes: 44
Found
Files: 0
Traces: 34
Cookies: 0
Processes: 0
Registry keys: 0
Scan end: 24-5-2007 9:32:51
Scan time: 0:18:41
/////////////////////////////
What are they doing there at a-squared, plucking their noses? In such a fashion their scanner is being turned into a risk tool in the hands of the uninformed. What do the forum members think of all this? Shall we advise against using this spyware scanner or is there still hope, that a-squared will turn back on it's sloppy ways?
polonus