« previous next »
Pages: [1]   Go Down

Author Topic: MBAM removed BHO bfast adware! Most likely FP!  (Read 5079 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
MBAM removed BHO bfast adware! Most likely FP!
« on: June 04, 2009, 07:10:40 PM »
Hi malware fighters,

Because of opening a link to IE through SiteDigger 2.0 I found the following adware registry keys, which I could remove:
Code: [Select]
Registry keys infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bfast.com (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\commission-junction.com (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.com (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.net (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\linksynergy.com (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\qksrv.net (Adware.BHO) -> No action taken. Is everything clean now, or are there other things to verify?
In toolbarcop I see nothing out of the ordinairy, in SpywareBlaster IE had 6 items partially disabled,
I restored the protection.

polonus
« Last Edit: June 04, 2009, 11:44:40 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

John2009

  • Guest
Re: MBAM removed BHO bfast adware!
« Reply #1 on: June 04, 2009, 09:04:48 PM »
Adware isn't usually  self-replicating, the worst it could do is display a rogue application pop-up(Finally fast for an example)  But yes you could look for more using various scanners.
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: MBAM removed BHO bfast adware!
« Reply #2 on: June 04, 2009, 09:16:26 PM »
Hi John2009,

But a strange thing here is, when I upon detection remove with MBAM these registry entries, SpywareBlaster is partially disabled where IE settings are involved, and when I restore all protection for SpywareBlaster MBAM strats to find the 6 BHO registry issues again. What is going on? SAS does not find anything, nor does a-squared,

polonus
« Last Edit: June 04, 2009, 09:44:40 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: MBAM removed BHO bfast adware!
« Reply #3 on: June 04, 2009, 11:05:15 PM »
Methinks MBAM is targeting the kill bit used by spywareblaster. So everytime you re-enable with spywareblaster MBAM kills it.  If you could give me a reg export for those specific clsid's I will pass it on
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: MBAM removed BHO bfast adware!
« Reply #4 on: June 04, 2009, 11:12:51 PM »
Hi essexboy,

I am on the same line of thinking, and this will be an issue for Miekiemoes to delve into, she is now assigned with MBAM, by the way thanks for the assist,

Damian

Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

news

  • Guest
Re: MBAM removed BHO bfast adware! Most likely FP!
« Reply #5 on: June 05, 2009, 12:16:36 AM »
I just saw this same information posted by a few posters at malwarebytes forum in the area marked false positives. The problem has been corrected. You only need to update malwarebytes and rescan your pc.
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: MBAM removed BHO bfast adware! Most likely FP!
« Reply #6 on: June 05, 2009, 12:22:31 AM »
Hi news,

Thank you very much for the heads up on this, issue settled then, very alert of you to inform us,

pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89052
  • No support PMs thanks
Re: MBAM removed BHO bfast adware! Most likely FP!
« Reply #7 on: June 05, 2009, 12:48:49 AM »
Interesting I run weekly scans with MBAM and have SAS Pro also installed and i didn't get any alerts like this (of course I don't use IE and hadn't visited that site with IE).
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Wheresthelove

  • Guest
Re: MBAM removed BHO bfast adware! Most likely FP!
« Reply #8 on: June 05, 2009, 01:57:27 AM »
These false positive were corrected late last night. From my understanding, Mbam had problems with reading the dword correctly here and should only flag these if they were set to dword 1. ( Dword 1 means allowing the cookies ). Also, there is no harm in deleting those entrys  ;D
Logged

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: MBAM removed BHO bfast adware! Most likely FP!
« Reply #9 on: June 05, 2009, 03:49:14 AM »
False positives... not a software is perfect and, from time to time, we need to recognize that MBAM does s*it ;D
Logged
The best things in life are free.
Pages: [1]   Go Up
« previous next »