Jump to content

budro

Honorary Members
  • Posts

    24
  • Joined

  • Last visited

Everything posted by budro

  1. Thank you for your response Mieke, that's not encouraging.
  2. I sure hope my posts made sense and I haven't offended anyone. I don't want to be a pain but, A question w/o an answer makes me lose sleep. lol Anyway here goes again; Can one rely on the dates Windows Explorer displays? I just want to know if a file can be modified or one added on the Windows file system without the dates reflecting that operation? I know it sounds like a MS question but, I have asked before on other forums and have not received a definitive answer. Thanks for allowing me to post here. Also, I ran MB scan this a.m. with DB 3949 and all's quiet on the southeastern front.
  3. I don't mean to beat this horse to death but, I have a couple dozen System Restore points going back to Feb. and yet MB is only picking up, what I presume to be the offending AWhelper.dll file, in two of them. Is MB basing it's finding on attributes instead of file content? Sorry, just a curious thought here. p.s. Was DB ver. 3947 suppose to fix the false positive?
  4. No change: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 3947 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 4/2/2010 12:25:01 PM mbam-log-2010-04-02 (12-25-01).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 187325 Time elapsed: 30 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0092157.dll (AdWare.WebHancer) -> No action taken. C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP445\A0093043.dll (AdWare.WebHancer) -> No action taken. C:\WINDOWS\Web\Wallpaper\welcome\AWhelper.dll (AdWare.WebHancer) -> No action taken.
  5. Sorry jumped before reading your last post. I'll try another DL.
  6. Per your advice, I downloaded the latest DB and ran a full scan. AWhelper.dll and two system restore files were found to be Adware.WebHancer infected.
  7. Oh, in case this means anything, I have run MB full scan a couple time since reporting here and AWhelper.dll is still detected as MW but, those registry entries it caught then (listed in my previous post) have not been reported since. ???
  8. Sorry, I had connection problems, then got logged out. Anyways thanks for the zip lesson and here is the zipped file to compare with Amethyst's. AWhelper.zip
  9. Sorry I've unzipped before but, never zipped. I don't think I even have the application.
  10. I tried and your system says I am "not allowed to upload this type of file". I am trying again on this post.
  11. I didn't finish the sentence; why has MWB suddenly determined AWhelper.dll to be adware infected.... Did they follow Kaspersky and F-Secure?
  12. OK, here's my "real" question/concern: Can any type of system intrusion modify or replace an existing file or even place a new one onto the file system and not have the "modified/created" date stamp reflect this operation? My reasoning for asking this is, why has MWB suddenly determined AWhelper.dll? This file has a modified date (08/12/2003) which I presume to be the original WinXP OS HP creation date and (03/29/2006) which is my "system reinstall" date. I hope at this point I have not overstayed my welcome here but, here's something interesting. The Web folder has a creation/modified date of 11/14/2005 but, the Wallpaper subfolder has the same creation date but a modified date 01/02/2009 and yet neither the Welcome subfolder or it's contents nor any of the windows wallpaper files have a modified date beyond 03/29/2006. Is this not right or am I missing something. Please don't shoot the messenger. Thanks
  13. I re-read my last post. I meant by "one more time", that I am trying to limit my posts.lol Hope MWB folks have an answer soon.
  14. One more time Amethyst. I just ran another Full and A Quick scan with SAS and both found no malware adware or spyware. Ok i'll be quiet till we here something from the MAB folks.
  15. I neglected to thank njustice for the link as well. Following the advice in the link, I did not find any trace of WebHancer or it's residual files on my system.
  16. Thank you much for your thorough response. This just aggrivated me because I am very conscientious when it comes to staying up to date with my security s/w and run sweeps 1 to 2 times a week. Again after using MWB for over 2 years, this is the 1st time I've been infected and it burns me up! I decided to run MWB once again and this time, in addition to the AWhelper.dll file, it found two of my Windows system restore files infected which it didn't 3 hours ago. ARGH!!! Thanks once again for responding. I give up, I hate it but, I'll just leave em alone for now. I also hate that it found registry infections which I've never had before today. Obviously this is due to the latest DB update (3922), which happened to be 4.365 MB. Again ARGH!!! Registry Keys Infected: HKEY_CLASSES_ROOT\TypeLib\{661e32fd-a5f0-49bc-96cc-d872fe10a7dc} (AdWare.WebHancer) -> No action taken. HKEY_CLASSES_ROOT\Interface\{3296405e-e08f-4442-801e-3dcd2c6aa82c} (AdWare.WebHancer) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{bf0118d4-63ff-4138-9327-f3028fb1a578} (AdWare.WebHancer) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bf0118d4-63ff-4138-9327-f3028fb1a578} (AdWare.WebHancer) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{bf0118d4-63ff-4138-9327-f3028fb1a578} (AdWare.WebHancer) -> No action taken.
  17. Sorry, I should have looked at it's properties. Company unknown, copyright 2003. Could be anybody's baby but it was created on the build date.
  18. Are you suggesting that this file, C:\WINDOWS\Web\Wallpaper\welcome\AWhelper.dll", which according to Windows Explorer was created on build date 03/29/06 and has not been modified since 01/12/03 (Windows original release date I presume), was infected by WebHancer adware? IOW a file can be written to by means other than the Windows file system? AW does seem to imply Ad Ware helper. Is MS in cahoots with these bandits? If this file is really part of the MS release, it seems to me that removing it could be risky, no? An aside; I have been running Malwarebytes for over two years and this is the very 1st time it has caught any malware on my system.
  19. Did it and out of 20, 2 (Kaspersky and F-Secure) found: "not-a-virus:AdWare.Win32.WebHancer.x" and 18 found no problem. Should I be concenred? Btw, I did not elect to repair until I was sure. Heard about too many nightmares concerning effects on O.S. (Windows XP SP3 crits up to date in my case). Thanks for suggestion, any more?
  20. The file C:\Windows\Web\Wallpaper\welcome\AWhelper.dll reported by MB as infected by WebHancer has a modification date of 08/12/03 and a creation date of 03/29/06 (build date). Can malware insert itself into a file and not be re-written which would show the date of insertion? Windy I know but, wanted to be clear. I also ran SuperAntispyware, Spybot SD, AVG AV, and Sophos Antirootkit w/o infection detection.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.