CPD

Cleared on database version: 4251. Thanks again.

Bruce, File attached and VirusTotal scan results test clean here. The file modified date 10/19/2005 (same as in screen capture of 9/2009 above) predates original purchase of the laptop in 1/2006. Nothing has changed since then. Let me know, CPD ToolBand.zip.

Cleared on database version: 3307. Thanks again.

Correction: database #3304

Sorry. The program update didn't include or prompt for a new database, but same detection results on 3340: Malwarebytes' Anti-Malware 1.42 Database version: 3304 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 12/6/2009 12:53:18 PM mbam-log-2009-12-06 (12-53-08).txt Scan type: Quick Scan Objects scanned: 103831 Time elapsed: 5 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B] HKEY_CLASSES_ROOT\Typelib\{5297e905-1dfb-4a9c-9871-a4f95fd58945} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B] HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B] Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ToolBand.dll (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B] Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\ToolBand.dll (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]

With program version 1.42 update today I have a repeat detection on an Acer laptop similar to one for ActiveToolBand.dll in September 2008 that was subsequently corrected in MB. <http://www.malwarebytes.org/forums/index.php?showtopic=6284&hl=activetoolband.dll> and an identical detection noted in this post last July. In all cases the HiTrust file versions and created/modified dates are identical. It tested clean again on VirusTotal <http://www.virustotal.com/analisis/bfef8170f7432db06da8e31de7e17fb6ba3b131f99b8177dddcef93550a33360-1260123003>. If it is a FP are all affected registry key/value infection flags invalid as well? Please advise. Thanks, CPD Malwarebytes' Anti-Malware 1.42 Database version: 3289 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 12/6/2009 11:56:58 AM mbam-log-2009-12-06 (11-56-43).txt Scan type: Quick Scan Objects scanned: 103403 Time elapsed: 6 minute(s), 4 second(s) € Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B] HKEY_CLASSES_ROOT\Typelib\{5297e905-1dfb-4a9c-9871-a4f95fd58945} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B] HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B] Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ToolBand.dll (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B] Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\ToolBand.dll (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]

All clear on database version: 2500. Thanks for the prompt assistance. CPD

Thanks, Bruce. Let me know what you determine. It tested clean on VirusTotal a few minutes ago: http://www.virustotal.com/analisis/bfef817...3360-1248535461 CPD

On an Acer laptop I have a detection similar to one for ActiveToolBand.dll in September 2008 that was subsequently corrected in MB. <http://www.malwarebytes.org/forums/index.php?showtopic=6284&hl=activetoolband.dll> In both cases the HiTrust file versions and created/modified dates are identical. If this too is a FP are all affected registry key/value infection flags invalid as well? Please advise. Thanks, CPD Log file: Malwarebytes' Anti-Malware 1.39 Database version: 2498 Windows 5.1.2600 Service Pack 2 7/25/2009 9:20:27 AM mbam-log-2009-07-25 (09-19-19).txt Scan type: Quick Scan Objects scanned: 87122 Time elapsed: 4 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf} (Adware.DoubleD) -> No action taken. [4054423730922219262470261722141869716714216626681426252418146621712622716922252 6212294] HKEY_CLASSES_ROOT\Typelib\{5297e905-1dfb-4a9c-9871-a4f95fd58945} (Adware.DoubleD) -> No action taken. [4054423730922219262470261722141869716714216626681426252418146621712622716922252 6212294] HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [4054423730922219262470261722141869716714216626681426252418146621712622716922252 6212294] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [4054423730922219262470261722141869716714216626681426252418146621712622716922252 6212294] Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ToolBand.dll (Adware.DoubleD) -> No action taken. [4054423730922219262470261722141869716714216626681426252418146621712622716922252 6212294] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [4054423730922219262470261722141869716714216626681426252418146621712622716922252 6212294] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [4054423730922219262470261722141869716714216626681426252418146621712622716922252 6212294] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [4054423730922219262470261722141869716714216626681426252418146621712622716922252 6212294] Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\ToolBand.dll (Adware.DoubleD) -> No action taken. [4054423730922219262470261722141869716714216626681426252418146621712622716922252 6212294]

10-4

In a subsequent post I read the file was determined to be safe. The file is not 28k in size and the company info (HiTRUST) is not missing as noted in the CastleCops link. A zipped archive is provided for you to confirm. ActiveToolBand.zip ActiveToolBand.zip

Scan results; detected file and registry value from HiTRUST have been on this Acer computer for three years with no known adverse effects. I suspect a FP. Malwarebytes' Anti-Malware 1.28 Database version: 1145 Windows 5.1.2600 Service Pack 2 9/13/2008 9:51:39 AM mbam-log-2008-09-13 (09-51-28).txt Scan type: Quick Scan Objects scanned: 43134 Time elapsed: 2 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ActiveToolBand.dll (Adware.BHO) -> No action taken. [3857535134303469886683701535414813013627615642473748565261849084857078201961346 885748770538080773566796915697777] Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\ActiveToolBand.dll (Adware.BHO) -> No action taken. [3857535134303469886683701535414813013627615642473748565261849084857078201961346 885748770538080773566796915697777]