CPD
-
Posts
13 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by CPD
-
-
{5297e905-1dfb-4a9c-9871-a4f95fd58945} <- this is the cause here and taking a quick look on google I am not getting the impression that it is either common or legit.
Please zip and attach ToolBand.dll to your next post so I can take a look at it.
Bruce,
File attached and VirusTotal scan results test clean here. The file modified date 10/19/2005 (same as in screen capture of 9/2009 above) predates original purchase of the laptop in 1/2006. Nothing has changed since then.
Let me know,
CPD
-
With program version 1.42 update today I have a repeat detection on an Acer laptop similar to one for ActiveToolBand.dll in September 2008 that was subsequently corrected in MB. <http://www.malwarebytes.org/forums/index.php?showtopic=6284&hl=activetoolband.dll> and an identical detection noted in this post last July. In all cases the HiTrust file versions and created/modified dates are identical. It tested clean again on VirusTotal <http://www.virustotal.com/analisis/bfef8170f7432db06da8e31de7e17fb6ba3b131f99b8177dddcef93550a33360-1260123003>. If it is a FP are all affected registry key/value infection flags invalid as well? Please advise.
Thanks,
CPD
Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11
12/6/2009 11:56:58 AM
mbam-log-2009-12-06 (11-56-43).txt
Scan type: Quick Scan
Objects scanned: 103403
Time elapsed: 6 minute(s), 4 second(s)
-
Cleared on database version: 3307. Thanks again.
-
Correction: database #3304
-
Sorry. The program update didn't include or prompt for a new database, but same detection results on 3340:
Malwarebytes' Anti-Malware 1.42
Database version: 3304
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11
12/6/2009 12:53:18 PM
mbam-log-2009-12-06 (12-53-08).txt
Scan type: Quick Scan
Objects scanned: 103831
Time elapsed: 5 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]
HKEY_CLASSES_ROOT\Typelib\{5297e905-1dfb-4a9c-9871-a4f95fd58945} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ToolBand.dll (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\ToolBand.dll (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]
-
With program version 1.42 update today I have a repeat detection on an Acer laptop similar to one for ActiveToolBand.dll in September 2008 that was subsequently corrected in MB. <http://www.malwarebytes.org/forums/index.php?showtopic=6284&hl=activetoolband.dll> and an identical detection noted in this post last July. In all cases the HiTrust file versions and created/modified dates are identical. It tested clean again on VirusTotal <http://www.virustotal.com/analisis/bfef8170f7432db06da8e31de7e17fb6ba3b131f99b8177dddcef93550a33360-1260123003>. If it is a FP are all affected registry key/value infection flags invalid as well? Please advise.
Thanks,
CPD
Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11
12/6/2009 11:56:58 AM
mbam-log-2009-12-06 (11-56-43).txt
Scan type: Quick Scan
Objects scanned: 103403
Time elapsed: 6 minute(s), 4 second(s)
€
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]
HKEY_CLASSES_ROOT\Typelib\{5297e905-1dfb-4a9c-9871-a4f95fd58945} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ToolBand.dll (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\ToolBand.dll (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]
-
Update and check again please .
All clear on database version: 2500. Thanks for the prompt assistance.
CPD
-
Actually never mind , I think I see the problem .
Thanks, Bruce. Let me know what you determine. It tested clean on VirusTotal a few minutes ago:
http://www.virustotal.com/analisis/bfef817...3360-1248535461
CPD
-
On an Acer laptop I have a detection similar to one for ActiveToolBand.dll in September 2008 that was subsequently corrected in MB. <http://www.malwarebytes.org/forums/index.php?showtopic=6284&hl=activetoolband.dll> In both cases the HiTrust file versions and created/modified dates are identical. If this too is a FP are all affected registry key/value infection flags invalid as well? Please advise.
Thanks,
CPD
Log file:
Malwarebytes' Anti-Malware 1.39
Database version: 2498
Windows 5.1.2600 Service Pack 2
7/25/2009 9:20:27 AM
mbam-log-2009-07-25 (09-19-19).txt
Scan type: Quick Scan
Objects scanned: 87122
Time elapsed: 4 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf} (Adware.DoubleD) -> No action taken. [4054423730922219262470261722141869716714216626681426252418146621712622716922252
6212294]
HKEY_CLASSES_ROOT\Typelib\{5297e905-1dfb-4a9c-9871-a4f95fd58945} (Adware.DoubleD) -> No action taken. [4054423730922219262470261722141869716714216626681426252418146621712622716922252
6212294]
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [4054423730922219262470261722141869716714216626681426252418146621712622716922252
6212294]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [4054423730922219262470261722141869716714216626681426252418146621712622716922252
6212294]
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ToolBand.dll (Adware.DoubleD) -> No action taken. [4054423730922219262470261722141869716714216626681426252418146621712622716922252
6212294]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [4054423730922219262470261722141869716714216626681426252418146621712622716922252
6212294]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [4054423730922219262470261722141869716714216626681426252418146621712622716922252
6212294]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [4054423730922219262470261722141869716714216626681426252418146621712622716922252
6212294]
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\ToolBand.dll (Adware.DoubleD) -> No action taken. [4054423730922219262470261722141869716714216626681426252418146621712622716922252
6212294]
-
fixed in next update
10-4
-
http://www.castlecops.com/tk32677-ShowBarObj_Class.html
I can confirm that it is listed as malware .
Please zip and attach a copy of the file so I can test it for myself .
In a subsequent post I read the file was determined to be safe. The file is not 28k in size and the company info (HiTRUST) is not missing as noted in the CastleCops link.
A zipped archive is provided for you to confirm.
-
Scan results; detected file and registry value from HiTRUST have been on this Acer computer for three years with no known adverse effects. I suspect a FP.
Malwarebytes' Anti-Malware 1.28
Database version: 1145
Windows 5.1.2600 Service Pack 2
9/13/2008 9:51:39 AM
mbam-log-2008-09-13 (09-51-28).txt
Scan type: Quick Scan
Objects scanned: 43134
Time elapsed: 2 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ActiveToolBand.dll (Adware.BHO) -> No action taken. [3857535134303469886683701535414813013627615642473748565261849084857078201961346
885748770538080773566796915697777]
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\ActiveToolBand.dll (Adware.BHO) -> No action taken. [3857535134303469886683701535414813013627615642473748565261849084857078201961346
885748770538080773566796915697777]
ToolBand.dll FP?
in File Detections
Posted
Cleared on database version: 4251. Thanks again.