Jump to content

DavidR

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral

Contact Methods

  • Website URL
    http://
  • ICQ
    0
  1. Same thing really, I don't have any search settings, freebies as I know that they aren't set to help me but the makers of the toolbar/settings, etc. so I do avoid them like the plague. I have absolutely no explanation given my caution and proactive measures I take, how it would get on my system. Even with this item out of the MBAM Quarantine SAS doesn't detect this (scan just run). I have had SAS Pro (resident) for over three years before I tried MBAM which is on-demand only to avoid conflict of two resident anti-spy/malware applications running. The topic you found from 2009 was within the time that I have had SAS and no detections, so perhaps that Unclassified.Unknown Origin detection was removed as I certainly didn't have the alert in my weekly . So colour me confused.
  2. No, no pdfforge and I'm very hot on any bundled apps, notoriously ASK toolbars, etc. I have an absolute aversion to toolbars/ bundles software and am like a hawk in the various installs. As I said before there are zero other indications of Dealio only this registry key. I also use SAS and no indications on that either. So I'm at a loss as to how only the registry key would be there if this truly were Dealio.
  3. My problem with this detection is that there are absolutely zero other Dealio associated elements, files, toolbars, registry keys, etc. etc. only this single registry key: Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) I searched on the CLSID looking for other associated stuff and on Deelio, but there is nothing on my system. I hate toolbars with a vengeance, so there is absolutely no way I would go installing one. Not to mention I don't use IE as my default browser but firefox 3.6.13 with NoScript, RequestPolicy, AdBlock Plus add-ons and avast with its web and network shields enabled. I haven't had any malware infection in over 7 years, so I rather doubt I got hit with a driveby installation. So I'm at a loss as to how this can get there without a single other piece of associated Dealio c**pware on my system. Personally I feel this is some sort of FP on the CLSID if there are no other indications of Dealio ?
  4. RESOLVED - I would have put this in the topic Title but couldn't see any way to do that. I have downloaded the latest update and a scan doesn't pick this up. Malwarebytes' Anti-Malware 1.28 Database version: 1258 Thanks for the very prompt correction to this FP, very efficient.
  5. I have Orbit Downloader for some time now and only recently after my last weekly MBAM and weekly on-demand scan 9 suspect items are found. As far as I can tell they all relate to the Orbit Downloader. I did another update (hoping that any possible FP had been corrected) followed by a scan and the items were still reported, see log below for details and MBAM version and database version... Only 2 heuristic detections on the suspect orbitcth.dll file at virustotal, VT Results. I have also run a superantispyware scan and no detections found. MBAM.exe /Developer log Malwarebytes' Anti-Malware 1.28 Database version: 1255 Windows 5.1.2600 Service Pack 3 11/10/2008 19:05:22 mbam-log-2008-10-11 (19-05-16).txt Scan type: Quick Scan Objects scanned: 44492 Time elapsed: 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 8 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\orbitcth.octh (Trojan.BHO) -> No action taken. [4054423730538380756679153541481301921717171819206721142667211914212617171467207 1241471216717242070716819182194] HKEY_CLASSES_ROOT\TypeLib\{bcdde143-fae3-4c57-b22b-c4e8678cfdc0} (Trojan.BHO) -> No action taken. [4054423730538380756679153541481301921717171819206721142667211914212617171467207 1241471216717242070716819182194] HKEY_CLASSES_ROOT\Interface\{a26b97b2-a28d-4008-b034-fa1622e04c20} (Trojan.BHO) -> No action taken. [4054423730538380756679153541481301921717171819206721142667211914212617171467207 1241471216717242070716819182194] HKEY_CLASSES_ROOT\Interface\{ebcf70eb-898a-4346-9e15-4ec55ac15f8f} (Trojan.BHO) -> No action taken. [4054423730538380756679153541481301921717171819206721142667211914212617171467207 1241471216717242070716819182194] HKEY_CLASSES_ROOT\CLSID\{000123b4-9b42-4900-b3f7-f4b073efc214} (Trojan.BHO) -> No action taken. [4054423730538380756679153541481301921717171819206721142667211914212617171467207 1241471216717242070716819182194] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123b4-9b42-4900-b3f7-f4b073efc214} (Trojan.BHO) -> No action taken. [4054423730538380756679153541481301921717171819206721142667211914212617171467207 1241471216717242070716819182194] HKEY_CLASSES_ROOT\CLSID\{7854f00c-dc77-477e-a10e-603f48442d3b} (Trojan.BHO) -> No action taken. [4054423730538380756679153541481301921717171819206721142667211914212617171467207 1241471216717242070716819182194] HKEY_CLASSES_ROOT\orbitcth.octh.1 (Trojan.BHO) -> No action taken. [4054423730538380756679153541481301921717171819206721142667211914212617171467207 1241471216717242070716819182194] Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Orbitdownloader\orbitcth.dll (Trojan.BHO) -> No action taken. [4054423730538380756679153541481301921717171819206721142667211914212617171467207 1241471216717242070716819182194]
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.