Rouge.BulletProofSpyware.False positive?

[Hiwatt]

Hi there.I posted in the general section and was advised to post here.I've just done my daily scan and it found 7 entries of this Rouge.BulletProofSpyware.I was wondering if these are false positives as nothing else picked them up and the computer was clean yesterday when I last used it.Malwarebytes has quarintined them and I've included a copy of the results.Any help is much appreciated.Thank you.Malwarebytes' Anti-Malware 1.33

Database version: 1707

Windows 5.1.2600 Service Pack 3

30/01/2009 11:44:35

mbam-log-2009-01-30 (11-44-35).txt

Scan type: Quick Scan

Objects scanned: 58551

Time elapsed: 3 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 6

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\TypeLib\{d724f038-df89-4a1a-83d1-fd9164b78077} (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{502f728b-67b8-409e-bceb-7ee8632f321a} (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d2cd81e5-cc37-44b3-93b7-c52cb993ba34} (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{da295dae-fce7-4168-bcb8-edc3a433bd97} (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ed40af28-f03f-492a-9542-e24945cd65aa} (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e6bb8b70-8ad2-43b6-a952-83e462ce80de} (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\bpssc1.1.dll (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.

[Raid]

Can you provide a developers log please?

The registry keys are tied to the suspect file. MBAM is very good at tracking things down.

[Hiwatt]

Can you provide a developers log please?

The registry keys are tied to the suspect file. MBAM is very good at tracking things down.

Hi there.I tried to do that but because malwarebytes has quarintined them it didn't find anything when I rescanned?Is there another way I can do it?Thanks.

[exile360]

Hello again Hiwatt. You would first need to restore them from quarantine, then do the developer mode scan to get the developer log.

[Hiwatt]

Hello again Hiwatt. You would first need to restore them from quarantine, then do the developer mode scan to get the developer log.

Hello there.I restored them from quarintine and ran the scan again in "developer mode".I've attached the log it produced.Any help is much appreciated.Thank you.

mbam_log_2009_01_31__13_03_23_.txt

mbam_log_2009_01_31__13_03_23_.txt

[Raid]

It's not a false positive. The file has a version id string which matches the company who published it. It's perfectly okay to let MBAM remove them.

[Hiwatt]

It's not a false positive. The file has a version id string which matches the company who published it. It's perfectly okay to let MBAM remove them.

Ok thank you very much.Do you know how I could have picked these up?I hadn't downloaded anything and malwarebytes scanned clean just before shutting down the computer the day before.What kind of spyware is it?Thank you.

[Raid]

Ok thank you very much.Do you know how I could have picked these up?I hadn't downloaded anything and malwarebytes scanned clean just before shutting down the computer the day before.What kind of spyware is it?Thank you.

It could have been installed via a drive by download, especially if you surf with IE and/or have older versions of Java, Adobe products, etc etc etc. If you play on limewire and download mp3s or videos, it's possible while you were watching the video/listening to the music, a browser opened in the background and downloaded something.

At this point, there are several vector points to infect a machine with this garbage. The program is actually a Rogue. it pretends to find problems with your computer, and offers to cure them IF you fork out your credit card information. I'd suggest changing login passwords for everything, from email to any online bank accounts you use. Just to be safe.

Update your Java if you haven't already, as it's very important. If you don't already surf with firefox, I'd recommend you start doing so.

[Hiwatt]

It could have been installed via a drive by download, especially if you surf with IE and/or have older versions of Java, Adobe products, etc etc etc. If you play on limewire and download mp3s or videos, it's possible while you were watching the video/listening to the music, a browser opened in the background and downloaded something.

At this point, there are several vector points to infect a machine with this garbage. The program is actually a Rogue. it pretends to find problems with your computer, and offers to cure them IF you fork out your credit card information. I'd suggest changing login passwords for everything, from email to any online bank accounts you use. Just to be safe.

Update your Java if you haven't already, as it's very important. If you don't already surf with firefox, I'd recommend you start doing so.

This is a strange one.I don't have java installed atall at the moment.I never use IE(only for MS updates)and don't have adobe or limewire etc installed.I have spywareblaster installed and winpatrol as well as comodo boclean and spyware terminator(for real time)I also received no pop ups at all?