Jump to content

Are These FP's?


aland08
 Share

Recommended Posts

Hi,

Updated & scanned today on 2 separate machines & picked up the same infections on both machines. The machines are not networked in the sense that they each operate separately, but they do share a router & modem. I had many specific ad cookies disabled on one machine & decided to allow them back today...again, this was only on one machine. Seems as though this has something to do with the scan results as all issues appear to be ad related. Anyway, just an FYI. Still, I don't understand why enabling cookies, & not even 3rd party cookies, would cause MBAM to consider them a registry problem. Perhaps someone could shed some light on this. See report below:

Thanks, Alan

Malwarebytes' Anti-Malware 1.37

Database version: 2227

Windows 5.1.2600 Service Pack 3

06/03/2009 11:30:16 PM

mbam-log-2009-06-03 (23-30-16).txt

Scan type: Quick Scan

Objects scanned: 90279

Time elapsed: 4 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 7

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bfast.com (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\commission-junction.com (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.com (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.net (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\kqzyfj.com (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\linksynergy.com (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\qksrv.net (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Bruce,

TY for the fast reply. The info from the link was a bit over my head although I got the idea. It seems as though these were not FP's & are serious. Why did you suggest that they were remnants of a prior infection & not an infection? I just picked them up & deleted them tonight. Any other suggestions on what I could do to be sure I am safe?

Thanks, Alan

Link to post
Share on other sites

Nick,

Maybe I am a little slow tonight but I don't understand...

I added definitions to cover these tonight so it all fits together .

Just so you know, I scan daily with Avast, MBAM & AdAware, run Spywareblaster, a hard firewall in addition to Windows, & just picked this up tonight, granted I did update MBAM prior to scanning.

Any chance you could explain a bit more. :huh:

Thanks, Alan

Link to post
Share on other sites

  • Staff

What I am saying is that the traces detected in your system were not covered by MBAM even 6 hours ago . If you had the actual executable part of this infection you would see in it your MBAM , there is nothing to suggest that the other components are there .

Link to post
Share on other sites

OHHHH....I totally misunderstood your meaning initially. You just modified MBAM tonight to detect such infections....prior to my updating and scanning. Thanks for your support...I am impressed :huh:

Have a good night.

I got these same detection on both of my pc... one that hasn't been infected for the past 8 months. So i am little confuse about it.

From my understanding is perfectly safe to remove malware traces right? In particular these ones.

Link to post
Share on other sites

Ran a quick scan and got it too:

Malwarebytes' Anti-Malware 1.37

Database version: 2227

Windows 5.1.2600 Service Pack 3

6/4/2009 1:52:51 AM

mbam-log-2009-06-04 (01-52-40).txt

Scan type: Quick Scan

Objects scanned: 89127

Time elapsed: 6 minute(s), 18 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 7

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bfast.com (Adware.BHO) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\commission-junction.com (Adware.BHO) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.com (Adware.BHO) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.net (Adware.BHO) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\kqzyfj.com (Adware.BHO) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\linksynergy.com (Adware.BHO) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\qksrv.net (Adware.BHO) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Haven't been infected in a long while and it hasn't been long since I reformatted and reinstalled.

Link to post
Share on other sites

  • Staff

Hi,

This will be fixed in next update. In above cases, dword 5 is set which means these cookies are blocked. mbam had problems with reading the dword correctly here and should only flag these if they were set to dword 1.

In either cases, no harm was done if you let mbam remove above that was found :huh:

Link to post
Share on other sites

Hi,

This will be fixed in next update. In above cases, dword 5 is set which means these cookies are blocked. mbam had problems with reading the dword correctly here and should only flag these if they were set to dword 1.

In either cases, no harm was done if you let mbam remove above that was found ;)

Awesome, great to hear that. I was really confuse on how both my machine came up with the exact same infection :huh: .... i was like no way

Link to post
Share on other sites

Just wanted to add that I have the same scan results on database version 2227. Here's my developer log:

Malwarebytes' Anti-Malware 1.37

Database version: 2227

Windows 5.1.2600 Service Pack 2

6/4/2009 8:57:14 AM

mbam-log-2009-06-04 (08-57-12).txt

Scan type: Quick Scan

Objects scanned: 112174

Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 6

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bfast.com (Adware.BHO) -> No action taken. [3857535134304144385864365451513847536454523851615248395356345138614674688380848

07185615674796980888461368683837079855570838474807961427985708379708501527085857

4

79728461492049614174848580839061677166848515688078]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\commission-junction.com (Adware.BHO) -> No action taken. [3857535134304144385864365451513847536454523851615248395356345138614674688380848

07185615674796980888461368683837079855570838474807961427985708379708501527085857

4

797284614920496141748485808390616880787874848474807914758679688574807915688078]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.com (Adware.BHO) -> No action taken. [3857535134304144385864365451513847536454523851615248395356345138614674688380848

07185615674796980888461368683837079855570838474807961427985708379708501527085857

4

7972846149204961417484858083906171668485687774687615688078]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.net (Adware.BHO) -> No action taken. [3857535134304144385864365451513847536454523851615248395356345138614674688380848

07185615674796980888461368683837079855570838474807961427985708379708501527085857

4

7972846149204961417484858083906171668485687774687615797085]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\linksynergy.com (Adware.BHO) -> No action taken. [3857535134304144385864365451513847536454523851615248395356345138614674688380848

07185615674796980888461368683837079855570838474807961427985708379708501527085857

4

79728461492049614174848580839061777479768490797083729015688078]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\qksrv.net (Adware.BHO) -> No action taken. [3857535134304144385864365451513847536454523851615248395356345138614674688380848

07185615674796980888461368683837079855570838474807961427985708379708501527085857

4

79728461492049614174848580839061827684838715797085]

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hello :huh:

I have the same problem , I have 5 "infected" elements :

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bfast.com (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\commission-junction.com (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.com (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.net (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\linksynergy.com (Adware.BHO) -> Quarantined and deleted successfully.

I didn't test with my antivirus yet, but on a french forum, someone says that SPYBOT Search & Destroy finds the same elements as MALWAREBYTES' ANTIMALWARE ....

I can't test because I deleted SPYBOT because it took 4 hours to scan my computer !

Link to post
Share on other sites

Please update and see if it's "fixed" now. :huh:

Tried to update but am told "You have the latest database version" -- 2227. Ran scan again with same results -- 6 registry keys infected on laptop and 7 keys infected on desktop.

When will next update become available?

Link to post
Share on other sites

I was told that it was updated to fix this, but I also see that there's no update yet, so update will be up asap :huh:

Database update to 2229 and the problem is fiixed. (Yay!) Thank you developers for your quick response to the problem and thank you to my fellow Malwarebyes users for posting their concerns.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.