Jump to content

False Positives? 26 new MS related CLSID enties on a few different PCs all of a sudden.


Recommended Posts

Not sure where to post after the acquisition of Adwcleaner so posting it here on MB as well:

Original Post on Toolslib:

https://toolslib.net/forum/viewthread/9462-false-positive-26-new-ms-related-clsid-enties-few-different/

There are a few post on this on Toolslib and appears numerous people including 8+ PCs I have access to along with 2 friends are getting the same 26 entries flagged all of a sudden,

 

My post from toolslib below.

 

IMO FALSE POSITIVES:

 

PCs also scanned and show clean with:  Avira, Malwarebytes Anti Malware, Roguekiller, Hitman Pro, Emsisoft Emergency Kit Scanner.  Also all have MB Anti Exploit.  Standard BleepingComputer arsenal..

 

This is NOT ProxyGate! (as mentioned by toolslib admin in another similar thread). Never used it on any PC.

These entries are shown to relate to MS software controls..  I skimmed the registry to verify all of these.  MS Toolbar Control 6.0, Image combo Box controls, etc just as posted in a couple other recent posts a few hours apart.  All CLSID references relate to these MS controls with no apparent malicious keys or pointers anywhere within.

I use adwcleaner regularly and today all of a sudden all 5 of the office PCs have these same 26 registry entries flagged when previously not.

Also 3 home PCs and laptops show this today when they did not the other day with the same version of adwcleaner.  One laptop has not been online since the last adwcleaner scan.

2 friends tried it and also SAME 26 entries when previously not.  Not sure if adwcleaner updates itself now because the same version did not flag these entries 2 days ago and I have the current version 6.030.  So either windows updates added something that adwcleaner flags now or adwcleaner updated and changed its prameters?

 

ATTENTION:  I cannot find these exact entries adwcleaner flags under the keys listed below if I search the reg manually.  These entries do not show up under HKLM\Software\classes\CLSID

They do however show up in many other registry locations referencing MS Software control CLSIDs as stated above and in a few other posts regarding this same issue.

 

# AdwCleaner v6.030 - Logfile created 04/11/2016 at 10:49:45 # Updated on 19/10/2016 by Malwarebytes # Database : 2016-11-04.1 [Server] # Operating System : Windows 10 Home  (X64) # Username : XXXXXXXX # Running from : XXXXXXX\AdwCleaner.exe # Mode: Scan # Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628} Key Found:  HKLM\SOFTWARE\Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}

***** [ Web browsers ] *****

No malicious Firefox based browser items found. No malicious Chromium based browser items found.

*************************

Link to post
Share on other sites

Here's a cleaner version for analysis purposes.

Key Found:  HKLM\SOFTWARE\Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628} 
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628} 
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628} 
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628} 
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628} 
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628} 
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628} 
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628} 
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628} 
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628} 
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628} 
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628} 
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628} 
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628} 
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628} 
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.