Jump to content
CPD

ToolBand.dll FP?

Recommended Posts

On an Acer laptop I have a detection similar to one for ActiveToolBand.dll in September 2008 that was subsequently corrected in MB. <http://www.malwarebytes.org/forums/index.php?showtopic=6284&hl=activetoolband.dll> In both cases the HiTrust file versions and created/modified dates are identical. If this too is a FP are all affected registry key/value infection flags invalid as well? Please advise.

Thanks,

CPD

Log file:

Malwarebytes' Anti-Malware 1.39

Database version: 2498

Windows 5.1.2600 Service Pack 2

7/25/2009 9:20:27 AM

mbam-log-2009-07-25 (09-19-19).txt

Scan type: Quick Scan

Objects scanned: 87122

Time elapsed: 4 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf} (Adware.DoubleD) -> No action taken. [4054423730922219262470261722141869716714216626681426252418146621712622716922252

6212294]

HKEY_CLASSES_ROOT\Typelib\{5297e905-1dfb-4a9c-9871-a4f95fd58945} (Adware.DoubleD) -> No action taken. [4054423730922219262470261722141869716714216626681426252418146621712622716922252

6212294]

HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [4054423730922219262470261722141869716714216626681426252418146621712622716922252

6212294]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [4054423730922219262470261722141869716714216626681426252418146621712622716922252

6212294]

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ToolBand.dll (Adware.DoubleD) -> No action taken. [4054423730922219262470261722141869716714216626681426252418146621712622716922252

6212294]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [4054423730922219262470261722141869716714216626681426252418146621712622716922252

6212294]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [4054423730922219262470261722141869716714216626681426252418146621712622716922252

6212294]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [4054423730922219262470261722141869716714216626681426252418146621712622716922252

6212294]

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\ToolBand.dll (Adware.DoubleD) -> No action taken. [4054423730922219262470261722141869716714216626681426252418146621712622716922252

6212294]

post-3961-1248533213_thumb.png

post-3961-1248533227_thumb.png

post-3961-1248533213_thumb.png

post-3961-1248533227_thumb.png

Share this post


Link to post
Share on other sites

Please zip and attach a copy of that file to your next post so I can look at it .

C:\WINDOWS\system32\ToolBand.dll

Share this post


Link to post
Share on other sites
Update and check again please .

All clear on database version: 2500. Thanks for the prompt assistance.

CPD

Share this post


Link to post
Share on other sites

With program version 1.42 update today I have a repeat detection on an Acer laptop similar to one for ActiveToolBand.dll in September 2008 that was subsequently corrected in MB. <http://www.malwarebytes.org/forums/index.php?showtopic=6284&hl=activetoolband.dll> and an identical detection noted in this post last July. In all cases the HiTrust file versions and created/modified dates are identical. It tested clean again on VirusTotal <http://www.virustotal.com/analisis/bfef8170f7432db06da8e31de7e17fb6ba3b131f99b8177dddcef93550a33360-1260123003>. If it is a FP are all affected registry key/value infection flags invalid as well? Please advise.

Thanks,

CPD

Malwarebytes' Anti-Malware 1.42

Database version: 3289

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.11

12/6/2009 11:56:58 AM

mbam-log-2009-12-06 (11-56-43).txt

Scan type: Quick Scan

Objects scanned: 103403

Time elapsed: 6 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]

HKEY_CLASSES_ROOT\Typelib\{5297e905-1dfb-4a9c-9871-a4f95fd58945} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]

HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ToolBand.dll (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\ToolBand.dll (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]

Share this post


Link to post
Share on other sites

Please update the database, you're way behind, then rescan.

Share this post


Link to post
Share on other sites

Sorry. The program update didn't include or prompt for a new database, but same detection results on 3340:

Malwarebytes' Anti-Malware 1.42

Database version: 3304

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.11

12/6/2009 12:53:18 PM

mbam-log-2009-12-06 (12-53-08).txt

Scan type: Quick Scan

Objects scanned: 103831

Time elapsed: 5 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]

HKEY_CLASSES_ROOT\Typelib\{5297e905-1dfb-4a9c-9871-a4f95fd58945} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]

HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ToolBand.dll (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eed3b} (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\ToolBand.dll (Adware.DoubleD) -> No action taken. [3582A04968901768A6EC9E4926D2F59B]

Share this post


Link to post
Share on other sites

Cleared on database version: 3307. Thanks again.

Share this post


Link to post
Share on other sites
With program version 1.42 update today I have a repeat detection on an Acer laptop similar to one for ActiveToolBand.dll in September 2008 that was subsequently corrected in MB. <http://www.malwarebytes.org/forums/index.php?showtopic=6284&hl=activetoolband.dll> and an identical detection noted in this post last July. In all cases the HiTrust file versions and created/modified dates are identical. It tested clean again on VirusTotal <http://www.virustotal.com/analisis/bfef8170f7432db06da8e31de7e17fb6ba3b131f99b8177dddcef93550a33360-1260123003>. If it is a FP are all affected registry key/value infection flags invalid as well? Please advise.

Thanks,

CPD

Malwarebytes' Anti-Malware 1.42

Database version: 3289

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.11

12/6/2009 11:56:58 AM

mbam-log-2009-12-06 (11-56-43).txt

Scan type: Quick Scan

Objects scanned: 103403

Time elapsed: 6 minute(s), 4 second(s)

Share this post


Link to post
Share on other sites

{5297e905-1dfb-4a9c-9871-a4f95fd58945} <- this is the cause here and taking a quick look on google I am not getting the impression that it is either common or legit.

Please zip and attach ToolBand.dll to your next post so I can take a look at it.

Share this post


Link to post
Share on other sites
{5297e905-1dfb-4a9c-9871-a4f95fd58945} <- this is the cause here and taking a quick look on google I am not getting the impression that it is either common or legit.

Please zip and attach ToolBand.dll to your next post so I can take a look at it.

Bruce,

File attached and VirusTotal scan results test clean here. The file modified date 10/19/2005 (same as in screen capture of 9/2009 above) predates original purchase of the laptop in 1/2006. Nothing has changed since then.

Let me know,

CPD

ToolBand.zip.

Share this post


Link to post
Share on other sites

I just wanted to double check, thanks for the file. I am trying to figure out what exactly the issues are here and I think I finally have all of them. I am fixing this and making a special note on the conflict here (legit and malware have some identical components).

Share this post


Link to post
Share on other sites

Cleared on database version: 4251. Thanks again.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.