Jump to content

why wont MBMA find these infections


Recommended Posts

Hi I bought malwarebytes about a week ago because my pc was running slow and I thought I had been infected I ran the in depth scanner and it picked up a dozen or so trojans. Ok I was very happy then a friend contacted me and warned that he was having aproblem with skype and warned that the infection could have been transfered to mine. I ran Malwarebytes and luckily it was clear but I still had a nagging feeling about it so I ran the free version of Avast and withing 10 seconds of running i I had 3 infections show up.

Obviously as I bought this I'm not going to pay for Avast to remove them so I'm including the info here. Please let me know what to do.

----------------------------------------------------------------

From Avast

Spyware Details

Name: BrowserAid

Type: Registry

Level: HIGH RISK

Location: HKEY_CLASSES_ROOT\appid\bho.dll

Description: BrowserAid is a family of interrelated Internet Explorer toolbars and hijackers from browseraid.com, most of which seem to be stealth-installed.

Advice: CyberDefender earlySPY recommends you remove this risk item.

------------------------------------------------------------------------

Spyware Details

Name: Parental Control Tool

Type: Registry

Level: HIGH RISK

Location: HKEY_CURRENT_USER\Software\ASProtect

Description: Spyware may monitor your activity on the Internet and transmits that information, in the background, to someone else. Spyware can also gather information about e-mail addresses, passwords and credit card numbers.

Advice: CyberDefender earlySPY recommends you remove this risk item.

-------------------------------------------------------------------

Spyware Details

Name: MSN Track Monitor

Type: Registry

Level: HIGH RISK

Location: HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications

Description: Spyware may monitor your activity on the Internet and transmits that information, in the background, to someone else. Spyware can also gather information about e-mail addresses, passwords and credit card numbers.

Advice: CyberDefender earlySPY recommends you remove this risk item.

Link to post
Share on other sites

  • Staff

Avast does not detect registry entries like this and this is not avast you are running :

Advice: CyberDefender earlySPY recommends you remove this risk item.

Somehow you were tricked into installing CyberDefender , an application with a bad history :

http://74.125.93.132/search?q=cache:7gT7_h...=clnk&gl=us

http://www.google.com/search?hl=en&q=C...;oq=&aqi=g1

Link to post
Share on other sites

  • Staff

I'm thinking this is more a case the user downloaded CyberDefender by mistake, looking for Malwarebytes. This happens all the time due to marketing ploys by download sites to prominently display paid adverts.

Link to post
Share on other sites

Avast does not detect registry entries like this and this is not avast you are running :

Advice: CyberDefender earlySPY recommends you remove this risk item.

Somehow you were tricked into installing CyberDefender , an application with a bad history :

http://74.125.93.132/search?q=cache:7gT7_h...=clnk&gl=us

http://www.google.com/search?hl=en&q=C...;oq=&aqi=g1

yes you're right I have download this by mistake in my haste I clicked on a clone of avast so my mistake. How can get rid of the malware as malwarebytes doesnt see them?

Link to post
Share on other sites

Also, the "BrowserAid" detection is almost certainly a False Positive. It must have been four or five years ago since I last came across one of those....

There is at least one legitimate application (Snagit is one I know of) that registers the exact same key

Yes I use snagit all the time

Link to post
Share on other sites

Yes I use snagit all the time

Well, you can write that 'detection' off right away then... :lol:

I have a hunch that the other items may well be False Positives too, but we'd have to see exports of the registry keys in question if we're to be sure

Please copy the text in the box below to Notepad and save it to your desktop as reginfo.bat

< batchfile removed by TonyKlein pending adaptation >

Double-click your newly created reginfo.bat file, and it will run and create a text document on your desktop which will open in Notepad.

Copy and paste the contents of that entire file in this thread.

Link to post
Share on other sites

Well, you can write that 'detection' off right away then... :lol:

I have a hunch that the other items may well be False Positives too, but we'd have to see exports of the registry keys in question if we're to be sure

Please copy the text in the box below to Notepad and save it to your desktop as reginfo.bat

Regedit /e Info1.txt "HKEY_CURRENT_USER\Software\ASProtect"

Regedit /e Info2.txt "HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications"

copy Info1.txt + Info2.txt RegInfo.txt
del Info1.txt
del Info2.txt

Start RegInfo.txt

Double-click your newly created reginfo.bat file, and it will run and create a text document on your desktop which will open in Notepad.

Copy and paste the contents of that entire file in this thread.

Ok I did that, however I keep getting an error message which wont let me save or paste so I have attached a a screenshot of it.

thanks

post-18216-1251064080_thumb.png

Link to post
Share on other sites

  • Staff

I saw your error and just thought I'd jump in with a quick assist :lol: . Since you're running Vista you'll need to right-click on the .bat file you created and select Run as administrator and then click Continue at the User Account Control prompt. If you have User Account Control disabled then I HIGHLY recommend that you turn it back on for the security of your PC as well as compatibility with software, as the majority of current programs are UAC aware and will fail if run with incorrect privelages which is what happens when UAC is off.

Link to post
Share on other sites

Thanks, exile360 :lol:

Also, I was careless myself as well.

After following exile360's advice, please create the following batfile, call it peek.bat, and run that instead:

regedit /e peek1.txt "HKEY_CURRENT_USER\Software\ASProtect"
regedit /e peek2.txt "HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications"

type peek1.txt >> look.txt
type peek2.txt >> look.txt

del peek*.txt

start notepad look.txt

Post the contents of the created look.txt file

Link to post
Share on other sites

I saw your error and just thought I'd jump in with a quick assist :lol: . Since you're running Vista you'll need to right-click on the .bat file you created and select Run as administrator and then click Continue at the User Account Control prompt. If you have User Account Control disabled then I HIGHLY recommend that you turn it back on for the security of your PC as well as compatibility with software, as the majority of current programs are UAC aware and will fail if run with incorrect privelages which is what happens when UAC is off.

Thanks for your help here I should have known that

Link to post
Share on other sites

Thanks, exile360 :lol:

Also, I was careless myself as well.

After following exile360's advice, please create the following batfile, call it peek.bat, and run that instead:

regedit /e peek1.txt "HKEY_CURRENT_USER\Software\ASProtect"
regedit /e peek2.txt "HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications"

type peek1.txt >> look.txt
type peek2.txt >> look.txt

del peek*.txt

start notepad look.txt

Post the contents of the created look.txt file

Ok here it is:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\ASProtect]

[HKEY_CURRENT_USER\Software\ASProtect\SpecData]

@="E6657A401DB572AB"

"E6657A401DB572AB"=hex:a9,c5,92,b6,5f,47,3d,f7,c5,83,6a,0a,47,3a,73,b2,62,0f,\

4b,07,b8,64,73,53,94,60,64,ed,83,fa

"8AB2DCE2F3BB1387"=hex:4c,29,80,1d,b5,e6,3d,56,19,4f,52,c2,1a,56,5a,70,52,e0,\

fa,59,58,ef,af,dd,83,a2,4e,bd,6c,a9

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications]

[HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\CameraWindow]

[HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\CameraWindow\Settings]

[HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\Samsung Media Studio]

[HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\Samsung Media Studio\Settings]

[HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\Viewer]

[HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\Viewer\Settings]

Link to post
Share on other sites

Thanks!

I think we consider those two remaining detections False Positives as well. The "ASProtect" registry key could be created by any number of applications, and it is harmless by itself anyway.

As for "Local AppWizard-Generated Applications", as you can see for yourself it only references legitimate applications, so you can disregard that one as well. :lol:

Link to post
Share on other sites

Thanks!

I think we consider those two remaining detections False Positives as well. The "ASProtect" registry key could be created by any number of applications, and it is harmless by itself anyway.

As for "Local AppWizard-Generated Applications", as you can see for yourself it only references legitimate applications, so you can disregard that one as well. :lol:

[/quote

Thanks for your help here I appreciated it

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.