Jump to content
Guest remixed

Hotbar 2, The sequel

Recommended Posts

Guest remixed

Latest version, only 26 this time.

Malwarebytes' Anti-Malware Version 0.77

Database version: 219

Scan type: Quick Scan

Objects scanned: 17996

Time elapsed: 5 minute(s), 55 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 26

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\Redemption.MAPIFolder (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{03c4c5f4-1893-444c-b8d8-002f0034da92} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\Redemption.SafePostItem (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{11e2bc0c-5d4f-4e0c-b438-501ffe05a382} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\Redemption.MAPIUtils (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{4a5e947e-c407-4dcc-a0b5-5658e457153b} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\Redemption.SafeContactItem (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{4fd5c4d3-6c15-4ea0-9eb9-eee8fc74a91b} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\Redemption.SafeAppointmentItem (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{620d55b0-f2fb-464e-a278-b4308db1db2b} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\Redemption.SafeMailItem (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{741beefd-aec0-4aff-84af-4f61d15f5526} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\Redemption.SafeTaskItem (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{7a41359e-0407-470f-b3f7-7c6a0f7c449a} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\Redemption.SafeDistList (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{7c4a630a-de98-4e3e-8093-e8f5e159bb72} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\Redemption.MAPITable (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{a6931b16-90fa-4d69-a49f-3abfa2c04060} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\Redemption.SafeJournalItem (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{c5aa36a1-8bd1-47e0-90f8-47e7239c6ea1} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\Redemption.SafeMeetingItem (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{fa2cbafb-f7b1-4f41-9b7a-73329a6c1cb7} (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\Redemption.SafeCurrentUser (Adware.Shopping.Report) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{7ed1e9b1-cb57-4fa0-84e8-fae653fe8e6b} (Adware.Shopping.Report) -> No action taken.

HKEY_CLASSES_ROOT\Redemption.AddressLists (Adware.Shopping.Report) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{37587889-fc28-4507-b6d3-8557305f7511} (Adware.Shopping.Report) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites
Guest remixed

I scanned 3 PC's, all in different locations, after the latest update and the results were the same. None of the 'infections' were present between the previous Hotbar/Redemption correction and this update. The only common installation that the 3 computers share is the new Windows Wga update.

Share this post


Link to post
Share on other sites

I did a search online, and found that, in addition to HotBar, this CLSID (03c4c5f4-1893-444c-b8d8-002f0034da92) is also linked to Outlook Redemption - see http://www.dimastr.com/redemption/security.htm

In fact, every CLSID up there belongs to Redemption - which makes sense when you look at the identifying key - HKEY_CLASSES_ROOT\Redemption.AddressLists (Adware.Shopping.Report)

So, it seems that MBAM is falsely detecting Redemption security techniques as the actual Malware products that are associated with those CLSID.

And that would explain why most of us are not seeing this round of FPs

Share this post


Link to post
Share on other sites
Guest remixed

I think i've discovered the origin of the Redemption/Hotbar issue i raised. I realised that there was one other common change amongst the 3 PC's that were showing new 'Hotbar' infections (26) and that is they they all had fresh installs of Trend Micro Internet Security 2008. On closer inspection Trend seem to use a version of Redemption.dll win32type library in their TMAS_OL (anti-spyware) and what is described as 'Safe Replica Of The Outlook's Mailitem' (The InProc Server32, Remp~1.DLL). I hope that this nonsense is of some help.

Share this post


Link to post
Share on other sites

Kewl. That explains a lot. Still, though, these *are* false positives.

SCore another one for remixed!

Share this post


Link to post
Share on other sites
Guest remixed

Still got a couple..

Malwarebytes' Anti-Malware Version 0.77

Database version: 221

Scan type: Quick Scan

Objects scanned: 18608

Time elapsed: 6 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\Redemption.SafeMailItem (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{741beefd-aec0-4aff-84af-4f61d15f5526} (Adware.Hotbar) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites
Guest remixed
Ill get them when I get home tonight .

Still there....

Malwarebytes' Anti-Malware Version 0.78

Database version: 222

Scan type: Quick Scan

Objects scanned: 18612

Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\Redemption.SafeMailItem (Adware.Hotbar) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{741beefd-aec0-4aff-84af-4f61d15f5526} (Adware.Hotbar) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites
Guest remixed

Still getting the same F.P's so iv'e uninstalled..good luck.

Share this post


Link to post
Share on other sites

Remixed, you have to understand, we have one person working on the definitions at the moment. This is labeled as a beta program for this reason. When we release, there will be much more people working to remove false positives, add new threats, and fix bugs.

There is also an ignore list that you can utilize and ignore these items.

Share this post


Link to post
Share on other sites
Guest remixed
Must be first time beta testing. That is what it's all about. B)

Rubber Ducky, I apologise if my post appeared to reflect petulence. I fully appreciate the difficulties and the hard work involved and think you've done an impressive job thus far. My 'frustration' arises from a recent experience beta-testing (by invitation) for Systweak and if you look at the results you'll understand why. Yes, Jean In Montana, i am a relative newcomer to testing this kind of product ( I am an experienced CAD tester, for which i am paid) but i could do without the smug and patronising comments. Regards from a wet & windy London.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.