Jump to content

FeedDemon dlls identified as Rogue.PCDocPro?


ottchris
 Share

Recommended Posts

Early today two FeedDemon dlls and presumed associated registry entries were identified as Rogue.PCDocPro by a Malwarebytes daily quick scan. AFAIA the dlls have been in place and unaltered for some time (although they may be mistakenly guilty by association given that the registry entries also point at data which by definition FeedDemon collects from RSS feeds). I have run NOD32 and Agnitum Spyware checks against the two dlls and both were found 'infection free'. I have zipped and attached the two dlls and here is the log:

Malwarebytes' Anti-Malware 1.44

Database version: 3642

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

27/01/2010 14:55:45

mbam-log-2010-01-27 (14-55-33).txt

Scan type: Quick Scan

Objects scanned: 144768

Time elapsed: 14 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 19

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

F:\Research\FeedDemon\eWebControl365.dll (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300]

Registry Keys Infected:

HKEY_CLASSES_ROOT\axeserver.axenv (Rogue.PCDocPro) -> No action taken. [9167908BE4266458DA9DFACF0CEDBBCB]

HKEY_CLASSES_ROOT\TypeLib\{24158a0e-da05-4591-ba7d-d85d801e3f11} (Rogue.PCDocPro) -> No action taken. [9167908BE4266458DA9DFACF0CEDBBCB]

HKEY_CLASSES_ROOT\Interface\{6c9ca10d-e604-47fb-a2f9-c9a013193609} (Rogue.PCDocPro) -> No action taken. [9167908BE4266458DA9DFACF0CEDBBCB]

HKEY_CLASSES_ROOT\CLSID\{44eead9b-4eb1-4236-83bc-1273bb4b01ef} (Rogue.PCDocPro) -> No action taken. [9167908BE4266458DA9DFACF0CEDBBCB]

HKEY_CLASSES_ROOT\CLSID\{6c9ca10d-e604-47fb-a2f9-c9a013193609} (Rogue.PCDocPro) -> No action taken. [9167908BE4266458DA9DFACF0CEDBBCB]

HKEY_CLASSES_ROOT\axeserver.axenv.1 (Rogue.PCDocPro) -> No action taken. [9167908BE4266458DA9DFACF0CEDBBCB]

HKEY_CLASSES_ROOT\ewebprefilldata.365 (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300]

HKEY_CLASSES_ROOT\TypeLib\{fd96bc95-a0b9-4533-b0d3-8d47e9924d34} (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300]

HKEY_CLASSES_ROOT\Interface\{4cc7b178-100e-4533-ba30-bdb668229bf9} (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300]

HKEY_CLASSES_ROOT\Interface\{788c5a1b-3643-4e99-87df-e9e0c5b73691} (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300]

HKEY_CLASSES_ROOT\Interface\{9512c7b2-2065-4774-a522-2effb4188331} (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300]

HKEY_CLASSES_ROOT\CLSID\{892f787f-b650-4a3e-aa5b-2b8021ce4d0a} (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300]

HKEY_CLASSES_ROOT\CLSID\{a0b0e5ab-617c-4a7d-8a94-9937d24b6670} (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300]

HKEY_CLASSES_ROOT\CLSID\{b34ccd89-d1cd-4f9a-ba6c-936ba7f7a239} (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300]

HKEY_CLASSES_ROOT\ewebprefilldata.365.1 (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300]

HKEY_CLASSES_ROOT\ewebresultdata.365 (Rogue.PCDocPro) -> No action taken. [8E6ED52CD63EA0E6D1C9D76C596E49F5]

HKEY_CLASSES_ROOT\ewebresultdata.365.1 (Rogue.PCDocPro) -> No action taken. [8E6ED52CD63EA0E6D1C9D76C596E49F5]

HKEY_CLASSES_ROOT\ewebsdk.365 (Rogue.PCDocPro) -> No action taken. [F8CF97BDC75C48D32940D1C8BD5D00FE]

HKEY_CLASSES_ROOT\ewebsdk.365.1 (Rogue.PCDocPro) -> No action taken. [F8CF97BDC75C48D32940D1C8BD5D00FE]

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

F:\Research\FeedDemon\eWebClient.dll (Rogue.PCDocPro) -> No action taken. [9167908BE4266458DA9DFACF0CEDBBCB]

F:\Research\FeedDemon\eWebControl365.dll (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300]

mbam_2010_01_27_false_positive_files.zip

Link to post
Share on other sites

Yup, confirmed FP... (note that I have FeedDemon installed in the default location (%ProgramFiles%\FeedDemon)

Malwarebytes' Anti-Malware 1.44

Database version: 3645

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

27-1-2010 17:28:59

mbam-log-2010-01-27 (17-28-55).txt

Scan type: Quick Scan

Objects scanned: 120940

Time elapsed: 5 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 19

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\axeserver.axenv (Rogue.PCDocPro) -> No action taken. [9167908BE4266458DA9DFACF0CEDBBCB]

HKEY_CLASSES_ROOT\TypeLib\{24158a0e-da05-4591-ba7d-d85d801e3f11} (Rogue.PCDocPro) -> No action taken. [9167908BE4266458DA9DFACF0CEDBBCB]

HKEY_CLASSES_ROOT\Interface\{6c9ca10d-e604-47fb-a2f9-c9a013193609} (Rogue.PCDocPro) -> No action taken. [9167908BE4266458DA9DFACF0CEDBBCB]

HKEY_CLASSES_ROOT\CLSID\{44eead9b-4eb1-4236-83bc-1273bb4b01ef} (Rogue.PCDocPro) -> No action taken. [9167908BE4266458DA9DFACF0CEDBBCB]

HKEY_CLASSES_ROOT\CLSID\{6c9ca10d-e604-47fb-a2f9-c9a013193609} (Rogue.PCDocPro) -> No action taken. [9167908BE4266458DA9DFACF0CEDBBCB]

HKEY_CLASSES_ROOT\axeserver.axenv.1 (Rogue.PCDocPro) -> No action taken. [9167908BE4266458DA9DFACF0CEDBBCB]

HKEY_CLASSES_ROOT\ewebprefilldata.365 (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300]

HKEY_CLASSES_ROOT\TypeLib\{fd96bc95-a0b9-4533-b0d3-8d47e9924d34} (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300]

HKEY_CLASSES_ROOT\Interface\{4cc7b178-100e-4533-ba30-bdb668229bf9} (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300]

HKEY_CLASSES_ROOT\Interface\{788c5a1b-3643-4e99-87df-e9e0c5b73691} (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300]

HKEY_CLASSES_ROOT\Interface\{9512c7b2-2065-4774-a522-2effb4188331} (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300]

HKEY_CLASSES_ROOT\CLSID\{892f787f-b650-4a3e-aa5b-2b8021ce4d0a} (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300]

HKEY_CLASSES_ROOT\CLSID\{a0b0e5ab-617c-4a7d-8a94-9937d24b6670} (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300]

HKEY_CLASSES_ROOT\CLSID\{b34ccd89-d1cd-4f9a-ba6c-936ba7f7a239} (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300]

HKEY_CLASSES_ROOT\ewebprefilldata.365.1 (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300]

HKEY_CLASSES_ROOT\ewebresultdata.365 (Rogue.PCDocPro) -> No action taken. [8E6ED52CD63EA0E6D1C9D76C596E49F5]

HKEY_CLASSES_ROOT\ewebresultdata.365.1 (Rogue.PCDocPro) -> No action taken. [8E6ED52CD63EA0E6D1C9D76C596E49F5]

HKEY_CLASSES_ROOT\ewebsdk.365 (Rogue.PCDocPro) -> No action taken. [F8CF97BDC75C48D32940D1C8BD5D00FE]

HKEY_CLASSES_ROOT\ewebsdk.365.1 (Rogue.PCDocPro) -> No action taken. [F8CF97BDC75C48D32940D1C8BD5D00FE]

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\FeedDemon\eWebClient.dll (Rogue.PCDocPro) -> No action taken. [9167908BE4266458DA9DFACF0CEDBBCB]

C:\Program Files\FeedDemon\eWebControl365.dll (Rogue.PCDocPro) -> No action taken. [22F8B56B0BE2E13341D4F708CB574300]

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.