EITCC_LinearBlur.dll _SetupCasino.exe SET37.tmp

[blobsky]

I am new to MBAM and find it has flagged up 3 files that other scanners have not warned me about. Is any of the below FP?

1) I did find previous mention of the .dll but no solution, is it really trojan? My file seems the same as http://forums.malwarebytes.org/index.php?s..._LinearBlur.dll

2) I want to properly uninstall the casino game but using add/remove would mean running the same .exe with -u, but is it containing a dangerous trojan to run?

Maybe I have some version of this http://forums.malwarebytes.org/index.php?s...SetupCasino.exe but was probably originally downloaded from //banner.betfred.com/cgi-bin/SetupCasino.exe although the new file that downloads there now is not the same as the file I have which could be years older though.

3) I am wondering if deleting the font file might cause any windows problems? I cannot even see that file in explorer.

Any advice or explanations most welcome, or let me know if I need to provide more info.

Malwarebytes' Anti-Malware 1.44

Database version: 3865

Windows 5.0.2195 Service Pack 4

Internet Explorer 6.0.2800.1106

14/03/2010 6:47:07 am

mbam-log-2010-03-14 (06-46-49).txt

Scan type: Full Scan (D:\|)

Objects scanned: 508398

Time elapsed: 2 hour(s), 8 minute(s), 16 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\TypeLib\{67450775-3b18-49b1-aa83-0e010f07f4df} (Trojan.Dropper) -> No action taken. [E094F83769C8D52E71E926A23FA95ECA]

HKEY_CLASSES_ROOT\Interface\{69b3ebfa-0015-4914-9312-e7758eacfac1} (Trojan.Dropper) -> No action taken. [E094F83769C8D52E71E926A23FA95ECA]

HKEY_CLASSES_ROOT\CLSID\{30de9920-2e84-40a2-88a5-b8d256e15101} (Trojan.Dropper) -> No action taken. [E094F83769C8D52E71E926A23FA95ECA]

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\D:\Program Files\Common Files\ACD Systems\Filters\EITCC_LinearBlur.dll (Trojan.Dropper) -> No action taken. [E094F83769C8D52E71E926A23FA95ECA]

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

D:\Program Files\Common Files\ACD Systems\Filters\EITCC_LinearBlur.dll (Trojan.Dropper) -> No action taken. [E094F83769C8D52E71E926A23FA95ECA]

D:\Program Files\Betfred Casino\_SetupCasino.exe (Trojan.Agent) -> No action taken. [52321CC5AA8340FB87A215DAF4287AF5]

D:\WINNT\Fonts\SET37.tmp (Spyware.OnlineGames) -> No action taken. [99780CDDACE7929455A06BDAB25EFF77]

mbam_log_2010_03_14__06_46_49_.txt

[nosirrah]

Fonts is a strange place to find temp files and google has no hits for that path . Deleting that file at the worst will be clearing an old setup file you no longer need so go ahead and allow the fix .

If you can please zip and attach copies of both EITCC_LinearBlur.dll and _SetupCasino.exe to your next post so I can have a look at them .

[blobsky]

Here goes

EITCC_LinearBlur.zipI notice with google this filename seems to mostly come up in the context of someones MBAM log

I cannot find original installer to compare file, and the same full software version seems not on http://www.oldversion.com/ACDSee.html either

_SetupCasino.zipI also found this on an older partition of archived stuff which appears to be the installer as it was originally downloaded without the "_" but otherwise looks identical to me:

SetupCasino.zip

[nosirrah]

OK the casino file are gray area adware and if you want them use the ignore function . The EITCC file was a FP and will be fixed in the next update .