Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

False Positives?


Jormungandr
 Share

Recommended Posts

I ran a scan today and came up with this:

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\TypeLib\{661e32fd-a5f0-49bc-96cc-d872fe10a7dc} (AdWare.WebHancer) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3296405e-e08f-4442-801e-3dcd2c6aa82c} (AdWare.WebHancer) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{bf0118d4-63ff-4138-9327-f3028fb1a578} (AdWare.WebHancer) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bf0118d4-63ff-4138-9327-f3028fb1a578} (AdWare.WebHancer) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\Web\Wallpaper\welcome\AWhelper.dll (AdWare.WebHancer) -> Quarantined and deleted successfully.

I currently have them in quarantine and haven't deleted them from it. I just had my computer reformatted and don't want to permanently delete any essential. So false positives or malicious stuff?

Link to post
Share on other sites

@Jormungandr,

I have the exact same thing on my computer, including the registry entries. I've got a thread on this forum:

http://forums.malwarebytes.org/index.php?showtopic=43944

I've done some google searches on it, and it looks like this gets mixed reviews, with a couple of programs thinking it's adware. I did notice a common theme, though. HP. My HP computer has this, my Lenovo doesn't. Does your computer happen to be an HP product by any chance? And have you rebooted your computer since putting all of those into quarantine? If so, is everything working correctly?

In checking the properties of this file, the original dates of creation and modification are now gone because I've had it in and out of quarantine. However, the other files in that folder (4 mages and a JS file) have a creation date of Sept 15/05, and modification dates in 2003.

Link to post
Share on other sites

@Jormungandr,

I have the exact same thing on my computer, including the registry entries. I've got a thread on this forum:

http://forums.malwarebytes.org/index.php?showtopic=43944

I've done some google searches on it, and it looks like this gets mixed reviews, with a couple of programs thinking it's adware. I did notice a common theme, though. HP. My HP computer has this, my Lenovo doesn't. Does your computer happen to be an HP product by any chance? And have you rebooted your computer since putting all of those into quarantine? If so, is everything working correctly?

In checking the properties of this file, the original dates of creation and modification are now gone because I've had it in and out of quarantine. However, the other files in that folder (4 mages and a JS file) have a creation date of Sept 15/05, and modification dates in 2003.

Yes, it's an HP. I just had my computer reformatted. I've rebooted and everything seems ok.

When I first installed MBAM last year, it deleted a lot of adware.

After I ran MBAM and rebooted, I ran Super AntiSpyware and it found :

Trojan.Agent/Gen-Nullo[short] in System Restore. I think this was a copy of whatever MBAM deleted. I placed it into quarantine as well. Complete scans using both show nothing now.

Link to post
Share on other sites

I also use SuperAntispyware as an on demand scanner.

I have had MWB allow awhelper.dll and the related registry entries and I'm waiting for the developers here to come up with more information.

The MWB protection log does record whenever it detects awhelper.dll and that it is allowed. In checking my logs since all of this started, the only time MWB logs anything related to awhelper.dll is when I run a daily quick scan with SuperAntispyware. It did the same when I rt. click scanned awhelper.dll with SuperAntispyware. So Malwarebytes detects awhelper.dll whenever SuperAntispyware scans it. I just now rt click scanned awhelper.dll with my Microsoft Security Essentials, and nothing shows up in the Malwarebytes protection log. (By the way, both SuperAntispyware and MSE say this file is clean.)

From what I can tell, awhelper.dll doesn't seem to be actually doing anything. If it does actually do something, Malwarebytes will detect it and log it. I will continue to watch for activity.

I suspect whatever SuperAntispyware found in your System Restore is not related to awhelper.dll, as SAS so far isn't detecting awhelper.dll as malware.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.