Jump to content

Adware.WebHancer

Blue452

By Blue452
in File Detections

 Share

Recommended Posts

budro

budro

Posted
Posted
Can anyone attach a copy of the file "C:\WINDOWS\Web\Wallpaper\welcome\AWhelper.dll", so we can review this again?

Thanks

We will remove detection temporary and re-add again if needed (after review).

I tried and your system says I am "not allowed to upload this type of file".

I am trying again on this post.

Link to post
Share on other sites
  • Replies 50
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

  • Staff
miekiemoes

miekiemoes

Posted
  • Staff
Posted

Ok thanks. Detection has been removed in a meanwhile. It will be re-added if needed (if it's a "critical" adware component). If harmless, then no need to re-add detection.

In either way, if you already deleted it, there's nothing to worry about as this wont break anything. After all, some other scanners have been detecting this files for months.

Link to post
Share on other sites
budro

budro

Posted
Posted

Oh, in case this means anything, I have run MB full scan a couple time since reporting here and AWhelper.dll is still detected as MW but, those registry entries it caught then (listed in my previous post) have not been reported since. ???

Link to post
Share on other sites
  • Staff
miekiemoes

miekiemoes

Posted
  • Staff
Posted

Can you post a developers scan log please?

1. Click the Start Menu.

2. Click Run.

3. Type in "mbam.exe /developer", without the quotes.

4. Run the same type of scan you did before and save the logfile and post it.

Never mind, it should be fixed in next update. It wasn't in this one yet. :)

Link to post
Share on other sites
budro

budro

Posted
Posted

No change:

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3947

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

4/2/2010 12:25:01 PM

mbam-log-2010-04-02 (12-25-01).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 187325

Time elapsed: 30 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP444\A0092157.dll (AdWare.WebHancer) -> No action taken.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP445\A0093043.dll (AdWare.WebHancer) -> No action taken.

C:\WINDOWS\Web\Wallpaper\welcome\AWhelper.dll (AdWare.WebHancer) -> No action taken.

Link to post
Share on other sites
budro

budro

Posted
Posted

I don't mean to beat this horse to death but, I have a couple dozen System Restore points going back to Feb. and yet MB is only picking up, what I presume to be the offending AWhelper.dll file, in two of them. Is MB basing it's finding on attributes instead of file content? Sorry, just a curious thought here.

p.s. Was DB ver. 3947 suppose to fix the false positive?

Link to post
Share on other sites
Blue452

Blue452

Posted
  • Author
Posted
To those of you who have quarantined the related registry entries, can I clarify this: You have rebooted your systems since and your computers are fine? Is that correct?

In answer to Amethyst's post #25, I currently have these items in quarantine as shown below and upon reboot/shutdown, my computer is fine. We always turn off the computer when not in use and so far, no problems.

Registry Keys Infected:

HKEY_CLASSES_ROOT\TypeLib\{661e32fd-a5f0-49bc-96cc-d872fe10a7dc} (AdWare.WebHancer) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3296405e-e08f-4442-801e-3dcd2c6aa82c} (AdWare.WebHancer) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{bf0118d4-63ff-4138-9327-f3028fb1a578} (AdWare.WebHancer) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\Web\Wallpaper\welcome\AWhelper.dll (AdWare.WebHancer) -> Quarantined and deleted successfully.

HP Computer

XP, SP3

IE8

Link to post
Share on other sites
budro

budro

Posted
Posted

I sure hope my posts made sense and I haven't offended anyone. I don't want to be a pain but, A question w/o an answer makes me lose sleep. lol Anyway here goes again; Can one rely on the dates Windows Explorer displays? I just want to know if a file can be modified or one added on the Windows file system without the dates reflecting that operation? I know it sounds like a MS question but, I have asked before on other forums and have not received a definitive answer.

Thanks for allowing me to post here.

Also, I ran MB scan this a.m. with DB 3949 and all's quiet on the southeastern front.

Link to post
Share on other sites
Blue452

Blue452

Posted
  • Author
Posted

My question: Since the latest database is currently no longer flagging these files and I have these files in quarantine, would you recommend that I restore them or just leave them in quarantine for now? I'm not sure what to do.

Thank you.

Registry Keys Infected:

HKEY_CLASSES_ROOT\TypeLib\{661e32fd-a5f0-49bc-96cc-d872fe10a7dc} (AdWare.WebHancer) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3296405e-e08f-4442-801e-3dcd2c6aa82c} (AdWare.WebHancer) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{bf0118d4-63ff-4138-9327-f3028fb1a578} (AdWare.WebHancer) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\Web\Wallpaper\welcome\AWhelper.dll (AdWare.WebHancer) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.