Jump to content

Rogue.SpywareGuard


MarkAW
 Share

Recommended Posts

I just updated mbam and ran a quick scan and for some reason mbam now detects SpywareGuard as a rogue. I've used this program for years and have never had any security program i use detect it as a rogue or anything else for that matter.

Malwarebytes' Anti-Malware 1.28

Database version: 1250

Windows 5.1.2600 Service Pack 3

10/10/2008 11:43:19 AM

mbam-log-2008-10-10 (11-43-15).txt

Scan type: Quick Scan

Objects scanned: 48322

Time elapsed: 10 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 6

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 19

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\Program Files\SpywareGuard\spywareguard.dll (Rogue.SpywareGuard) -> No action taken. [3742513051807286701552819088668370408666836913013627614983807283667801397477708

4615281908866837011408666836911]

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (Trojan.HumourCanine) -> No action taken. [4054423730538380756679154186788086833666797479701301922068212418262125147125242

1142126712214672020251421711918216619707017671894]

HKEY_CLASSES_ROOT\TypeLib\{110778dc-10ce-46f6-8e71-f28d795dfd09} (Rogue.SpywareGuard) -> No action taken. [3742513051807286701552819088668370408666836913013627614983807283667801397477708

4615281908866837011408666836911]

HKEY_CLASSES_ROOT\Interface\{b106ad40-5e14-43e1-8b05-be45917c2e38} (Rogue.SpywareGuard) -> No action taken. [3742513051807286701552819088668370408666836913013627614983807283667801397477708

4615281908866837011408666836911]

HKEY_CLASSES_ROOT\CLSID\{4a368e80-174f-4872-96b5-0b27ddd11db2} (Rogue.SpywareGuard) -> No action taken. [3742513051807286701552819088668370408666836913013627614983807283667801397477708

4615281908866837011408666836911]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4a368e80-174f-4872-96b5-0b27ddd11db2} (Rogue.SpywareGuard) -> No action taken. [3742513051807286701552819088668370408666836913013627614983807283667801397477708

4615281908866837011408666836911]

HKEY_CLASSES_ROOT\CLSID\{81559c35-8464-49f7-bb0e-07a383bef910} (Rogue.SpywareGuard) -> No action taken. [3742513051807286701552819088668370408666836913013627614983807283667801397477708

4615281908866837011408666836911]

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{81559c35-8464-49f7-bb0e-07a383bef910} (Rogue.SpywareGuard) -> No action taken. [3742513051807286701552819088668370408666836913013627614983807283667801397477708

4615281908866837011408666836911]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{81559c35-8464-49f7-bb0e-07a383bef910} (Rogue.SpywareGuard) -> No action taken. [3742513051807286701552819088668370408666836913013627614983807283667801397477708

4615281908866837011408666836911]

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\SpywareGuard (Rogue.SpywareGuard) -> No action taken. [3742513051807286701552819088668370408666836913013627614983807283667801397477708

4615281908866837011408666836911]

Files Infected:

C:\Program Files\Conduit\Community Alerts\Alert.dll (Trojan.HumourCanine) -> No action taken. [4054423730538380756679154186788086833666797479701301922068212418262125147125242

1142126712214672020251421711918216619707017671894]

C:\Program Files\SpywareGuard\config.ini (Rogue.SpywareGuard) -> No action taken. [3742513051807286701552819088668370408666836913013627614983807283667801397477708

4615281908866837011408666836911]

C:\Program Files\SpywareGuard\def1.dtb (Rogue.SpywareGuard) -> No action taken. [3742513051807286701552819088668370408666836913013627614983807283667801397477708

4615281908866837011408666836911]

C:\Program Files\SpywareGuard\def2.dtb (Rogue.SpywareGuard) -> No action taken. [3742513051807286701552819088668370408666836913013627614983807283667801397477708

4615281908866837011408666836911]

C:\Program Files\SpywareGuard\dlbdata1.dtb (Rogue.SpywareGuard) -> No action taken. [3742513051807286701552819088668370408666836913013627614983807283667801397477708

4615281908866837011408666836911]

C:\Program Files\SpywareGuard\dlbdata1backup.dtb (Rogue.SpywareGuard) -> No action taken. [3742513051807286701552819088668370408666836913013627614983807283667801397477708

4615281908866837011408666836911]

C:\Program Files\SpywareGuard\dlbdata2.dtb (Rogue.SpywareGuard) -> No action taken. [3742513051807286701552819088668370408666836913013627614983807283667801397477708

4615281908866837011408666836911]

C:\Program Files\SpywareGuard\dlbdata2backup.dtb (Rogue.SpywareGuard) -> No action taken. [3742513051807286701552819088668370408666836913013627614983807283667801397477708

4615281908866837011408666836911]

C:\Program Files\SpywareGuard\dlprotect.dll (Rogue.SpywareGuard) -> No action taken. [3742513051807286701552819088668370408666836913013627614983807283667801397477708

4615281908866837011408666836911]

C:\Program Files\SpywareGuard\license.txt (Rogue.SpywareGuard) -> No action taken. [3742513051807286701552819088668370408666836913013627614983807283667801397477708

4615281908866837011408666836911]

C:\Program Files\SpywareGuard\readme.txt (Rogue.SpywareGuard) -> No action taken. [3742513051807286701552819088668370408666836913013627614983807283667801397477708

4615281908866837011408666836911]

C:\Program Files\SpywareGuard\sgbhp.exe (Rogue.SpywareGuard) -> No action taken. [3742513051807286701552819088668370408666836913013627614983807283667801397477708

4615281908866837011408666836911]

C:\Program Files\SpywareGuard\sghelp.chm (Rogue.SpywareGuard) -> No action taken. [3742513051807286701552819088668370408666836913013627614983807283667801397477708

4615281908866837011408666836911]

C:\Program Files\SpywareGuard\sgliveupdate.exe (Rogue.SpywareGuard) -> No action taken. [3742513051807286701552819088668370408666836913013627614983807283667801397477708

4615281908866837011408666836911]

C:\Program Files\SpywareGuard\sgmain.exe (Rogue.SpywareGuard) -> No action taken. [3742513051807286701552819088668370408666836913013627614983807283667801397477708

4615281908866837011408666836911]

C:\Program Files\SpywareGuard\spywareguard.dll (Rogue.SpywareGuard) -> No action taken. [3742513051807286701552819088668370408666836913013627614983807283667801397477708

4615281908866837011408666836911]

C:\Program Files\SpywareGuard\spywareguardversion.txt (Rogue.SpywareGuard) -> No action taken. [3742513051807286701552819088668370408666836913013627614983807283667801397477708

4615281908866837011408666836911]

C:\Program Files\SpywareGuard\unins000.dat (Rogue.SpywareGuard) -> No action taken. [3742513051807286701552819088668370408666836913013627614983807283667801397477708

4615281908866837011408666836911]

C:\Program Files\SpywareGuard\unins000.exe (Rogue.SpywareGuard) -> No action taken. [3742513051807286701552819088668370408666836913013627614983807283667801397477708

4615281908866837011408666836911]

Link to post
Share on other sites

Did you intentionally install the Conduit toolbar?

I will check into the problem.

http://www.bleepingcomputer.com/malware-re...ware-guard-2008

This is what I researched, and it's certainly not legitimate. I'm not sure why we are detecting your version.. Perhaps a hueristic catch. Please upload the installer you used uploads.malwarebytes.org so that I can get this cleared up.

Link to post
Share on other sites

Did you intentionally install the Conduit toolbar?

I will check into the problem.

No i did not, but i am not to worried about that right now my main concern is why mbam is detecting SpywareGuard as a rogue.

Even still Virus Total says that Conduit toolbar is clean. But if you like you can check it yourself.

Link to post
Share on other sites

Hi Mark.

I have confirmed it's a glitch, It will be fixed in the next version.

Sorry for any inconvenience this may have caused you.

No inconvenience at all just glad it was a fp and not something more serious.

Great work as always guys. :blink:

Link to post
Share on other sites

Update should be up in the next 20-25 minutes. :blink: Please let us know if it continues to detect it.

Will do and again thank you. ;)

All is well again.

Malwarebytes' Anti-Malware 1.28

Database version: 1251

Windows 5.1.2600 Service Pack 3

10/10/2008 12:45:09 PM

mbam-log-2008-10-10 (12-45-09).txt

Scan type: Quick Scan

Objects scanned: 48547

Time elapsed: 10 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (Trojan.HumourCanine) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\Conduit\Community Alerts\Alert.dll (Trojan.HumourCanine) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.