Jump to content

Possible FP on Orbit Downloader version 2.7.4


Recommended Posts

I have Orbit Downloader for some time now and only recently after my last weekly MBAM and weekly on-demand scan 9 suspect items are found. As far as I can tell they all relate to the Orbit Downloader.

I did another update (hoping that any possible FP had been corrected) followed by a scan and the items were still reported, see log below for details and MBAM version and database version...

Only 2 heuristic detections on the suspect orbitcth.dll file at virustotal, VT Results. I have also run a superantispyware scan and no detections found.

MBAM.exe /Developer log

Malwarebytes' Anti-Malware 1.28

Database version: 1255

Windows 5.1.2600 Service Pack 3

11/10/2008 19:05:22

mbam-log-2008-10-11 (19-05-16).txt

Scan type: Quick Scan

Objects scanned: 44492

Time elapsed: 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 8

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\orbitcth.octh (Trojan.BHO) -> No action taken. [4054423730538380756679153541481301921717171819206721142667211914212617171467207


HKEY_CLASSES_ROOT\TypeLib\{bcdde143-fae3-4c57-b22b-c4e8678cfdc0} (Trojan.BHO) -> No action taken. [4054423730538380756679153541481301921717171819206721142667211914212617171467207


HKEY_CLASSES_ROOT\Interface\{a26b97b2-a28d-4008-b034-fa1622e04c20} (Trojan.BHO) -> No action taken. [4054423730538380756679153541481301921717171819206721142667211914212617171467207


HKEY_CLASSES_ROOT\Interface\{ebcf70eb-898a-4346-9e15-4ec55ac15f8f} (Trojan.BHO) -> No action taken. [4054423730538380756679153541481301921717171819206721142667211914212617171467207


HKEY_CLASSES_ROOT\CLSID\{000123b4-9b42-4900-b3f7-f4b073efc214} (Trojan.BHO) -> No action taken. [4054423730538380756679153541481301921717171819206721142667211914212617171467207


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123b4-9b42-4900-b3f7-f4b073efc214} (Trojan.BHO) -> No action taken. [4054423730538380756679153541481301921717171819206721142667211914212617171467207


HKEY_CLASSES_ROOT\CLSID\{7854f00c-dc77-477e-a10e-603f48442d3b} (Trojan.BHO) -> No action taken. [4054423730538380756679153541481301921717171819206721142667211914212617171467207


HKEY_CLASSES_ROOT\orbitcth.octh.1 (Trojan.BHO) -> No action taken. [4054423730538380756679153541481301921717171819206721142667211914212617171467207


Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\Orbitdownloader\orbitcth.dll (Trojan.BHO) -> No action taken. [4054423730538380756679153541481301921717171819206721142667211914212617171467207


Link to post
Share on other sites

Looks like a potential GUID collision , I can get this fixed in the next update .


- I would have put this in the topic Title but couldn't see any way to do that.

I have downloaded the latest update and a scan doesn't pick this up.

Malwarebytes' Anti-Malware 1.28

Database version: 1258

Thanks for the very prompt correction to this FP, very efficient.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.