Jkc73 Posted December 29, 2010 ID:367241 Share Posted December 29, 2010 Please shine some light on what Mbam has found here, thanks!Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 5417Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870212/30/2010 3:33:40 AMmbam-log-2010-12-30 (03-33-07).txtScan type: Quick scanObjects scanned: 154850Time elapsed: 53 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 2Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> No action taken. [a1886da814ecd0302815f7181ce4649c]HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken. [0326d83dea1652ae7c6cb4dd2fd37987]Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> No action taken. [a1886da814ecd0302815f7181ce4649c]Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> No action taken. [a1886da814ecd0302815f7181ce4649c]mbam_log_2010_12_30__03_33_07_.zip Link to post Share on other sites More sharing options...
Staff miekiemoes Posted December 29, 2010 Staff ID:367249 Share Posted December 29, 2010 Hi Jason,This is no False Positive, but related with Dealio/Spigot, which is not recommended. We detect as PUP here (Potentially Unwanted Programs) Link to post Share on other sites More sharing options...
Jkc73 Posted December 29, 2010 Author ID:367255 Share Posted December 29, 2010 Hi Jason,This is no False Positive, but related with Dealio/Spigot, which is not recommended.Thanks Mieke for your fast reply Link to post Share on other sites More sharing options...
Jkc73 Posted December 29, 2010 Author ID:367265 Share Posted December 29, 2010 Hi Jkc73,We detect as PUP here (Potentially Unwanted Programs) Link to post Share on other sites More sharing options...
Yosika Posted December 30, 2010 ID:367672 Share Posted December 30, 2010 Hmm I found one aswell!It is really harmfull to you pc? (keylogger or something?) Link to post Share on other sites More sharing options...
Staff miekiemoes Posted December 30, 2010 Staff ID:367693 Share Posted December 30, 2010 It's not really harmfull, just not recommended. Link to post Share on other sites More sharing options...
Yosika Posted December 30, 2010 ID:367694 Share Posted December 30, 2010 It's not really harmfull, just not recommended.MBAM removed it already, do I need to do another extra cleanup or something, or is it completely removed? Link to post Share on other sites More sharing options...
Staff miekiemoes Posted December 30, 2010 Staff ID:367698 Share Posted December 30, 2010 No need for extra cleanup, it should be gone now Link to post Share on other sites More sharing options...
Yosika Posted December 30, 2010 ID:367699 Share Posted December 30, 2010 No need for extra cleanup, it should be gone now Ok thanks!First time I actually posted in the 2 years I have MBAM. Great community Link to post Share on other sites More sharing options...
lmacri Posted December 31, 2010 ID:367913 Share Posted December 31, 2010 I received the same notification for PUP.Dealio today after a quick scan with MBAM v. 1.50.1.1100 - database version 5422 (see attached log).I'm assuming this registry key for the CLSID E312764E-7706-43F1-8DAB-FCDD2B1E416D is associated with the Dealio Toolbar. Did Malwarebytes just add this fingerprint to the database recently? I am curious since I do not recall installing any software that warned me that the Dealio Toolbar was included in the installation.I checked the add-ons in my IE 8 browser (Tools | Manage Add-ons | Toolbars and Extensions | Show All Add-ons) and I don't see any evidence that I've ever installed the Dealio toolbar on my PC. I found some information on the Dealio website (http://www.dealio.com/help/uninstall-dealio-toolbar.html) that the Dealio Toobar also installs a program called Search Settings (searchsettings.exe) but I checked Programs and Features in my Windows Control panel and can't see Search Settings in my list of installed programs.I googled "Dealio Toolbar" and there are lots of people who have reported serious problems after installing this software, so kudos to Malwarebytes for adding the fingerprint to their malware database. I have Norton Internet Security 2011 on my PC and ran a full scan of my PC before I quarantined PUP.Dealio with MBAM, and NIS 2011 doesn't detect it as a threat.________MS Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.1.0.37 * MBAM v. 1.50.1.1100HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400 GSmbam_log_2010_12_30__20_27_12_.txt Link to post Share on other sites More sharing options...
Staff miekiemoes Posted December 31, 2010 Staff ID:367939 Share Posted December 31, 2010 Did Malwarebytes just add this fingerprint to the database recently?Yes, this was added recently as PUP, which explains why you suddenly got this detection Link to post Share on other sites More sharing options...
DavidR Posted January 4, 2011 ID:369773 Share Posted January 4, 2011 Yes, this was added recently as PUP, which explains why you suddenly got this detection My problem with this detection is that there are absolutely zero other Dealio associated elements, files, toolbars, registry keys, etc. etc. only this single registry key:Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio)I searched on the CLSID looking for other associated stuff and on Deelio, but there is nothing on my system. I hate toolbars with a vengeance, so there is absolutely no way I would go installing one. Not to mention I don't use IE as my default browser but firefox 3.6.13 with NoScript, RequestPolicy, AdBlock Plus add-ons and avast with its web and network shields enabled. I haven't had any malware infection in over 7 years, so I rather doubt I got hit with a driveby installation.So I'm at a loss as to how this can get there without a single other piece of associated Dealio c**pware on my system.Personally I feel this is some sort of FP on the CLSID if there are no other indications of Dealio ? Link to post Share on other sites More sharing options...
Staff miekiemoes Posted January 4, 2011 Staff ID:369776 Share Posted January 4, 2011 Hi,This is no FP though. Maybe you have installed pdfforge in the past or any other app that bundles dealio. Link to post Share on other sites More sharing options...
DavidR Posted January 4, 2011 ID:369858 Share Posted January 4, 2011 Hi,This is no FP though. Maybe you have installed pdfforge in the past or any other app that bundles dealio.No, no pdfforge and I'm very hot on any bundled apps, notoriously ASK toolbars, etc. I have an absolute aversion to toolbars/ bundles software and am like a hawk in the various installs.As I said before there are zero other indications of Dealio only this registry key. I also use SAS and no indications on that either. So I'm at a loss as to how only the registry key would be there if this truly were Dealio. Link to post Share on other sites More sharing options...
Staff miekiemoes Posted January 5, 2011 Staff ID:370008 Share Posted January 5, 2011 The Vendio searchsettings also bundles these: http://www.systemlookup.com/search.php?typ...RCHSETTINGS.DLLAs I said, many apps are bundled with Dealio. It could be that this leftover was already present there for a long time on your pc.I also use SAS and no indications on that either.SuperAntispyware normally detects this one as well though, because I found a report where it does: http://www.computerhope.com/forum/index.php?topic=73598.0 Link to post Share on other sites More sharing options...
DavidR Posted January 5, 2011 ID:370123 Share Posted January 5, 2011 Same thing really, I don't have any search settings, freebies as I know that they aren't set to help me but the makers of the toolbar/settings, etc. so I do avoid them like the plague.I have absolutely no explanation given my caution and proactive measures I take, how it would get on my system. Even with this item out of the MBAM Quarantine SAS doesn't detect this (scan just run). I have had SAS Pro (resident) for over three years before I tried MBAM which is on-demand only to avoid conflict of two resident anti-spy/malware applications running.The topic you found from 2009 was within the time that I have had SAS and no detections, so perhaps that Unclassified.Unknown Origin detection was removed as I certainly didn't have the alert in my weekly .So colour me confused. Link to post Share on other sites More sharing options...
coyodel Posted January 7, 2011 ID:370909 Share Posted January 7, 2011 Maybe you have installed pdfforge in the past or any other app that bundles dealio.Mieke,Have you guys confirmed that Dealio is covertly bundled with PDFCreator (pdfforge)?Thanks! Link to post Share on other sites More sharing options...
Staff miekiemoes Posted January 7, 2011 Staff ID:370911 Share Posted January 7, 2011 Yes, the pdfforge toolbar is still installed, which is dealio related.Also see here: http://de.pdfforge.org/forum/open-discussi...are-and-spywareThats why we detect as Potentially Unwanted Program (PUP). We only detect the toolbar though, not the other PDFCreator components, as they are fine to have. Link to post Share on other sites More sharing options...
gardnerman Posted March 11, 2011 ID:398892 Share Posted March 11, 2011 Hello everyoneI just joined as I have this as well (pup.dealio that is), I first got the results a few weeks ago and removed all with malawarebytes.I scanned again today and it's all back, I've once again had malawarebytes remove but I assume it'll be back.Is there a way to permanently remove, you mention PDF creator software and I only have Adobe reader, is it possible it comes in with updates to that.Richard Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now