Jump to content

database 1351 detects Adobe Reader helper registry keys as adware

ky331

By ky331
in File Detections

 Share

Recommended Posts

ky331

ky331

Posted
Posted

Malwarebytes' Anti-Malware 1.30

Database version: 1351

Windows 5.1.2600 Service Pack 3

11/1/2008 11:31:37 AM

Scan type: Quick Scan

Registry Keys Infected: 4

Registry Keys Infected:

HKEY_CLASSES_ROOT\acroiehelper.acroiehlprobj (Adware.Cinmus) -> No action taken.

HKEY_CLASSES_ROOT\acroiehelper.acroiehlprobj.1 (Adware.Cinmus) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{06849e9f-c8d7-4d59-b87d-784b7d6be0b3} (Adware.Cinmus) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{06849e9f-c8d7-4d59-b87d-784b7d6be0b3} (Adware.Cinmus) -> No action taken.

==================================

for the CLSID, see http://www.castlecops.com/tk82-AcroIEhelpe...helper_dll.html

Link to post
Share on other sites
Rorschach112

Rorschach112

Posted
Posted

Same here, here is the developer log and the file in question

Malwarebytes' Anti-Malware 1.30

Database version: 1351

Windows 5.1.2600 Service Pack 2

11/01/2008 15:44:43

mbam-log-2008-11-01 (15-44-38).txt

Scan type: Quick Scan

Objects scanned: 68811

Time elapsed: 18 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 7

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\acroiehelper.acroiehlprobj (Adware.Cinmus) -> No action taken. [4054423730346988668370153674797886841301921723252126702671146825692414216922261

4672524691424252167246923677017672094]

HKEY_CLASSES_ROOT\TypeLib\{5f226421-415d-408d-9a09-0dcd94e25b48} (Adware.Cinmus) -> No action taken. [4054423730346988668370153674797886841301921723252126702671146825692414216922261

4672524691424252167246923677017672094]

HKEY_CLASSES_ROOT\Interface\{34a715a0-6587-11d0-924a-0020afc7ac4d} (Adware.Cinmus) -> No action taken. [4054423730346988668370153674797886841301921723252126702671146825692414216922261

4672524691424252167246923677017672094]

HKEY_CLASSES_ROOT\Interface\{6e67bcc1-d776-44bb-9dc8-c09f542c3cb6} (Adware.Cinmus) -> No action taken. [4054423730346988668370153674797886841301921723252126702671146825692414216922261

4672524691424252167246923677017672094]

HKEY_CLASSES_ROOT\CLSID\{06849e9f-c8d7-4d59-b87d-784b7d6be0b3} (Adware.Cinmus) -> No action taken. [4054423730346988668370153674797886841301921723252126702671146825692414216922261

4672524691424252167246923677017672094]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{06849e9f-c8d7-4d59-b87d-784b7d6be0b3} (Adware.Cinmus) -> No action taken. [4054423730346988668370153674797886841301921723252126702671146825692414216922261

4672524691424252167246923677017672094]

HKEY_CLASSES_ROOT\acroiehelper.acroiehlprobj.1 (Adware.Cinmus) -> No action taken. [4054423730346988668370153674797886841301921723252126702671146825692414216922261

4672524691424252167246923677017672094]

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adware.Cinmus) -> No action taken. [4054423730346988668370153674797886841301921723252126702671146825692414216922261

4672524691424252167246923677017672094]

AcroIEHelper.zip

AcroIEHelper.zip

Link to post
Share on other sites
sherryxp2000

sherryxp2000

Posted
Posted

I can't get rid of there 3 items either using Vista

Vista blocks the Mbam startup routine.

HKEY_CLASSES_ROOT\acroiehelper.acroiehlprobj (Adware.Cinmus) -> Delete on reboot.

HKEY_CLASSES_ROOT\acroiehelper.acroiehlprobj.1 (Adware.Cinmus) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{06849e9f-c8d7-4d59-b87d-784b7d6be0b3} (Adware.Cinmus) -> Delete on reboot.

Link to post
Share on other sites
nosirrah

nosirrah

Posted
Posted
Thanks, it sure is fixed now, WOW that was fast!

What about the other items it found, it was like 7 or 8. Those other items were delelted or removed before the fix

Only the 3 mentioned were not removed.

So are we now missing something from Adobe, or will thinks be ok?

MBAM has very good component link detection and all it took was a single hit on a single component for all of that to be detected so it was easy to fix .

Link to post
Share on other sites
Kay

Kay

Posted
Posted

Hi,

I got an error msg "Error Code 725 (5,0) when I tried to restore the FP for the following entry:

C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adware.Cinmus)

The 6 registry keys were restored. What do I do about the file?

Kay

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.