AdAware definitions Oct 12 - with FP?

[Chris Wood]

Hi,

I just download the October 12th definitions and it flags a registry entry
for Win32.Trojandownloader.Zlob.

Is this an FP?

Thanks

Chris

 

[Shoe]

Same thing here, 4 keys and 2 regvalue

 

[Guest]

Hello Chris and Shoe,

To be sure.

Zolob or Zlob is the carrier trojan for several unwanted programs.

First remove all temporarily junk with CCleaner
www.ccleaner.com

Then install and run Ewido
http://www.ewido.net/en/download/

Maybe it´s also necessary to run smitrem.exe as explained within these
pages:

http://wiki.castlecops.com/Malware_Removal:_SpyAxe_Removal

http://malwareremoval.com/plog/index.php?op=ViewArticle&articleId=85&blogId=3

 

[Bill Sanderson MVP]

According to Calamity Jane, these have been reported false postives:

http://www.lavasoftsupport.com/index.php?showtopic=4047

http://www.dslreports.com/forum/remark,17072850

Please wait for an update to fix them

 

[kes]

The original question was - are these False Positives?

I have run Ewido (now known as AVG Anti-Spyware) which does NOT pick
up any of the new alerts of Ad-aware.
My inclination is to treat these new alerts as *suspect* until further
info from Ad-Aware. (Ad-Aware slipped-up again, not too long ago.)

 

[Anonymous Bob]

Hi,

I just download the October 12th definitions and it flags a registry entry
for Win32.Trojandownloader.Zlob.

Is this an FP?

Thanks

Chris,

I have this "critical item" detected:
HKEY_CLASSES_ROOT\Interface\{FE387538-44A3-11D1-B5B7-0000C09000C4}

but siteadvisor identifies it thusly:
http://www.siteadvisor.com/sites/bluetack.co.uk/downloads/426137/
ADD
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C090
00C4}]
ADD @="Microsoft Flat Scrollbar Control 6.0 (SP6)"

FWIW you can also find the registry key listed here:
http://www.symantec.com/security_response/writeup.jsp?docid=2006-012014-1039-99&tabid=2
and here:
http://sarc.com/avcenter/venc/data/spyware.pctattletale.html

I suspect the scrollbar control is added by several malware programs but is
also used by many legit programs.

Bob Vanderveen

 

[Guest]

update def. available 12/10 part 2

after quick scan no problems , only the normal cookies , no zlob trojans
etc...

 

[Anonymous Bob]

New definitions are now available correcting the problem.

Bob Vanderveen

 

[Guest]

Tested with Old Defs at 10:15am Chicago Time:
Nothing but cookies found.

Tested with New Defs at 10:45am Chicago Time:
Nothing but cookies found.

Nothing detected on my machine here at work.
Of course if you machine has stuff that mine does not have, which is likely,
it could stll be a false alarm for you. At least if it is a false alarm, it
is not as wide spread/common as the last one.

?
Tim
Geek w/o Portfolio

 

[Guest]

Bob,
What is the "build" of the corrected update.

I have the following:

Definitions File Loaded:
Reference Number : SE1R126 12.10.2006
Internal build : 156

and it will not update.

?:-\
Tim

 

[Anonymous Bob]

Bob,
What is the "build" of the corrected update.

I have the following:

Definitions File Loaded:
Reference Number : SE1R126 12.10.2006
Internal build : 156

and it will not update.

That's the latest and you have no need to update.

Bob Vanderveen

 

[Guest]

Never Mind,

Apparently I had already downloaded the "fixed" version for today.

Tim
?:-\