T
Tim Malouff
I noticed that Microsoft AntiSpyware (Beta 1) as do other anti-spyware
applications always report BonziBUDDY as being installed at a Elevated
Threat Level.
I know what BonziBUDDY is and does but do not have the application istalled,
I as well as every other XP user am getting this error becase Microsft Agent
is installed with Windows-XP and Windows-ME.
BonziBUDDY does however use Microsoft Agent Technology and is was all these
anti-spyware applications are
detecting Microsft Agent registry keys and reporting them as BonziBUDDY.
All the anti-spyware application must not have ever heard of Microsft Agent
including Microsft.
All the anti-spyware recomends and removes the following clsid tree
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\
Are any of these detected registry entries needed by Microsoft Agent to run
properly, and if so where are they being deleted?
Here are the registry entries that Microsoft AntiSpyware (Beta 1) detected
and quarantiened on my Machine.
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\VersionIndependentProgID
WebImage.WebImageCtl
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf} WebImageCtl
Object
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\InprocServer32
C:\Program Files\E-Book Systems\FlipAlbum 5 Pro\WImg.Ocx
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\InprocServer32
ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\MiscStatus\1
131473
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\MiscStatus 0
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\ProgID
WebImage.WebImageCtl.1
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\ToolboxBitmap32
C:\Program Files\E-Book Systems\FlipAlbum 5 Pro\WImg.Ocx, 1
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\TypeLib
{B92BB5C0-2E73-11CF-B6CF-00AA00A74DAF}
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\Version 1.0
Looking at these Keys I notice two of my programs showing up and none of
them are BonziBUDDY
mIRC available from http://www.mirc.com/ this does have a feature to use
Microsoft Agents http://www.mirc.co.uk/agents.html
FlipAlbum 5 Pro available from http://www.flipalbum.com/
The funny thing about Flip Album 5 Pro is that when it quarantiened it
removed WImg.Ocx and it looks like it was made by Microsoft.
Another funny thing about that file is the File Version it is listed as both
4.0.28.10 and 5.00.2810
I have attached the file for Reference.
Microsoft AntiSpyware (Beta 1) has also detected WhenU.SaveNow at a High
Treat Level and you can't Quarantine a High Risk.
Again it is targeting Microsoft Agent but more specifically the
Text-to-Speech Engine used by Microsft Agent and text readers.
Lernout & Hauspie TruVoice American English TTS Engine to be exact and it is
the most commonly installed and used.
It also detected the following registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8F2846E-CE36-11D0-AC83-00C04FD97575}
And the following Fille C:\WINDOWS\lhsp\tv\tvenuax.dll again I attached for
reference.
Why don't all these anti-spyware applications not be so lazy and find out
the files and registry keys the real spyware is using/added to a computer
and remove it and leave the legitimate software they are using behind.
applications always report BonziBUDDY as being installed at a Elevated
Threat Level.
I know what BonziBUDDY is and does but do not have the application istalled,
I as well as every other XP user am getting this error becase Microsft Agent
is installed with Windows-XP and Windows-ME.
BonziBUDDY does however use Microsoft Agent Technology and is was all these
anti-spyware applications are
detecting Microsft Agent registry keys and reporting them as BonziBUDDY.
All the anti-spyware application must not have ever heard of Microsft Agent
including Microsft.
All the anti-spyware recomends and removes the following clsid tree
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\
Are any of these detected registry entries needed by Microsoft Agent to run
properly, and if so where are they being deleted?
Here are the registry entries that Microsoft AntiSpyware (Beta 1) detected
and quarantiened on my Machine.
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\VersionIndependentProgID
WebImage.WebImageCtl
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf} WebImageCtl
Object
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\InprocServer32
C:\Program Files\E-Book Systems\FlipAlbum 5 Pro\WImg.Ocx
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\InprocServer32
ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\MiscStatus\1
131473
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\MiscStatus 0
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\ProgID
WebImage.WebImageCtl.1
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\ToolboxBitmap32
C:\Program Files\E-Book Systems\FlipAlbum 5 Pro\WImg.Ocx, 1
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\TypeLib
{B92BB5C0-2E73-11CF-B6CF-00AA00A74DAF}
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\Version 1.0
Looking at these Keys I notice two of my programs showing up and none of
them are BonziBUDDY
mIRC available from http://www.mirc.com/ this does have a feature to use
Microsoft Agents http://www.mirc.co.uk/agents.html
FlipAlbum 5 Pro available from http://www.flipalbum.com/
The funny thing about Flip Album 5 Pro is that when it quarantiened it
removed WImg.Ocx and it looks like it was made by Microsoft.
Another funny thing about that file is the File Version it is listed as both
4.0.28.10 and 5.00.2810
I have attached the file for Reference.
Microsoft AntiSpyware (Beta 1) has also detected WhenU.SaveNow at a High
Treat Level and you can't Quarantine a High Risk.
Again it is targeting Microsoft Agent but more specifically the
Text-to-Speech Engine used by Microsft Agent and text readers.
Lernout & Hauspie TruVoice American English TTS Engine to be exact and it is
the most commonly installed and used.
It also detected the following registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8F2846E-CE36-11D0-AC83-00C04FD97575}
And the following Fille C:\WINDOWS\lhsp\tv\tvenuax.dll again I attached for
reference.
Why don't all these anti-spyware applications not be so lazy and find out
the files and registry keys the real spyware is using/added to a computer
and remove it and leave the legitimate software they are using behind.