Announcement

Collapse
No announcement yet.

Puzzled by certain detections

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Puzzled by certain detections

    IObit Malwate Fighter Pro ran a spontaneous scan on my system and presented these detections.

    OS: Windows XP
    Version: 2.5.0.8
    Database Version: 1393
    Time Elapsed: 02:02:39
    Objects Scanned: 88623
    Threats Found: 74
    Save Time: 11/19/2014 11:11:01 PM

    |Name|Type|Description|ID|
    jollywallet, FOLDER, C:\Program Files\JollyWallet, 305163
    SaveSense, FOLDER, C:\Documents and Settings\Owner\Application Data\SaveSense, 305207
    SaveSense, FOLDER, C:\Program Files\SaveSenseLive, 305210
    SaveSense, FOLDER, C:\Documents and Settings\Owner\Start Menu\Programs\SaveSense, 305211
    SaveSense, FILE, C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineCore.job, 1021269
    SaveSense, FILE, C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineUA.job, 1021270
    Trojan.Win32/BHO, REG, HKEY_CLASSES_ROOT\URLSearchHook.ToolbarURLSearchHook, 2001039
    Trojan.Win32/BHO, REG, HKEY_CLASSES_ROOT\URLSearchHook.ToolbarURLSearchHook.1, 2001039
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}, 2013028
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}, 2013029
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}, 2013030
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}, 2013032
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}, 2013033
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}, 2013034
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}, 2013035
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}, 2013036
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}, 2013037
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}, 2013038
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}, 2013039
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}, 2013041
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}, 2013042
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}, 2013043
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}, 2013044
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}, 2013045
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}, 2013046
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}, 2013047
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}, 2013048
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}, 2013049
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}, 2013050
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}, 2013051
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}, 2013052
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}, 2013053
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}, 2013054
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}, 2013055
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}, 2013056
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}, 2013057
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TYPELIB\{4509D3CC-B642-4745-B030-645B79522C6D}, 2013058
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TYPELIB\{B87F8B63-7274-43FD-87FA-09D3B7496148}, 2013060
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TYPELIB\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}, 2013062
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TYPELIB\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}, 2013064
    jollywallet, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\JollyWallet, 2015217
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{A2D3FB7A-6873-45E8-AF96-57092D721828}, 2015293
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\SaveSenseLive.exe, 2015294
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLive.OneClickCtrl.9, 2015295
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine, 2015296
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine.1.0, 2015297
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLive.Update3WebControl.3, 2015298
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync, 2015299
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync.1.0, 2015300
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClass, 2015301
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreClass.1, 2015302
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass, 2015303
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass.1, 2015304
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine, 2015305
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine.1.0, 2015306
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine, 2015307
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0, 2015308
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback, 2015309
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0, 2015310
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc, 2015311
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0, 2015312
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher, 2015313
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher.1.0, 2015314
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService, 2015315
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService.1.0, 2015316
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine, 2015317
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine.1.0, 2015318
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback, 2015319
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0, 2015320
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc, 2015321
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebSvc.1.0, 2015322
    SaveSense, REG, HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SAVESENSELIVE.EXE, 2015323
    SaveSense, REG, HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\savesenselive, 2015327
    SaveSense, REG, HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\savesenselivem, 2015328



    For some reason after I tried to save the report to my flash drive, the GUI got completely locked up, and I had no choice but to kill the process without acting on any of these detections.

    I intend to run the scan again, but I am not going to allow removal of most of these items. I chose to sign up with Jollywallet. Its extension or extensions are not malware. I chose to install SaveSense. I control it through the Firefox extensions menu. I have SaveSense disabled more than 95% of the time. I only enable it when I am shopping. I chose days ago to install the SPEEDbit toolbar. I will probably keep it disabled most of the time.

    I am not able to discern the identity of some of these detections, although I have to assume they are probably related to those three programs.

    As for these detections :

    Trojan.Win32/BHO, REG, HKEY_CLASSES_ROOT\URLSearchHook.ToolbarURLSearchHook, 2001039
    Trojan.Win32/BHO, REG, HKEY_CLASSES_ROOT\URLSearchHook.ToolbarURLSearchHook.1, 2001039

    I am unable to determine exactly what these registry keys relate to.

    As for the registry keys shown from :
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}, 2013028
    through
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TYPELIB\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}, 2013064
    I do not know what these keys relate to. Furthermore I don't even find them when I use the Registry Editor on my Windows XP. Is there some kind of third-party software that would enable me to see these registry entries and know what they are?

    Can anybody here identify these unknown keys for me?



    Computer: Dell System B3 Desktop
    CPU: Intel Pentium 4-2667 (Northwood, D1)
    2666 MHz (20.00x133.3) @ 2657 MHz (20.00x132.9)
    Motherboard: DELL 0G1548
    Chipset: Intel 845GEV (Brookdale-GEV) + ICH4
    Memory: 2048 MBytes @ 166 MHz, 2.5-3-3-7
    - 1024 MB PC3200 DDR-SDRAM - Kingston K
    Graphics: Intel 82845G/GL/GV Graphics Controller [DELL]
    Intel i845G(L) Integrated, 64 MB
    Drive: ST380011A, 78.1 GB, E-IDE (ATA-6)
    Drive: HGST HTS545050A7E380, 488.4 GB, Serial ATA 3Gb/s <-> USB
    Drive: SAMSUNG CD-R/RW SW-252S, CD-R Writer
    Sound: Creative Technology SB Live! Series Audio Processor
    Network: RealTek Semiconductor RTL8139 PCI Fast Ethernet NIC [A/B/C]
    Network: Broadcom 4401 10/100 Integrated Controller
    OS: Microsoft Windows XP Home Edition Build 2600 SP3



  • #2
    Hi conceptualclarity,

    We will remove Jollywallet and SaveSense in our database 1394. Please update it when it is available to see how it works.

    And the following registry keys are related to SocialSkinz

    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}, 2013028
    through
    Misleading.SocialSkinz, REG, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TYPELIB\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}, 2013064

    As for these detections are virus which should be removed.
    Trojan.Win32/BHO, REG, HKEY_CLASSES_ROOT\URLSearchHook.ToolbarURLSearchHook, 2001039
    Trojan.Win32/BHO, REG, HKEY_CLASSES_ROOT\URLSearchHook.ToolbarURLSearchHook.1, 2001039

    Cheers.

    IObit Support Team --
    If you're happy with our products, please tell your friends, families and colleagues about IObit and IObit products! We'd be very grateful!

    Comment

    Working...
    X