I can't find info thru google on adware deluxe communications
Any Thoughts?

Adware.DeluxCommunication I have never gone on any fishy sites. I don't know how i could of gotten this.

i have this as well. I hope its a FP

-{ Quote: "i have this as well. I hope its a FP" }-


I also see in now on my other PC

I bet its False but will wait for others to comment

*hands you popcorn for the wait* i quarinined it is that bad?

Also have it detected on my PC. I'm thinking it's probably a FP.

Same Here, I think it must a false one, (I hope)

so i release it from quarintine?

-{ Quote: "Same Here, I think it must a false one, (I hope)" }-



Also has not been found by adaware, spybot and NOD, think I keep in quarintine untill it's confirmed to be a FP

ok so im not the only one that put it in quarintine

Some infos about that adware:
http://www.tenebril.com/src/info.php?id=4832051&hp=tc

how the hell did it get on my computer? all i did was download something from download.com. Did i get it from that?

Seams that all the security programs we have installed still have bugs/lacks.

so is this from downloading from download.com or is this a false positive?

-{ Quote: "so is this from downloading from download.com or is this a false positive?" }-
It seams it is a adware registry entry and so a positiv finding, but.....
-{ Quote: "Research
Method of infection: This product can be downloaded from its website, or installed through exploits and other downloaders.
Advertising: Deluxe Communications will deliver pop-up ads to your computer as well as place icons for "various products, services and web sites."
Privacy issues: Deluxe Communications will collect "certain anonymous information about you, your computer and your Internet surfing habits."
Privacy policy: Available here: http://dxcdirect.com/eula.htm" }-

It's used for displaying popups on websides such as explanations for some terms, etc. So i think its not real a dangerous one.

so how did we get it?

-{ Quote: "how the hell did it get on my computer?" }-Since I can not see the whole CLSID in the first pic....if it is the below reg entry then it is a False positive against a valid Microsoft Url Search Hook reg entry.

-{ Quote: "[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InProcServer32]
@="D:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"" }-I would also suggest checking if you have the latest update which is 441,108 threats.

Bubba

well buba the first 9 numbers add up to what you said was the false positive

-{ Quote: "well buba the first 9 numbers add up to what you said was the false positive" }-Well open up ewido and select the Reports section....select the scan that relates to this find and take a look at the remaining CLSID numbers to see it totally matches. The latest update of 441,108 threats does not flag that reg entry.

Bubba

NOOOOOOO it didn't save a report

-{ Quote: "Well open up ewido and select the Reports section....select the scan that relates to this find and take a look at the remaining CLSID numbers to see it totally matches. The latest update of 441,108 threats does not flag that reg entry.

Bubba" }-
I have that same 441,108 threats listed on Ewido, and it still finds that reg entry:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:09:52 PM 9/25/2006

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -> Adware.DeluxeCommunications : No action taken.


::Report end

I'm pretty sure it's a false positive for a legit Microsoft URL Search hook. See screenshots.

Expanded reg key.

-{ Quote: "I have that same 441,108 threats listed on Ewido, and it still finds that reg entry:" }-That is odd because I got that update, scanned and nothing was found which is why I felt confident in making the statement. However....as you are showing the whole CLSID from your scan which matches the Microsoft URL Search hook....I agree with you that it's an FP.

so release it from quarintine?

-{ Quote: "That is odd because I got that update, scanned and nothing was found which is why I felt confident in making the statement. However....as you are showing the whole CLSID from your scan which matches the Microsoft URL Search hook....I agree with you that it's an FP." }-
Just installed Ewido with 441.108 signatures. It finds also this key.:wacko:
-{ Quote: "HKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -> Adware.DeluxeCommunications : Ignored." }-
A-Squared does not Alert.

what should i do? its in my quarintine

Same result here. And same CLSID. Same 441,108 threats listed. I've put it into quarantine, for the time being, presuming it was a f/p. Any confirmation would be greatly appreciated. (Although, I was reading about it, in relation to Surf Sidekick at BC, I do view it, as an overwhelming coincidence. And only that! Simply a coincidence.)

Carol

About: Adware. Deluxe Communications
http://www.bleepingcomputer.com/forums/topic66364.html
http://www.bleepingcomputer.com/securityblog/2006/09/24/deluxecommunicationssurf-sidekick-in-disguise/

wait so its real?

cheater87..

No, not saying it's real. As a matter fact, in fairness to BC, only because I mentioned it, I went back to the two links to confirm it was NOT from their site. It is not, as I alluded to in my post.

I'm going to restore it and check to see if it matches the Microsoft URL Search hook. It's only my opinion, but I feel it is a f/p. I will not take action, until it is confirmed. Just how "I do things".

Carol

so should i leave it in quarintine?

cheater87..

I'm going by what Bubba and OldRebel have said. I trust their opinions. If after restoring it, you find the reg entry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InProcServer32]

It would lead to it being a false positive. I did find the above, after restoration. That said, it's up to you. There's certainly no harm in waiting, if you're unsure.

Carol

I found the same entry after the latest ewido update. I just ran HJT and the entries mentioned at Bleepingcomputer:

http://www.bleepingcomputer.com/forums/topic66364.html

do NOT exist. My bet is, it is a False Positive.

Sorry for that. It will be fixed with the next update.

We're sorry for the inconvenience.

-{ Quote: "Sorry for that. It will be fixed with the next update.

We're sorry for the inconvenience." }-

Just ran ewido and had the same finding, then got the update and all is clear and OK now.

Thanks,
HelpFromFrance

i took it out of quarintine was that ok?

-{ Quote: "i took it out of quarintine was that ok?" }-

Cheater87,

If it is the same one that is mentioned above, yes, you are OK, it is a false positive. If you do the update and your count of signatures shows 441,674, then you run anohter scan it should not show up as Ewido corrected this in the last update.

Hope that this helps,
HelpFromFrance

Edit: -- Since I wrote this there has been another update and the siganture count is 441,735.

I guess false positives are inevitable once in a while for all anti-malware programs. I submitted a support request by email last night and received the final reply that the error was fixed this morning when I first checked my email. Ewido support is wonderful in how fast they respond in these situations.
Thanks, team Ewido!:thumb:

Updatet ewido. Scanned the registry, no more f/p. Thanks.

Hi Karl,

thanks !

After updating ewido, everything is CLEAN again :D

All clear and another "Thank You"! A speedy response - as usual. :thumb::thumb:

mine says 441,735 i just updated it

Thank you all
This is a great forum of interested parties

Well just FYI, I scanned My comp and ewido also found this.
After I quarantined it I lost My search from address bar function (I have a reg hack to search with google from the address bar,I'm not sure if that had anything to do with the problem)
After removing this from quarantine all is well...
Did not try to reproduce the problem,I'll just leave well enough alone<g>

till later...
...hangman