adware deluxe communications

Discussion in 'ewido anti-spyware forum' started by JonPaulOnLine, Sep 25, 2006.

Thread Status:
Not open for further replies.
  1. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,289
    Location:
    Pennsylvania.
    what should i do? its in my quarintine
     
  2. Carol30

    Carol30 Registered Member

    Joined:
    Dec 20, 2005
    Posts:
    55
    Location:
    USA
    Same result here. And same CLSID. Same 441,108 threats listed. I've put it into quarantine, for the time being, presuming it was a f/p. Any confirmation would be greatly appreciated. (Although, I was reading about it, in relation to Surf Sidekick at BC, I do view it, as an overwhelming coincidence. And only that! Simply a coincidence.)

    Carol

    About: Adware. Deluxe Communications
    http://www.bleepingcomputer.com/forums/topic66364.html
    http://www.bleepingcomputer.com/sec...eluxecommunicationssurf-sidekick-in-disguise/
     
    Last edited: Sep 26, 2006
  3. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,289
    Location:
    Pennsylvania.
    wait so its real?
     
  4. Carol30

    Carol30 Registered Member

    Joined:
    Dec 20, 2005
    Posts:
    55
    Location:
    USA
    cheater87..

    No, not saying it's real. As a matter fact, in fairness to BC, only because I mentioned it, I went back to the two links to confirm it was NOT from their site. It is not, as I alluded to in my post.

    I'm going to restore it and check to see if it matches the Microsoft URL Search hook. It's only my opinion, but I feel it is a f/p. I will not take action, until it is confirmed. Just how "I do things".

    Carol
     
  5. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,289
    Location:
    Pennsylvania.
    so should i leave it in quarintine?
     
  6. Carol30

    Carol30 Registered Member

    Joined:
    Dec 20, 2005
    Posts:
    55
    Location:
    USA
    cheater87..

    I'm going by what Bubba and OldRebel have said. I trust their opinions. If after restoring it, you find the reg entry:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InProcServer32]

    It would lead to it being a false positive. I did find the above, after restoration. That said, it's up to you. There's certainly no harm in waiting, if you're unsure.

    Carol
     
  7. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
  8. karl.ewido

    karl.ewido former ewido team

    Joined:
    Dec 9, 2005
    Posts:
    236
    Location:
    Germany
    Sorry for that. It will be fixed with the next update.

    We're sorry for the inconvenience.
     
  9. HelpFromFrance

    HelpFromFrance Registered Member

    Joined:
    Jul 6, 2005
    Posts:
    283
    Just ran ewido and had the same finding, then got the update and all is clear and OK now.

    Thanks,
    HelpFromFrance
     
  10. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,289
    Location:
    Pennsylvania.
    i took it out of quarintine was that ok?
     
  11. HelpFromFrance

    HelpFromFrance Registered Member

    Joined:
    Jul 6, 2005
    Posts:
    283
    Cheater87,

    If it is the same one that is mentioned above, yes, you are OK, it is a false positive. If you do the update and your count of signatures shows 441,674, then you run anohter scan it should not show up as Ewido corrected this in the last update.

    Hope that this helps,
    HelpFromFrance

    Edit: -- Since I wrote this there has been another update and the siganture count is 441,735.
     
  12. OldRebel

    OldRebel Registered Member

    Joined:
    Jan 25, 2006
    Posts:
    153
    Location:
    South Carolina USA
    I guess false positives are inevitable once in a while for all anti-malware programs. I submitted a support request by email last night and received the final reply that the error was fixed this morning when I first checked my email. Ewido support is wonderful in how fast they respond in these situations.
    Thanks, team Ewido!:thumb:
     
  13. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Updatet ewido. Scanned the registry, no more f/p. Thanks.
     
  14. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    Hi Karl,

    thanks !

    After updating ewido, everything is CLEAN again :D
     
  15. Carol30

    Carol30 Registered Member

    Joined:
    Dec 20, 2005
    Posts:
    55
    Location:
    USA
    All clear and another "Thank You"! A speedy response - as usual. :thumb::thumb:
     
  16. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,289
    Location:
    Pennsylvania.
    mine says 441,735 i just updated it
     
  17. JonPaulOnLine

    JonPaulOnLine Registered Member

    Joined:
    Aug 10, 2005
    Posts:
    96
    Location:
    Philadelphia PA USA
    Thank you all
    This is a great forum of interested parties
     
  18. hangman

    hangman Registered Member

    Joined:
    Mar 21, 2003
    Posts:
    11
    Location:
    South Florida/USA
    Well just FYI, I scanned My comp and ewido also found this.
    After I quarantined it I lost My search from address bar function (I have a reg hack to search with google from the address bar,I'm not sure if that had anything to do with the problem)
    After removing this from quarantine all is well...
    Did not try to reproduce the problem,I'll just leave well enough alone<g>

    till later...
    ...hangman
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.