adware deluxe communications

Discussion in 'ewido anti-spyware forum' started by JonPaulOnLine, Sep 25, 2006.

Thread Status:
Not open for further replies.
  1. JonPaulOnLine

    JonPaulOnLine Registered Member

    Joined:
    Aug 10, 2005
    Posts:
    96
    Location:
    Philadelphia PA USA
    I can't find info thru google on adware deluxe communications
    Any Thoughts?
     

    Attached Files:

  2. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    Is this a FP?

    Adware.DeluxCommunication I have never gone on any fishy sites. I don't know how i could of gotten this.
     
  3. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    i have this as well. I hope its a FP
     
  4. JonPaulOnLine

    JonPaulOnLine Registered Member

    Joined:
    Aug 10, 2005
    Posts:
    96
    Location:
    Philadelphia PA USA

    I also see in now on my other PC

    I bet its False but will wait for others to comment
     

    Attached Files:

  5. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    *hands you popcorn for the wait* i quarinined it is that bad?
     
  6. Oriour

    Oriour Registered Member

    Joined:
    Jul 2, 2006
    Posts:
    6
    Also have it detected on my PC. I'm thinking it's probably a FP.
     
  7. dfw

    dfw Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    42
    Same Here, I think it must a false one, (I hope)
     
  8. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    so i release it from quarintine?
     
  9. dfw

    dfw Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    42


    Also has not been found by adaware, spybot and NOD, think I keep in quarintine untill it's confirmed to be a FP
     
  10. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    ok so im not the only one that put it in quarintine
     
  11. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Last edited: Sep 25, 2006
  12. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    how the hell did it get on my computer? all i did was download something from download.com. Did i get it from that?
     
  13. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Seams that all the security programs we have installed still have bugs/lacks.
     
  14. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    so is this from downloading from download.com or is this a false positive?
     
  15. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    It seams it is a adware registry entry and so a positiv finding, but.....
    It's used for displaying popups on websides such as explanations for some terms, etc. So i think its not real a dangerous one.
     
    Last edited: Sep 25, 2006
  16. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    so how did we get it?
     
  17. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Since I can not see the whole CLSID in the first pic....if it is the below reg entry then it is a False positive against a valid Microsoft Url Search Hook reg entry.

    I would also suggest checking if you have the latest update which is 441,108 threats.

    Bubba
     
  18. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    well buba the first 9 numbers add up to what you said was the false positive
     
  19. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Well open up ewido and select the Reports section....select the scan that relates to this find and take a look at the remaining CLSID numbers to see it totally matches. The latest update of 441,108 threats does not flag that reg entry.

    Bubba
     
  20. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    NOOOOOOO it didn't save a report
     
  21. OldRebel

    OldRebel Registered Member

    Joined:
    Jan 25, 2006
    Posts:
    153
    Location:
    South Carolina USA
    I have that same 441,108 threats listed on Ewido, and it still finds that reg entry:

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 9:09:52 PM 9/25/2006

    + Scan result:



    HKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -> Adware.DeluxeCommunications : No action taken.


    ::Report end

    I'm pretty sure it's a false positive for a legit Microsoft URL Search hook. See screenshots.
     

    Attached Files:

  22. OldRebel

    OldRebel Registered Member

    Joined:
    Jan 25, 2006
    Posts:
    153
    Location:
    South Carolina USA
    Expanded reg key.
     

    Attached Files:

  23. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    That is odd because I got that update, scanned and nothing was found which is why I felt confident in making the statement. However....as you are showing the whole CLSID from your scan which matches the Microsoft URL Search hook....I agree with you that it's an FP.
     
  24. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    so release it from quarintine?
     
  25. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Just installed Ewido with 441.108 signatures. It finds also this key.o_O
    A-Squared does not Alert.
     
Thread Status:
Not open for further replies.