Smiley central detection

Discussion in 'ESET NOD32 Antivirus' started by Skywolfe, Jul 27, 2010.

Thread Status:
Not open for further replies.
  1. Skywolfe

    Skywolfe Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    82
    ok I had a strange occurance happen earlier that I didn't know about until a scan ran earlier today but I have this in the log files.

    7/26/2010 8:09:35 PM Real-time file system protection file C:\Users\Skywolfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YAGDNH73\SmileyCentralInitialSetup1.0.1.1[1].exe Win32/AdInstaller potentially unwanted application deleted (after the next restart) Skywolfe-PC\Skywolfe Event occurred on a new file created by the application: C:\Program Files (x86)\Internet Explorer\iexplore.exe.

    7/26/2010 8:09:14 PM HTTP filter file -http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab- Win32/AdInstaller potentially unwanted application connection terminated - quarantined Skywolfe-PC\Skywolfe Threat was detected upon access to web by the application: C:\Program Files (x86)\Internet Explorer\iexplore.exe.

    other than those two detections and this one from a malwarebytes scan


    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    I have no other instances that I can see of that running. my question is was this taken care of by the http filter? and if it was why was it copied to the registry?
     
    Last edited by a moderator: Jul 27, 2010
  2. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Are your Web Browser(s) manually added and checked under http filtering, if they are not they should be although I have been lead to believe otherwise of late, I have mine added and checked.

    This may explain why the adware bypassed http filtering.

    If no one can answer your query definitively, I suggest you submit an Issue Ticket to ESET.
     
  3. Skywolfe

    Skywolfe Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    82
    ok what do you mean by manually added and checked for filtering. I don't have anything set to only allow specific addresses. as I tried that and it blocked out every address I tried. my QUESTION is is the system infected since it had said it was blocked through the filtering (connection terminated) the thing is, I don't remember anything coming up like that or otherwise for it to either block or actually download it :s another question is by cleaning those two files. and deleting that is it out of there? as there seems to be no other sign of it anywhere else.
     
  4. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    You would manually add Web Browsers per the second graphic in the preceeding ESET KB Article.

    As I already indicated, please submit an Issue Ticket to ESET. I cannot help you further on this matter as to why you got infected.

    Options to consider when you are Infected
     
    Last edited: Jul 28, 2010
  5. Skywolfe

    Skywolfe Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    82
    alright.
     
  6. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Awaiting your findings and feedback, Skywolfe

     
  7. Skywolfe

    Skywolfe Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    82
    support tickets are useless because I do not have the e mail that it was issued with as I asked one of the computer stores to order it for me since I can't buy stuff online. as for the detection. it was never heard from again. so my guess is that it was either gotten rid of by the scanner, or by malwarebytes alone. once I did a rescan after that and everything turned up fine.
     
  8. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    I don't quite understand your last statement, did you submit a support ticket to ESET ? If you have not, this may help clarify your possibly unresloved issue.

    Have you accomplished what I have asked you to do in previous posts in this thread ?
     
  9. Skywolfe

    Skywolfe Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    82
    alright.. what is there to understand. no I have not submitted a support ticket because whatever e mail was registered to buy the product to begin with..... was not under mine but from the store I bought it from. since I can't BUY ANYTHING ONLINE... I had to go through the store. and since I don;t have the e mail... I can't get support unless it is by phone.
     
  10. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    ESET's Customer Care email is: ccreply@eset.com
    Please ensure you include as much information in your email to ESET as possible including the build number of your installed ESET Product.

    Good luck.
     
  11. Skywolfe

    Skywolfe Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    82
    um yeah I tried that. and while the username and password are fine.... it doesn't go into help because a different e mail was registered than the one THEY have on record for the account. I have tried in getting back both for smart security since I lost the key somewhere and thought I had it on a disk somewhere (of which I have yet to find)
     
Thread Status:
Not open for further replies.