Smiley central detection

ok I had a strange occurance happen earlier that I didn't know about until a scan ran earlier today but I have this in the log files.

7/26/2010 8:09:35 PM Real-time file system protection file C:\Users\Skywolfe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YAGDNH73\SmileyCentralInitialSetup1.0.1.1[1].exe Win32/AdInstaller potentially unwanted application deleted (after the next restart) Skywolfe-PC\Skywolfe Event occurred on a new file created by the application: C:\Program Files (x86)\Internet Explorer\iexplore.exe.

7/26/2010 8:09:14 PM HTTP filter file -http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab- Win32/AdInstaller potentially unwanted application connection terminated - quarantined Skywolfe-PC\Skywolfe Threat was detected upon access to web by the application: C:\Program Files (x86)\Internet Explorer\iexplore.exe.

other than those two detections and this one from a malwarebytes scan


Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

I have no other instances that I can see of that running. my question is was this taken care of by the http filter? and if it was why was it copied to the registry?

 

Are your Web Browser(s) manually added and checked under http filtering, if they are not they should be although I have been lead to believe otherwise of late, I have mine added and checked.

This may explain why the adware bypassed http filtering.

If no one can answer your query definitively, I suggest you submit an Issue Ticket to ESET.

 

ok what do you mean by manually added and checked for filtering. I don't have anything set to only allow specific addresses. as I tried that and it blocked out every address I tried. my QUESTION is is the system infected since it had said it was blocked through the filtering (connection terminated) the thing is, I don't remember anything coming up like that or otherwise for it to either block or actually download it :s another question is by cleaning those two files. and deleting that is it out of there? as there seems to be no other sign of it anywhere else.

 

You would manually add Web Browsers per the second graphic in the preceeding ESET KB Article.

As I already indicated, please submit an Issue Ticket to ESET. I cannot help you further on this matter as to why you got infected.

Options to consider when you are Infected

 

alright.

 

Awaiting your findings and feedback, Skywolfe

 

support tickets are useless because I do not have the e mail that it was issued with as I asked one of the computer stores to order it for me since I can't buy stuff online. as for the detection. it was never heard from again. so my guess is that it was either gotten rid of by the scanner, or by malwarebytes alone. once I did a rescan after that and everything turned up fine.

 

I don't quite understand your last statement, did you submit a support ticket to ESET ? If you have not, this may help clarify your possibly unresloved issue.

Have you accomplished what I have asked you to do in previous posts in this thread ?

 

alright.. what is there to understand. no I have not submitted a support ticket because whatever e mail was registered to buy the product to begin with..... was not under mine but from the store I bought it from. since I can't BUY ANYTHING ONLINE... I had to go through the store. and since I don;t have the e mail... I can't get support unless it is by phone.

 

ESET's Customer Care email is: ccreply@eset.com
Please ensure you include as much information in your email to ESET as possible including the build number of your installed ESET Product.

Good luck.

 

um yeah I tried that. and while the username and password are fine.... it doesn't go into help because a different e mail was registered than the one THEY have on record for the account. I have tried in getting back both for smart security since I lost the key somewhere and thought I had it on a disk somewhere (of which I have yet to find)