SpyBot S&D results (?)

Discussion in 'other security issues & news' started by SG1, Aug 30, 2003.

Thread Status:
Not open for further replies.
  1. SG1

    SG1 Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    432
    Anyone know about two items below, that SpyBot highlighted in a scan, today? The 2nd item, oddly, is just a desktop icon for the ATT dialer, which I seldom use but this is about the 2nd time that SpyBot has for some reason pointed it out. SpyBot had previously termed the dialer/icon "InterSysInc..." whatever that may mean.
    Was bit more worried about the CoolSearcher info, as I'm not familiar with that product. (Otherwise, though, TrojanJunter, Nod32 and Hijack This found nothing to be alarmed over).
       Thanks, for info/advice. SG1 (Pat)
    -----------------
    Congratulations!: No registry inconsistencies were found. ()

    CoolSearcher.Info: IE toolbar (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{8E718888-423F-11D2-876E-00A0C9082467}

    Unknown: Desktop icon (File, nothing done)
    C:\WINDOWS\Desktop\AT&T Global Network Dialer.lnk

    --- Spybot-S&D version: 1.2 ---
    2003-08-27 Includes\Malware.sbi
    2003-01-08 Includes\plugin-ignore.ini
    2003-06-24 Includes\Cookies.sbi
    2003-08-27 Includes\Dialer.sbi
    2003-08-20 Includes\Hijackers.sbi
    2003-08-01 Includes\Keyloggers.sbi
    2003-06-24 Includes\Security.sbi
    2003-08-27 Includes\Spybots.sbi
    2003-07-31 Includes\Tracks.uti
    2003-07-17 Includes\Trojans.sbi
     
  2. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,361
    Location:
    The Netherlands
    The {8E718888-423F-11D2-876E-00A0C9082467} Class ID is identical to that of the IE Radio Bar, although that one's habitual location is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar

    It may be a False Positive, although you can't exclude the possibilty of this CoolSearcher hijacker using the same Class ID

    The AT&T shortcut is a FP for sure.

    For the time being I'd have SpyBot ignore both.

    And you may want to post at the SpyBot board: http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?s=85b016705c3f1f3bf33b9c71d63d21d6;act=ST;f=24;t=5404

    Can't hurt to include a link to this here thread as well.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.