Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech - Register now for FREE

A community of volunteers who share their knowledge, and answer your tech questions. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message, and all ads will be removed once you have signed in.

Create an Account Login to Account


Photo

Malware/Spyware? [Solved]


  • This topic is locked This topic is locked
67 replies to this topic

#61 jwr243

jwr243

    Authentic Member

  • Authentic Member
  • PipPip
  • 134 posts

Posted 23 May 2012 - 05:17 PM

Finally got rid of the old Java and installed the new. With the new version, in Add/Remove there is no JRE file as there was before. The only two Java files are Java™ 7 Update 4 and JavaFX 2.1.0. Should there be a JRE file? Also in Add/Remove there are 3 items that were not there before installing the new Java. "Anti-Phishing Domain Advisor"; "I Want That"; and "Blekko Search Bar". With the Blekko Search Bar I was asked if I wanted to switch to that or continue using Live Search. It said I was now using Live Search, so I so I checked that choice. Was that ok? I didn't download anything malicious did I? I did a search for "Anti-Phishing Domain Advisor" and all the reviews in CNET say it is malware and should be uninstalled. Is that true? If it is, can Add/Remove unistall it successfully? That leaves the file labled "I Want That". I have no idea what that is. These are 3 items not there before installing the new Java. Did something malicious get through at the same time? By the way, when I installed Java, should I have disabled my anti-virus, firewall, etc.?

Advertisement


#62 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 5,034 posts
  • Interests:LFC, music, more LFC, more music

Posted 24 May 2012 - 01:08 AM

These would have been added when you installed the latest Java.

I did a search for "Anti-Phishing Domain Advisor" and all the reviews in CNET say it is malware and should be uninstalled. Is that true? If it is, can Add/Remove unistall it successfully?

The Anti-phishing Domain Advisor (ADA) is an add-in that protects you from phishing sites (sites that want to steal your identity) and malware sites (sites that install software onto your computer for illegal purposes).

With the Blekko Search Bar I was asked if I wanted to switch to that or continue using Live Search. It said I was now using Live Search, so I so I checked that choice. Was that ok? I didn't download anything malicious did I?

The Blekko Search Bar is an Internet web browser developed by Apple Inc. According to tests held, it performed as the fastest browser to load HTML and Java. This is probably why Java installed it.

I have no idea what "I Want That" is but it sounds like some form of adware and would personally uninstall it but as far as I'm aware it is not malware.

By the way, when I installed Java, should I have disabled my anti-virus, firewall, etc.?

No need to disable your firewall.

In conclusion, run Malwarebytes and if any of the three are adware/spyware Malwarebytes will pick them up. If not, they are all fine.

Satchfan

#63 jwr243

jwr243

    Authentic Member

  • Authentic Member
  • PipPip
  • 134 posts

Posted 24 May 2012 - 05:47 PM

Here's the log for the Malwarebytes scan I did just a few minutes ago. The results showed 43 items found. A scan I did a few hours ago showed only 17 items found. Are these items all Malware? Why were so many more items found in the second scan? You explained that Anti-Phishing Domain Advisor is to cut down on phishing attempts, but all the reviews I read about it on CNET say it is a bogus Anti-Phishing tool and is actually malware and should be uninstalled. Is that true? The 2nd line from the bottom mentions the "I Want This" thing that now shows up in Add/Remove. In quite a few lines it mentions "no action taken", because I didn't know what I should do with the scan results. Most had a green mark next to them and many, but not all were checked. Should I do another scan and delete all the checked items? How can I stop all this from getting through? -------------------------------------------------------------------------------------------- Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.24.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Jerry :: SERVER [administrator] 5/24/2012 7:16:26 PM mbam-log-2012-05-24 (19-25-47).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 201748 Time elapsed: 8 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 34 HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> No action taken. HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> No action taken. HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> No action taken. HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> No action taken. HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> No action taken. HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> No action taken. HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> No action taken. HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> No action taken. HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> No action taken. HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> No action taken. HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> No action taken. HKCR\CrossriderApp0002258.BHO (PUP.CrossFire.Gen) -> No action taken. HKCR\CrossriderApp0002258.BHO.1 (PUP.CrossFire.Gen) -> No action taken. HKCR\CrossriderApp0002258.FBApi (PUP.CrossFire.Gen) -> No action taken. HKCR\CrossriderApp0002258.FBApi.1 (PUP.CrossFire.Gen) -> No action taken. HKCR\CrossriderApp0002258.Sandbox (PUP.CrossFire.Gen) -> No action taken. HKCR\CrossriderApp0002258.Sandbox.1 (PUP.CrossFire.Gen) -> No action taken. HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> No action taken. HKCU\SOFTWARE\I WANT THIS (PUP.GamesPlayLab) -> No action taken. HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> No action taken. HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\I WANT THIS (Adware.GamePlayLab) -> No action taken. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken. HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken. HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (PUP.GamePlayLab) -> No action taken. HKCR\Interface\{55555555-5555-5555-5555-550055225558} (PUP.GamePlayLab) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken. Registry Values Detected: 3 HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 81c5cbef91cb9a777aac1d8bdcbd3a80 -> No action taken. HKCU\Software\I Want This|HelperRunningVersion (PUP.GamesPlayLab) -> Data: 149 -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Data: 215 Apps -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 2 C:\Documents and Settings\Jerry\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> No action taken. C:\Documents and Settings\Jerry\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> No action taken. Files Detected: 4 C:\Program Files\I Want This\I Want This.dll (Adware.GamePlayLabs) -> No action taken. C:\Documents and Settings\Jerry\Local Settings\temp\air1D.exe (Adware.GamePlayLabs) -> No action taken. C:\Documents and Settings\Jerry\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> No action taken. C:\Program Files\I Want This\I Want This.dll (PUP.GamePlayLab) -> No action taken. (end)

#64 jwr243

jwr243

    Authentic Member

  • Authentic Member
  • PipPip
  • 134 posts

Posted 24 May 2012 - 05:49 PM

Sorry, I forgot to point out in the Malwarebytes log that some called Adware.GamePlayLab is mentioned quite a few times. What is this?

#65 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 5,034 posts
  • Interests:LFC, music, more LFC, more music

Posted 25 May 2012 - 02:14 AM

Hi jwr243

You explained that Anti-Phishing Domain Advisor is to cut down on phishing attempts, but all the reviews I read about it on CNET say it is a bogus Anti-Phishing tool and is actually malware and should be uninstalled. Is that true?

No. It is not malware and if you look at what CNET says here, it doesn’t say that either.

The 2nd line from the bottom mentions the "I Want This" thing that now shows up in Add/Remove.

“I Want This” is part of GamePlayLab which is a program that collects browsing information in order to send relevant adverts to the user who has it installed.

Remove it from Add/remove programs

Should I do another scan and delete all the checked items?

Yes. :
  • run Malwarebytes again
  • make sure that everything found is checked, and click Remove Selected.
  • when disinfection is completed, a log will open in Notepad and you may be prompted to Restart to complete the disinfection process
  • the log is automatically saved by MBAM and can be viewed by clicking the “Logs” tab in MBAM.
  • copy & paste the report in your next reply.
Satchfan

#66 jwr243

jwr243

    Authentic Member

  • Authentic Member
  • PipPip
  • 134 posts

Posted 25 May 2012 - 09:53 AM

Late last Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.24.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Jerry :: SERVER [administrator] 5/25/2012 11:09:16 AM mbam-log-2012-05-25 (11-09-16).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 201934 Time elapsed: 13 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Late last night I ran a scan and thought I removed all the checked items, but a 2nd scan found 2 items. I removed these. I also removed "I Want This" from Add/Remove and below is the scan log from just a few minutes ago. As you can see, nothing was found this time. Is it ok to remove "Blekko Search bar" from Add/Remove? Can the Blekko Search bar cause any problems if it's not removed? I'm using AVG 8.5. The AVG website has a version 2012 available. Is that the latest version or something different? If the latest version and I want to download that, should I remove the 8.5 version first? I'll keep my fingers crossed that things are finally ok. ---------------------------------------------------------------------------------------------------------------- Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

#67 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 5,034 posts
  • Interests:LFC, music, more LFC, more music

Posted 25 May 2012 - 04:03 PM

Is it ok to remove "Blekko Search bar" from Add/Remove? Can the Blekko Search bar cause any problems if it's not removed?

Remove it from Add/remove programs.

I'm using AVG 8.5. The AVG website has a version 2012 available. Is that the latest version or something different? If the latest version and I want to download that, should I remove the 8.5 version first?

There is no need for you to uninstall previous versions. You will be informed during installation that there is another older AVG and it will be uninstalled automatically during AVG 2012 installation.

I'll keep my fingers crossed that things are finally ok.

It appears that all is well. :thumbup:

Take care

Satchfan

#68 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 5,034 posts
  • Interests:LFC, music, more LFC, more music

Posted 27 May 2012 - 01:06 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

Advertisement




Similar Topics: Malware/Spyware? [Solved]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users