Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser malware keeps being detected...


  • Please log in to reply
3 replies to this topic

#1 ST82

ST82

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 22 January 2014 - 10:05 PM

Hi
 
Recently I contracted my my first malware, a trojan (apologies, I should have made a note of it, SuperAntiSpyware Professional detected it doing a routine scan and I followed the instructions to disinfect).
 
I decided on a reinstall afterwards to be sure, and when doing a regular scan after this, SuperAntiSpyware said that it had detected "Zoom Downloader" as an extension in my browser:
 
HKLM\SOFTWARE\Classes\AppID\{E873C427-3976-4596-8D0B-74B3FADC7D45}
HKLM\SOFTWARE\Classes\AppID\eWebControl365.DLL
HKLM\SOFTWARE\Classes\eWebPrefillData.365
HKLM\SOFTWARE\Classes\eWebPrefillData.365.1
HKLM\SOFTWARE\Classes\eWebResultData.365
HKLM\SOFTWARE\Classes\eWebResultData.365.1
HKLM\SOFTWARE\Classes\eWebSDK.365
HKLM\SOFTWARE\Classes\eWebSDK.365.1
HKLM\SOFTWARE\Classes\TypeLib\{FD96BC95-A0B9-4533-B0D3-8D47E9924D34}
 
Zoom Downloader wasn't present in my programs, nor had I added it as an extension (if such a thing exists) to my knowledge, and being far from an IT expert, I thought the best thing to do was to reinstall again. 
 
But when I ran SuperAntiSpyware afterwards again, the same detection occurred (I haven't opted to remove the above as I thought I would post first for advice).
 
Kaspersky Internet Security (2014), Malwarebytes Anti-Malware Free, ESET Online Scanner and Kaspersky TDSS Killer haven't detected anything so I'm a bit baffled why SuperAntiSpyware flags an issue.
 
My laptop runs Windows 7 Professional. The installed programs are (presently) Kaspersky Internet Security, Malwarebytes Anti-Malware Free, Spotify, mSecure, Guild Wars, TrueCrypt, Dropbox and Evernote.
 
The browser is Chrome with the following extensions: HTTPS Everywhere, Adblock Plus, Click & Clean, Disconnect (all downloaded from the Chrome store) and Google Docs.
 
I'm a bit paranoid after the trojan, as SuperAntiSpyware never detected this issue previously, and I don't if this is a false positive / SuperAntiSpyware getting confused over one of the extensions etc.
 
Please let me know if you need any further information and many thanks in advance for any thoughts / advice...


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:09 PM

Posted 22 January 2014 - 11:00 PM

I'm suspecting a False Positive from SAS. This PConverter Video Converter is installed on half of Hewlwtt packards products.
http://www.webutations.net/go/review/pconverter.com
I am not saying you need it but I don't believe it to be malware.
 
Let's get a second opinion, submit it to one of the following online services that analyzes suspicious files:

In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.

 

 

 

I think SUPERAntiSpyware detected something it should not have. What do I do? BTNReturnToFaq.gif  


 


Edited by boopme, 22 January 2014 - 11:02 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ST82

ST82
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 23 January 2014 - 06:53 PM

Hi

 

Many thanks for the response / links etc.

 

Your instincts were good; I also dropped a line to SAS and they tweaked their PUP definition database and the issue has gone away presently (I wasn't even to upload a file, SAS detected the issue at the very start of the scan, and didn't isolate a file / flag up an issue at the end of the scan, basically I could delete at the start, or let the scan run and not be able to do anything further).

 

I think I was a bit paranoid after the trojan (which if nothing else gave me a kick up the proverbial to upgrade to a paid antivirus over a free one!) but guess best to check with the professionals.

 

Again thanks for your help / appreciated.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:09 PM

Posted 23 January 2014 - 10:31 PM

You're welcome from us all and thanks for visiting!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users