Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not too concerned, but...


  • Please log in to reply
27 replies to this topic

#1 Lehr

Lehr

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:15 AM

Posted 18 December 2014 - 06:33 PM

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}

I did a scan with adwcleaner, it detected that and I proceeded to clean it. They reappeared after I restarted and did another scan. Is this a false positive? I never use internet explorer.

Edited by Lehr, 18 December 2014 - 06:35 PM.


BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:15 AM

Posted 18 December 2014 - 08:21 PM

These may be Symantec files. Do you use that?

This one is bad and can go
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}


To get a second opinion, submit it to one of the following online services that analyzes suspicious files:In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.

Edited by boopme, 18 December 2014 - 08:23 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Lehr

Lehr
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:15 AM

Posted 18 December 2014 - 08:22 PM

I use Norton, I believe that is a product of Symantec. And I can't find these files, interesting.


And all of them are still there despite me trying to delete them again.

Edited by Lehr, 18 December 2014 - 08:30 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:15 AM

Posted 18 December 2014 - 08:42 PM

The first 3 are registry key entries related to CoIEPlg.dll...part of Norton Toolbar
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}


0633EE93-D776-472F-A0FF-E1416B8B2E3A is related to Trojan.Startpage, a detection for malware threats that change a browser’s home page.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Lehr

Lehr
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:15 AM

Posted 18 December 2014 - 08:47 PM

I see. I'll try to delete it again with Adwcleaner. Not sure where I picked it up but it only seems to effect I.E, strange... My firefox is just fine.


If it doesn't work what should I do?

Edited by Lehr, 18 December 2014 - 08:47 PM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:15 AM

Posted 18 December 2014 - 08:56 PM

SearchScopes specify Internet search providers. I would consider the detection more of a Potentially Unwanted Modifcation (PUM)...a possibly unwanted change made to a computer's settings at the system level. PUMs are considered "potentially unwanted" (not necessarily malicious) because the security program making the detection cannot determine if the modification was set by the user, an administrator, a legitimate program or by malware.

Some security tools will scan and flag certain registry key modifications (i.e. StartMenu, Desktop, SecurityCenter, HomePageControl, NewStartPanel, Internet Explorer HomePage/StartPage, etc and various other Windows registry policies) but cannot determine if they were made intentionally and who or what made the changes. Since that is the case, the tool may flag these changes to ensure the user is aware of the modification(s). It most iikely was made by some type of Potentially Unwanted Program (PUP).

In most cases if you recognize the PUM, you can ignore the detection. If you don't recognize the detection, then you may need to investigate further as to what or who made the modification(s). Security tool developers assume that those using their programs have sufficient or advanced knowledge to know if they disabled or modified such keys and understand the detection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Lehr

Lehr
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:15 AM

Posted 18 December 2014 - 09:00 PM

Well, Adwcleaner can't remove it despite me trying four times. It doesn't seem to effect anything I do at all from what I gather. Do you think it would be safe enough to just disregard them seeing as they may be PUM's or PUP's that don't matter or are coming up as false positives?

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:15 AM

Posted 18 December 2014 - 09:11 PM

I said it most likely was made by a PUP but some types of malware have been known to made such modifications. Since Trojan.Startpage is a detection made by Symantec I would ask them about it.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Lehr

Lehr
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:15 AM

Posted 18 December 2014 - 09:16 PM

Alright, thanks for your help, I'll head over to their forums.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:15 AM

Posted 18 December 2014 - 09:21 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Lehr

Lehr
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:15 AM

Posted 18 December 2014 - 09:22 PM

Well, I can't find the section on Nortons forums to inquire about it and it isn't deleting. Really don't know what to do unfortunately.


http://www.symantec.com/security_response/writeup.jsp?docid=2002-011511-4413-99


Apparently its insignificant to my machine over all according to this. Gonna scan and hope for the best I guess.

Edited by Lehr, 18 December 2014 - 09:30 PM.


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:15 AM

Posted 18 December 2014 - 09:30 PM

Please download and scan with Emsisoft Anti-Malware 30 day trial version.
  • Double-click on the EmsisoftAntiMalwareSetup.exe icon to install.
  • If the setup program displays an alert about safe mode, please click on the Yes button to continue.
  • Agree to the license agreement and click on the Install button to continue with the installation.
  • You will get to a screen asking what type of license you wish to use with Emsisoft Anti-Malware.
    .
    If you have an existing license key or want to buy a new license key, please select the appropriate option. Otherwise, select the Freeware or Test for 30 days, free option. If you receive an alert after clicking this button that your trial has expired, just click on the Yes button to enter freeware mode, which still allows the cleaning of infections.
    .
  • Emsisoft Anti-Malware will now begin to update it's virus detections.
  • When the updates are completed, select Enable PUPs Detection.
  • Select the Full Scan option to begin scanning your computer for infections.
    scan-selection.jpg
    .
  • When the scan has finished, the program will display the scan results that shows what infections where found.
  • Click on the Quarantine Selected button, which will remove the infections and place them in the program's quarantine.
    scan-results.jpg
    .
  • If Emsisoft prompts you to reboot your computer to finish the clean up process, please allow it to do so.
Note: By default Emsisoft Anti-Malware installs as a free fully functional 30-day trial version with real-time protection. After the trial period expires you can either choose to buy a full version license or continue to use it in limited freeware mode which still allows you to scan and clean infections. The freeware mode no longer provides any real-time protection to guard against new infections. However, even if the trial is still enabled, you can easily turn off all real time protection and just have it running as on-demand scanner only. After the trial period expires nothing really changes except that the options to activate real-time protection are no longer available without purchasing the full version.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Lehr

Lehr
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:15 AM

Posted 18 December 2014 - 09:32 PM

Huh, I'll do that too. Anyway, sorry if I seem uneducated in terms of virus removal, wasn't in my upbringing to understand these machines unfortunately.


If the scan comes up clean (if it doesnt i'll post logs) what should I do from there?

Edited by Lehr, 18 December 2014 - 09:37 PM.


#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:15 AM

Posted 18 December 2014 - 09:40 PM

I was able to do some more searches and found that entry in several diagnostic logs...seems like it may belong to Bing.

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

If you have Bing...it may be regenerating the entries since they keep returning after deletion.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 Lehr

Lehr
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:15 AM

Posted 18 December 2014 - 09:47 PM

I had bing on firefox. my I.E doesn't have any form of redirects what so ever and the websites are the same as they have been since 2008 (The last time I touched it). msn.com insightbb.com. Again, I had Bing as a search feature on my firefox and I believe once on my PC.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users