Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Edwido Found


  • Please log in to reply
2 replies to this topic

#1 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,722 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:46 AM

Posted 28 September 2006 - 03:27 AM

Windows XP Home SP2
ZoneAlarm Security Suite - real-time protection
Spybot - on Demand
Adaware SE - on Demand
AdWatch - real-time protection
Super AntiSpyware Free- on Demand
Edwido Free - on Demand
A2 Free - on Demand
SpywareBlaster
Spyware Guard - real-time protection
Everything completely updated

Yesterday afternoon, I became concerned because my drive sounded as though a scan or a search were in process; however, I was not doing any searches, scanning, or defragmenting; and nothing I saw in Taskmanager helped in identifying what was going on. System Idle process was showing higher than normal usage. Ultimate TroubleShooter did not show anything odd to me.

I decided to restart and enter safe mode where I did the following scans:

Spybot found only usage tracks

Adaware SE the same

SuperAntispyware found nothing

Edwido found this:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:51:32 PM 9/27/2006

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).


::Report end

In researching the CLSID number on google, I was led legitimate file called IEFRAME.DLL

This is the information source for that identification.

I then researched DeluxeCommunications and was led to BleepingComputer's removal tutorial found here.

I read through it and investigated the following:

I created a HiJack This Log and compared the log with the entries listed in the removal tutorial. There were no matches: nothing even close.

I looked in Add/Remove programs but found nothing related to DeluxeCommunications. I also looked for a folder with that name in Program Files, but there wasn't one.

I used Search to look for the following files on my hard drive:

Dxcknwrd.dll
Dxccwrd.dll
Dxc.exe


Search found nothing.

I do not appear to have the disk activity occuring that concerned me earlier. I do not suffer from any pop-ups or any other strange behavior.

Question: Is there be something hiding on my computer that would have arrived at the same time as that registry key or is everything hunky-dorry?

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:46 AM

Posted 28 September 2006 - 07:50 AM

Ewido seems to be reporting Adware.DeluxeCommunications with two CLSIDs:

HKLM\SOFTWARE\Classes\CLSID\{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} -> Adware.DeluxeCommunications :
HKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -> Adware.DeluxeCommunications :

ieframe.dll is a part of Internet Explorer 7

I don't use IE7 so I don't have that .dll but there is discussion here about the Ewido find being a false positive.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Topic Starter

  • Moderator
  • 36,722 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:46 AM

Posted 28 September 2006 - 12:12 PM

ieframe.dll is a part of Internet Explorer 7
I don't use IE7 so I don't have that .dll


I don't use IE7 either. I have Internet Explorer v6.00 SP2. A search does not reveal IEFRAME.DLL on my system either.

but there is discussion here about the Ewido find being a false positive.

Interesting. Hmm.

On an off-chance that this key, which I have in quarantine, was related to IE, I just used IE for a bit. IE is running fine as far as I can tell.

Orange Blossom :thumbsup:

Edited by Orange Blossom, 28 September 2006 - 12:16 PM.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users