9 replies to this topic

[bobette marlow]

Salut,

Malwarebytes' Anti-Malware 1.41
Database version: 3178
Windows 6.0.6001 Service Pack 1

16/11/2009 12:51:17
mbam-log-2009-11-16 (12-51-07).txt




Files Infected:
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> No action taken.

[nosirrah]

Please get us a developers log :

http://www.malwareby...?showtopic=3228

and if possible zip and attach a copy of riched20.dll to your next post .

[Gizmo]

nosirrah, on Nov 16 2009, 03:28 PM, said:

Please get us a developers log :

http://www.malwareby...?showtopic=3228

and if possible zip and attach a copy of riched20.dll to your next post .

Was anything done here... just updated to paid version and getting same issue plus another file all linked to Windows Live.

DETECTION C:\Program Files\Windows Live\Messenger\msimg32.dll Adware.MyWebSearch ALLOW
DETECTION C:\Program Files\Windows Live\Messenger\msimg32.dll Adware.MyWebSearch ALLOW
DETECTION C:\Program Files\Windows Live\Messenger\riched20.dll Adware.MyWebSearch ALLOW

Manual Scan of mentioned folder also reports adaware.

I ddi search google ... lol ... and these files are reported as true files

[AdvancedSetup]

Hello Gizmo,

Please click on START - RUN and type in MBAM /DEVELOPER and then do a Quick Scan and post back the new log and we'll review.

Thank you.

[Gizmo]

AdvancedSetup, on Dec 7 2009, 09:04 PM, said:

Hello Gizmo,

Please click on START - RUN and type in MBAM /DEVELOPER and then do a Quick Scan and post back the new log and we'll review.

Thank you.

Hopefully this helps

Attached Files

•  mbam_log_2009_12_08__16_35_42_.txt   1.06K   27 downloads

[miekiemoes]

Hi,

These are no False positives:

http://www.virustotal.com/analisis/36f6ecf...708a-1259709152
http://www.virustotal.com/analisis/76adc93...b7a3-1259604770

[Gizmo]

miekiemoes, on Dec 8 2009, 05:06 PM, said:

Hi,

These are no False positives:

http://www.virustotal.com/analisis/36f6ecf...708a-1259709152
http://www.virustotal.com/analisis/76adc93...b7a3-1259604770

Hmmmm but my mcafee 5825 says no infections.... ???

Researching the web this file gets infected BUT when its in an MSN mesenger folder not Windows live.

Attached both files in zip if possible anyone can investigate.

Attached Files

•  msimg32.zip   6.8K   14 downloads

[miekiemoes]

Hi,

Both files are 100% related with Mywebsearch/SmileyCentral adware.
If you rightclick them and choose properties > version, you'll see the "Smiley Central" in their version info

[Gizmo]

miekiemoes, on Dec 8 2009, 05:55 PM, said:

Hi,

Both files are 100% related with Mywebsearch/SmileyCentral adware.
If you rightclick them and choose properties > version, you'll see the "Smiley Central" in their version info

Hi Mieke, many thanks for your assistance ( rightclick, properties... good tip ) ... they have gone... now where is my son, installing stuff on my laptop...lol

Interesting that a later DAT file of mcafee reports no infection.

Keep up the good work all.....

[miekiemoes]

You're most welcome