Jump to content


Photo

Help is this a false positive or malaware


  • Please log in to reply
3 replies to this topic

#1 sagitarius1112

sagitarius1112

    New Member

  • Members
  • Pip
  • 3 posts

Posted 13 December 2012 - 12:11 AM

Registry Keys Detected: 6
HKCR\Interface\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055465539}\TypeLib (PUP.CrossFire.SA) -> Delete on reboot.
HKCR\TypeLib\{44444444-4444-4444-4444-440044464439} (PUP.CrossFire.SA) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055465539}\TypeLib (PUP.CrossFire.SA) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055465539}\TypeLib (PUP.CrossFire.SA) -> Delete on reboot.
HKCU\SOFTWARE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055465539}\TypeLib (PUP.CrossFire.SA) -> Delete on reboot.
HKCU\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055465539}\TypeLib (PUP.CrossFire.SA) -> Delete on reboot.

Ran Malawarebytes anti-rootkit and keep getting this even are cleanup. When I do other scans nothing is detected.

#2 miekiemoes

miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,674 posts
  • Gender:Female
  • Location:Belgium

Posted 13 December 2012 - 12:57 AM

Hi,

This is no False Positive, nor Malware. It is detected as PUP here, which means, potentially Unwanted Program.
This was was probably installed with a toolbar called "SavingsApp" which is not recommended.
Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 sagitarius1112

sagitarius1112

    New Member

  • Members
  • Pip
  • 3 posts

Posted 13 December 2012 - 10:28 PM

How do I get rid of it?

#4 miekiemoes

miekiemoes

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 7,674 posts
  • Gender:Female
  • Location:Belgium

Posted 14 December 2012 - 12:13 AM

Hi,

Please see here: http://forums.malwar...showtopic=69723 and post your logs in the appropriate forum. Then someone else will help you asap :)
Mieke Verburgh
Director of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users