Jump to content
JerryM

DL Searchbar

Recommended Posts

Scanning with a-squared reveals a DL Searchbar. No other application shows that "malware."

Does SAS not recognize it because it is either not a threat or for what reason?

I don't see how to post the a-squared result jpeg here.

Thanks,

Jerry

Share this post


Link to post
Share on other sites
http://img231.imageshack.us/my.php?image=dlsearchbarks8.jpg

Hi Nick,

I could not C&P, but above is the url.

Hope I did it correctly so that you can see it.

I have posted the image on Wilders.

http://www.wilderssecurity.com/showthre ... post841353

Thanks,

Jerry

Can you post the scan log from the other product? I can't see the full GUIDs and what was detected to see if it really is an infection.

Share this post


Link to post
Share on other sites
http://img231.imageshack.us/my.php?image=dlsearchbarks8.jpg

Hi Nick,

I could not C&P, but above is the url.

Hope I did it correctly so that you can see it.

I have posted the image on Wilders.

http://www.wilderssecurity.com/showthre ... post841353

Thanks,

Jerry

Can you post the scan log from the other product? I can't see the full GUIDs and what was detected to see if it really is an infection.

Hi Nick,

I don't have the scan log now. However, I did post a more complete log of the quarantine on Castle Cops. I think that is what you need, or at least I hope so.

http://www.castlecops.com/modules.php?n ... d&id=12733

Thanks,

Jerry

Share this post


Link to post
Share on other sites

Hi Nick,

I shut down Restore, and rescanned. Nothing was detected. I rebooted and enabled Restore. I also have opened Firefox, and visited several security forums.

I then rescanned with a-squared and the 6 entries showed up again.

I hope this shows the scan results.

a-squared Free - Version 2.0

Scan settings:

Objects: Memory, Traces, Cookies, C:\WINDOWS, C:\Program Files

Scan archives: On

Heuristics: On

ADS Scan: On

Scan start: 9/21/2006 7:53:07 PM

Key: HKEY_CLASSES_ROOT\catalyst.httpclientctrl.1 detected: Trace.Registry.DLSearchBar

Key: HKEY_CLASSES_ROOT\clsid\{edd6ba26-9ebb-11d2-b89c-00104b30757b} detected: Trace.Registry.DLSearchBar

Key: HKEY_CLASSES_ROOT\clsid\{edd6ba27-9ebb-11d2-b89c-00104b30757b} detected: Trace.Registry.DLSearchBar

Key: HKEY_CLASSES_ROOT\interface\{edd6ba24-9ebb-11d2-b89c-00104b30757b} detected: Trace.Registry.DLSearchBar

Key: HKEY_CLASSES_ROOT\interface\{edd6ba25-9ebb-11d2-b89c-00104b30757b} detected: Trace.Registry.DLSearchBar

Key: HKEY_CLASSES_ROOT\typelib\{edd6ba23-9ebb-11d2-b89c-00104b30757b}\1.0 detected: Trace.Registry.DLSearchBar

Scanned

Files: 42005

Traces: 73646

Cookies: 55

Processes: 45

Found

Files: 0

Traces: 6

Cookies: 0

Processes: 0

Registry keys: 0

Scan end: 9/21/2006 8:08:04 PM

Scan time: 12:14:57 AM

I have no idea where they are coming from. I may try again to turn off system restore, delete the malware, reboot, and scan again before I use Firefox.

Thanks for the help, and I am curious if it is really malware, as I think something else would have caught it.

Regards,

Jerry

Share this post


Link to post
Share on other sites

Hi Nick,

I guess this is in the wrong forum here, but hate to start another thread, unless you do so.

I scanned and found the 6 entries, removed them, and then scanned again. No entries were made.

I did not disable Restore.

I am not at home and am using a dial up, My Travel Access. I lconnected to the internet through My Travel Access, disconnected and then scanned again. On that scan the 6 entries were back. I did not use the browser, but just connected to the internet to see if by chance the entries would show up after using My Travel Access.

At first glaece it would seem that the "malware" is connected with My

Travel Access as a search bar to find the local numbers or something.

Any thoughts?

Regards,

Jerry

Share this post


Link to post
Share on other sites
Hi Nick,

I guess this is in the wrong forum here, but hate to start another thread, unless you do so.

I scanned and found the 6 entries, removed them, and then scanned again. No entries were made.

I did not disable Restore.

I am not at home and am using a dial up, My Travel Access. I lconnected to the internet through My Travel Access, disconnected and then scanned again. On that scan the 6 entries were back. I did not use the browser, but just connected to the internet to see if by chance the entries would show up after using My Travel Access.

At first glaece it would seem that the "malware" is connected with My

Travel Access as a search bar to find the local numbers or something.

Any thoughts?

Regards,

Jerry

Jerry - we will test out the My Travel Access and see what we find.

Share this post


Link to post
Share on other sites

Nick,

Thanks. I scanned at startup and all was clean, then I initiated My Travel Access (MTA) and the traces showed up. I removed them and rebooted. The next scan was clean, then I again opened MTA and the traces appeared. Nothing else was opened except the auto updates of anti-malware.

After opening MTA and scanning again I removed the traces, and another scan with MTA open showed nothing. Maybe it is something that MTA does when it starts and identifies the customer and is not needed again for that session.

Anyway, I think it is sure that MTA is the culprit for good or bad.

Thanks for the help.

Regards,

Jerry

Share this post


Link to post
Share on other sites

Hi Nick,

I assume that you were unable to find out much about MTA and the "malware." It is not a problem, as I am sure that MTA is the culprit, and am reasonably sure that it is harmless.

It is only found by a-squared, and deleted easily. It appears the next time I use MTA. Since I have returned home and using my regular ISP there have been no instances of it.

Just wanted to put this to bed, and I am satisfied with my conclusion, and that it is harmless.

Regards,

Jerry

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×