Jump to content
brenthard

Persistent positives

Recommended Posts

I keep getting some positives that reappear even though I try to caranteen them. The positives are

Adware.HBHelper (6 items)

and

Browser Hijacker.Deskbar (5 items)

both among the Registry Keys.

Are these dangerous, and what should I do?

Share this post


Link to post
Share on other sites

I keep getting some positives that reappear even though I try to caranteen them. The positives are

Adware.HBHelper (6 items)

and

Browser Hijacker.Deskbar (5 items)

both among the Registry Keys.

Are these dangerous, and what should I do?

Please post a copy of the SAS scan log where these are detected. Also what version of SAS are you using?

Also, boot your computer into SAFE MODE and run a complete SAS scan, quarantine the items, then reboot. Run another scan and see if the infections are still present.

Share this post


Link to post
Share on other sites

Please post a copy of the SAS scan log where these are detected. Also what version of SAS are you using?

Also, boot your computer into SAFE MODE and run a complete SAS scan, quarantine the items, then reboot. Run another scan and see if the infections are still present.

I am running SAS Free Edition. Here is the log:

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 04/18/2010 at 09:09 AM

Application Version : 4.34.1000

Core Rules Database Version : 4817

Trace Rules Database Version: 2629

Scan type : Quick Scan

Total Scan Time : 00:04:57

Memory items scanned : 494

Memory threats detected : 0

Registry items scanned : 514

Registry threats detected : 11

File items scanned : 4934

File threats detected : 0

Adware.HBHelper

HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}

HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32

HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel

HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID

HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib

HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID

Browser Hijacker.Deskbar

HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid

HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32

HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib

HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

Share this post


Link to post
Share on other sites
Application Version : 4.34.1000

You are running an older version of SAS free. Please update to the latest V4.35.1002, be sure to update the definitions, and see if the new version removes them.

https://www.superantispyware.com/superantispywarefreevspro.html

- Uninstall the old version before you install the new version.

Also, what version of Windows are you running (with service pack number)?

And are you running Speedbit video downloader ?

Share this post


Link to post
Share on other sites

You are running an older version of SAS free. Please update to the latest V4.35.1002, be sure to update the definitions, and see if the new version removes them.

https://www.superantispyware.com/superantispywarefreevspro.html

- Uninstall the old version before you install the new version.

Also, what version of Windows are you running (with service pack number)?

And are you running Speedbit video downloader ?

Thank you, I will try that. I am running windows 7 Home Premium 32-bit

Share this post


Link to post
Share on other sites

Okay. If the new version of SAS cannot remove these keys, it means that the keys have permissions assigned to them that SAS cannot unlock and remove. IF, AND ONLY IF, you are familiar with how to manually modify the system registry, you can follow the procedure below to manually change permission on and remove these two registry keys. Manually create a new System Restore point prior to modifying the registry. Be sure that you are signed on under a user account that has full administrative privileges.

The procedure below will change the Permissions for the registry key named {CA3EB689-8F09-4026-AA10-B9534C691CE0} and {4897BBA6-48D9-468C-8EFA-846275D7701B} to your user account and give you full control of these keys. You should then be able to delete them.

PART 1: Remove Registry Key named HKEY_Classes_Root\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}

1. Open Regedit

2. Expand HKEY_CLASSES_ROOT by clicking on the + sign next to HKEY_CLASSES_ROOT

3. Scroll down the registry key folders until you find the folder named CLSID.

4. Expand folder CLSID by clicking on the + sign next to CLSID.

5. Scroll down the registry key folders until you find the folder named {CA3EB689-8F09-4026-AA10-B9534C691CE0}

6. Right click on the folder named {CA3EB689-8F09-4026-AA10-B9534C691CE0} and select Permissions from the menu

7. Click on Advanced

8. Select the Owner tab

9. In the "Change owner to" window, highlight the one that is your personal user account.

10. Checkmark "Replace owner on subcontainers and objects"

11. Click on Apply. Your personal user account should now be in the Current Owner box.

12. Click on OK. You should now be back to the Security tab.

13. Click on OK

14. Again, right click on the folder named {CA3EB689-8F09-4026-AA10-B9534C691CE0} and select Permissions from the menu

15. In the Group or user names: window, highlight the one that is your personal user account.

16. In the Permissions for (your user name), the Full Control and Read boxes should be checked under Allow. IF NOT, skip to step 20.

17. Click on OK to close the Permissions window.

18. Right click on the folder named {CA3EB689-8F09-4026-AA10-B9534C691CE0} and select Delete. Confirm the Delete. The folder named {CA3EB689-8F09-4026-AA10-B9534C691CE0} should disappear.

19. Close Regedit. The folder should now be gone and you are done with that deletion. REBOOT YOUR COMPUTER. The key should be gone. Skip to Part 2.

20. If your user account does not have Full Control, click on Advanced

21. In the Permissions entries window, highlight the entry with your user account name.

22. Checkmark the box "Include inheritable permissions from this object's parent."

23. Click on Edit

24. In the Permissions window, check mark all the boxes under Allow

25. Check mark the box "Apply these permissions to objects and/or containers within this container only."

26. In the Apply to: window, it should be "This key and subkeys"

27. Click on OK.

28. Click on Apply and OK.

29. Click on Apply and OK.

30. Right click on the folder named {CA3EB689-8F09-4026-AA10-B9534C691CE0} and select Delete. Confirm the Delete. the folder named {CA3EB689-8F09-4026-AA10-B9534C691CE0} should disappear.

31. Close Regedit. The folder should now be gone. REBOOT YOUR COMPUTER

PART 2: Remove Registry Key named HKEY_Classes_Root\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

1. Open Regedit

2. Expand HKEY_Classes_Root by clicking on the + sign next to HKEY_Classes_Root

3. Scroll down the registry key folders until you find the folder named Interface.

4. Expand folder Interface by clicking on the + sign next to Interface.

5. Scroll down the registry key folders until you find the folder named {4897BBA6-48D9-468C-8EFA-846275D7701B}

10. Right click on the folder named {4897BBA6-48D9-468C-8EFA-846275D7701B} and select Permissions from the menu

11. Click on Advanced

12. Select the Owner tab

13. In the "Change owner to" window, highlight the one that is your personal user account.

14. Checkmark "Replace owner on subcontainers and objects"

15. Click on Apply. Your personal user account should now be in the Current Owner box.

16. Click on OK. You should now be back to the Security tab.

17. Click on OK

18. Again, right click on the folder named {4897BBA6-48D9-468C-8EFA-846275D7701B} and select Permissions from the menu

19. In the Group or user names: window, highlight the one that is your personal user account.

20. In the Permissions for (your user name), the Full Control and Read boxes should be checked under Allow. IF NOT, skip to step 24.

21. Click on OK to close the Permissions window.

22. Right click on the folder named {4897BBA6-48D9-468C-8EFA-846275D7701B} and select Delete. Confirm the Delete. The folder named {4897BBA6-48D9-468C-8EFA-846275D7701B} should disappear.

23. Close Regedit. The folder should now be gone and you are done with that deletion. REBOOT your computer.

24. If your user account does not have Full Control, click on Advanced

25. In the Permissions entries window, highlight the entry with your user account name.

26. Checkmark the box "Include inheritable permissions from this object's parent."

27. Click on Edit

28. In the Permissions window, check mark all the boxes under Allow

29. Check mark the box "Apply these permissions to objects and/or containers within this container only."

30. In the Apply to: window, it should be "This key and subkeys"

31. Click on OK.

32. Click on Apply and OK.

33. Click on Apply and OK.

34. Right click on the folder named {4897BBA6-48D9-468C-8EFA-846275D7701B} and select Delete. Confirm the Delete. the folder named {4897BBA6-48D9-468C-8EFA-846275D7701B} should disappear.

35. Close Regedit. The folder should now be gone.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×