Solve : Virus from program or outside source??

1.	Solve : Virus from program or outside source??
Answer» I have uninstalled Acentive's Internet Optimizer(Active Speed) recently and ran Malwarebytes anti-malware, the scan came up with some pretty interesting results this is from the log: Quote Malwarebytes' Anti-Malware 1.30 Database VERSION: 1316 Windows 5.0.2195 Service Pack 4 12/16/2008 6:54:36 PM 12 - 16 - 2008 Scan type: Quick Scan Objects scanned: 57943 Time elapsed: 9 minute(s), 11 SECOND(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 1 Registry Data ITEMS Infected: 0 Folders Infected: 2 FILES Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\TypeLib\{c24d7016-d00f-41ef-9781-984b6b5ff38f} (Rogue.AscentivePerformance) -> No action taken. HKEY_CLASSES_ROOT\Interface\{ec88fcd0-2ed5-4d65-9b4c-71d146b43a2e} (Rogue.AscentivePerformance) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{e532cfb1-5edd-4663-8c22-bcd67b5e5bd4} (Rogue.AscentivePerformance) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINNT\system32\ConTest.dll (Rogue.AscentivePerformance) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\Ascentive (Rogue.Multiple) -> No action taken. C:\Program Files\Ascentive\ActiveSpeed (Rogue.Multiple) -> No action taken. Files Infected: C:\WINNT\system32\ConTest.dll (Rogue.AscentivePerformance) -> No action taken. C:\Program Files\Ascentive\ActiveSpeed\AS.exe (Rogue.Multiple) -> No action taken. C:\Program Files\Ascentive\ActiveSpeed\ASRes.dll (Rogue.Multiple) -> No action taken. As you can see at the bottom, there's three files infected all either in Ascentive's folder or the dll in the system32 folder. Could this be from Ascentive's ActiveSpeed or from an outside source?This is considered a rogue program that is often used to scam people. MBAM flagged the files as malicious because although they don't necessarily harm your computer, they are part of a program with malicious intent.so Acsentive's Active Speed is actually harming and not helping like it says?Use Site Advisor. It won't protect your computer but will help you in knowing what the web site you are visiting is really all about. http://www.siteadvisor.com/ ascentive.com Site Advisor Review. Quote Well-respected security researchers have analyzed the software available from this site and found that it offers little or no security protection and may use deceptive sales tactics. http://www.spywarewarrior.com/rogue_anti-spyware.htm thanks Evil, CB. It was kinda fishy, ActiveSpeed and i'm glad i didnt pay for them to just screw up my system. And also thanks for the link for SiteAdvisor. INSTALLED it and works great Unfortunately, there are many programs like this that exist only to scam people out of money. Thankfully, you managed to not get caught up in it!

Answer»

I have uninstalled Acentive's Internet Optimizer(Active Speed) recently and ran Malwarebytes anti-malware, the scan came up with some pretty interesting results
this is from the log:

Quote

Malwarebytes' Anti-Malware 1.30
Database VERSION: 1316
Windows 5.0.2195 Service Pack 4

12/16/2008 6:54:36 PM
12 - 16 - 2008

Scan type: Quick Scan
Objects scanned: 57943
Time elapsed: 9 minute(s), 11 SECOND(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data ITEMS Infected: 0
Folders Infected: 2
FILES Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{c24d7016-d00f-41ef-9781-984b6b5ff38f} (Rogue.AscentivePerformance) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ec88fcd0-2ed5-4d65-9b4c-71d146b43a2e} (Rogue.AscentivePerformance) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e532cfb1-5edd-4663-8c22-bcd67b5e5bd4} (Rogue.AscentivePerformance) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINNT\system32\ConTest.dll (Rogue.AscentivePerformance) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Ascentive (Rogue.Multiple) -> No action taken.
C:\Program Files\Ascentive\ActiveSpeed (Rogue.Multiple) -> No action taken.

Files Infected:
C:\WINNT\system32\ConTest.dll (Rogue.AscentivePerformance) -> No action taken.
C:\Program Files\Ascentive\ActiveSpeed\AS.exe (Rogue.Multiple) -> No action taken.
C:\Program Files\Ascentive\ActiveSpeed\ASRes.dll (Rogue.Multiple) -> No action taken.

As you can see at the bottom, there's three files infected all either in Ascentive's folder or the dll in the system32 folder.

Could this be from Ascentive's ActiveSpeed or from an outside source?This is considered a rogue program that is often used to scam people. MBAM flagged the files as malicious because although they don't necessarily harm your computer, they are part of a program with malicious intent.so Acsentive's Active Speed is actually harming and not helping like it says?Use Site Advisor. It won't protect your computer but will help you in knowing what the web site you are visiting is really all about. http://www.siteadvisor.com/

ascentive.com Site Advisor Review.
Quote

Well-respected security researchers have analyzed the software available from this site and found that it offers little or no security protection and may use deceptive sales tactics. http://www.spywarewarrior.com/rogue_anti-spyware.htm

thanks Evil, CB.

It was kinda fishy, ActiveSpeed and i'm glad i didnt pay for them to just screw up my system.

And also thanks for the link for SiteAdvisor. INSTALLED it and works great
Unfortunately, there are many programs like this that exist only to scam people out of money. Thankfully, you managed to not get caught up in it!

Solve : Virus from program or outside source??

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment