HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\user-agent: mozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1; http: // bsalsa.com ) (Trojan.Banker) → Quarantined and deleted successfully.
Was the detection correct?
avast does not alert anything about the program which added or changed that registry key.
DavidR
June 9, 2009, 11:26pm
2
No alert on mine, but I don’t have that Data value in the Post Platform key, mine is the default value, see image.
What did you change ?
Seems like you are changing the user agent, perhaps for that site ???
e.g. do you know the site ?
system
June 10, 2009, 4:14am
3
You should post that log on malwarebytes forum… i would zip and attach a copy of the registry key.
avast forum is better. :
It was deleted already. ;D
system
June 10, 2009, 4:29am
5
Haha, i just noticed that like a few seconds after i reply. On the other hand, you can always restore it.
I’ve restored the registry key, updated MBAM and the detection is there yet.
If it is a false positive, it’s not corrected yet.
DavidR
June 10, 2009, 5:47pm
7
If you haven’t reported it at the MBAM forums then you should as that is the only way to have it checked out. There is Report False Positive button in the More Tools tab.
There is a specific forum for reporting FPs (http://www.malwarebytes.org/forums/index.php ). So a visit there to see if anyone else is reporting this and it also shows how to do a run with switches to gather more detailed information before posting (http://www.malwarebytes.org/forums/index.php?showtopic=3228 )