MBAM removed BHO bfast adware! Most likely FP!

Hi malware fighters,

Because of opening a link to IE through SiteDigger 2.0 I found the following adware registry keys, which I could remove:

Registry keys infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bfast.com (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\commission-junction.com (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.com (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.net (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\linksynergy.com (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\qksrv.net (Adware.BHO) -> No action taken. 

Is everything clean now, or are there other things to verify?
In toolbarcop I see nothing out of the ordinairy, in SpywareBlaster IE had 6 items partially disabled,
I restored the protection.

polonus

Adware isn’t usually self-replicating, the worst it could do is display a rogue application pop-up(Finally fast for an example) But yes you could look for more using various scanners.

Hi John2009,

But a strange thing here is, when I upon detection remove with MBAM these registry entries, SpywareBlaster is partially disabled where IE settings are involved, and when I restore all protection for SpywareBlaster MBAM strats to find the 6 BHO registry issues again. What is going on? SAS does not find anything, nor does a-squared,

polonus

Methinks MBAM is targeting the kill bit used by spywareblaster. So everytime you re-enable with spywareblaster MBAM kills it. If you could give me a reg export for those specific clsid’s I will pass it on

Hi essexboy,

I am on the same line of thinking, and this will be an issue for Miekiemoes to delve into, she is now assigned with MBAM, by the way thanks for the assist,

Damian

I just saw this same information posted by a few posters at malwarebytes forum in the area marked false positives. The problem has been corrected. You only need to update malwarebytes and rescan your pc.

Hi news,

Thank you very much for the heads up on this, issue settled then, very alert of you to inform us,

pol

Interesting I run weekly scans with MBAM and have SAS Pro also installed and i didn’t get any alerts like this (of course I don’t use IE and hadn’t visited that site with IE).

These false positive were corrected late last night. From my understanding, Mbam had problems with reading the dword correctly here and should only flag these if they were set to dword 1. ( Dword 1 means allowing the cookies ). Also, there is no harm in deleting those entrys ;D

False positives… not a software is perfect and, from time to time, we need to recognize that MBAM does s*it ;D