PDA

View Full Version : False Positive?



blackshadow
2007-07-18, 23:39
I just updated today, and scanned with spybot, and I recieved a positive for something called funwebproducts. I did a little searching and found that it was those smilies and stuff. However, I have never downloaded anything like that, and my computer has none of the symptoms. I scanned with spysweeper, avg, and ad-aware, and found nothing, so I'm thinking it was a false positive?

tashi
2007-07-18, 23:44
Hello.

Please produce a short log (showing items flagged)


Open SpyBot.
Check for problems.
When finished, right click and choose copy results (not the full report) to clipboard and post that into topic.


Cheers.

blackshadow
2007-07-19, 00:00
I had forgotten, it also found results for some other things that didn't turn up in the other scans. Anyway, here's the results:

MyWay.MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906}

MyWay.MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{3E720453-B472-4954-B7AA-33069EB53906}

MyWay.MyWebSearch: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearch.HTMLPanel

MyWay.MyWebSearch: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearch.HTMLPanel.1

MyWay.MyWebSearch: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}

MyWay.MyWebSearch: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}

MyWay.MyWebSearch: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}

MyWay.MyWebSearch: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearch.PseudoTransparentPlugin

MyWay.MyWebSearch: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearch.PseudoTransparentPlugin.1

MyWay.MyWebSearch: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}

MyWay.MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}

MyWay.MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}

MyWay.MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}

MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}

MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1434245073-536081527-3329586629-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

MyWay.MyWebSearch: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

MyWay.MyWebSearch: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}

MyWay.MyWebSearch: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearchToolBar.ToolbarPlugin

MyWay.MyWebSearch: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearchToolBar.ToolbarPlugin.1

MyWay.MyWebSearch: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}

MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

FunWebProducts: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A}

FunWebProducts: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.DataControl

FunWebProducts: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.DataControl.1

FunWebProducts: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}

FunWebProducts: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}

FunWebProducts: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{1F52A5FA-A705-4415-B975-88503B291728}

FunWebProducts: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}

FunWebProducts: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{2EFF3CF7-99C1-4c29-BC2B-68E057E22340}

FunWebProducts: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.ShellViewControl

FunWebProducts: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.ShellViewControl.1

FunWebProducts: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2EFF3CF7-99C1-4c29-BC2B-68E057E22340}

FunWebProducts: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{2763E333-B168-41A0-A112-D35F96F410C0}

FunWebProducts: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{621FEACD-8857-43A6-AE26-451D670D5370}

FunWebProducts: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}

FunWebProducts: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}

FunWebProducts: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}

FunWebProducts: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}

FunWebProducts: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}

FunWebProducts: Executable (File, nothing done)
C:\WINDOWS\system32\f3PSSavr.scr

Microsoft.Windows.IEFirewallBypass: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Internet Explorer\IEXPLORE.EXE

Microsoft.Windows.IEFirewallBypass: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Internet Explorer\IEXPLORE.EXE

Win32.Small.ddx: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


Win32.Small.ddx: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-11-03 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-07-18 Includes\Cookies.sbi (*)
2007-05-30 Includes\Dialer.sbi (*)
2007-07-18 Includes\DialerC.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-07-18 Includes\HijackersC.sbi (*)
2007-07-11 Includes\Keyloggers.sbi (*)
2007-07-18 Includes\KeyloggersC.sbi (*)
2007-07-18 Includes\Malware.sbi (*)
2007-07-18 Includes\MalwareC.sbi (*)
2007-07-11 Includes\PUPS.sbi (*)
2007-07-18 Includes\PUPSC.sbi (*)
2007-07-18 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-07-18 Includes\SecurityC.sbi (*)
2007-07-11 Includes\Spybots.sbi (*)
2007-07-18 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-07-18 Includes\Trojans.sbi (*)
2007-07-18 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll

tashi
2007-07-19, 00:39
Hello.

Looks like Spybot-S&D has discovered FunWeb on your computer. I can ask a detective to double check later.

http://www.siteadvisor.com/sites/funwebproducts.com/downloads/3287658/

blackshadow
2007-07-19, 00:42
...I know that spybot detected it. My thing was that none of the other scans detect it. I'm asking why, basically.

Yodama
2007-07-19, 10:29
hi,
it is not a false positive, FunwebProducts and MyWay.WebSearch are related and are categorized as PUPS (possibly unpopular software).
The usually lure with smilies , screensavers and other stuff and install toolbars for the internet browser and email client without properly stating this. Additionally the way these toolbars work show that the installation of the software can be identified by a unique id.
If you do not know how this got on your computer you should remove it.

Other scanners may have excluded this from their detection because FunwebProducts/MyWay.WebSearch may be installed intentionally by some users.

blackshadow
2007-07-19, 17:39
I don't think that other scanners would omit mywebsearch. I've had the toolbar before and used another scanner to get rid of it. I don't think scanners like ad-aware and spysweeper would omit funwebproducts, seeing as they are both highly touted spyware scanners as well. People install spyware without knowing it all the time, I'm sure the creators of those products don't hold it against them and not tell them.

I also show none of the symptoms of either product (no web bar, no popups, changed icons, hijacked browser, etc.), so I'm thinking that there is something else going on.