Attempted Registery Change
Hi:
Is there a way to determine the source of an attempted registery change?
I blocked this attempt because I was not doing any program changes or updates at the time that it occured.
2/17/2006 9:00:11 AM Denied value "{EFA24E62-B078-11D0-89E4-00C04FC9E26E}" (new data: "") added in User-specific browser toolbar!
My browsers are I.E. and Firefox.
Thanks
Frank C
You can not tell specifically what "the source of an attempted registry change" is but from the message you can derive what the change is.
According to this message a toolbar (GUID "{EFA24E62-B078-11D0-89E4-00C04FC9E26E}") was being removed (new data: "") and the change was denied:
- 2/17/2006 9:00:11 AM Denied value "{EFA24E62-B078-11D0-89E4-00C04FC9E26E}" (new data: "") added in User-specific browser toolbar!
According to Castlecops that is a legitimate Toolbar:
- http://castlecops.com/clsid-943.html
- BHO/CLSID/Toolbar: Deep Dive
GUID: {EFA24E62-B078-11d0-89E4-00C04FC9E26E}
Filename: IE History Band
Getting an answer is one thing, learning is another.
Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.
Deep Dive
Thanks for the reply:
According to f-secure
Deep Dive is Malware
http://www.f-secure.com/sw-desc/toolbar_deep_dive.shtml
Frank C also from MD
Hello Frank C.
Could we see a log please.
- Open SpyBot, check for and get any updates available.
- Close all browsers, check for problems and fix everything found in red
- Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except
- Uncheck[ ] do not report disabled or known legitimate Items.
- uncheck[ ] Include a list of services in report.
- Uncheck[ ] Include uninstall list in report.
- Now select (near the top) view report.
- Press export in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report.
Microsoft MVP Reconnect 2018-
Windows Insider MVP 2016-2018
Microsoft Consumer Security MVP 2006-2016
As Instructed
Hi Tashi:
Updated detection rules and English help
Scan - No immediate threats were found.
Log as specified exceeded limits
SpybotSD.Report.txt:
Your file of 122.7 KB bytes exceeds the forum's limit of 39.1 KB for this filetype.
Can I cut it down ? How?
Frank
Frank C:
Did you?This greatly reduces the size to the report.Originally Posted by tashi
If the report is still too large, copy and paste it to a new post (or multiple posts if required).
Getting an answer is one thing, learning is another.
Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.
Contrite
Sorry:
I did not correctly uncheck items as specified.
Frank
Hi there.
I will ask Lonny to check the log as well.
Please see:
Have you updated Windows? Security Programs? Links and Tips.
Post #4
Sun Microsystems
Cheers.
Microsoft MVP Reconnect 2018-
Windows Insider MVP 2016-2018
Microsoft Consumer Security MVP 2006-2016
That report looks fine to me Frank C
Do let us know if there are any other odd problems or symtoms though
Bottom Line
Hi:
Yes, My windows XP is at SP2
All Security hot fixes through Februrary are current.
Bottom line; Is Deep dive maleware?
Thanks Frank
Posting Permissions
Reply With Quote