Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: false positive: Ant toolbar - malware or not?

  1. #1
    Member
    Join Date
    Nov 2005
    Posts
    39

    Default false positive: Ant toolbar - malware or not?

    http://forums.spybot.info/showthread.php?t=46531

    After all that, I'm hearing back that the Ant toolbar is not malware of any type.

    Could someone from here please install and check it and see?

    Because if it's not, then the problem I had with SBS&D self-aborting its' run was caused by something else entirely.

    Not in a hurry here or anything, I'd just like to clear this up. Thank you. Pete

  2. #2
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    hello Pete,

    I have taken a look at the current version of Antbar for the IE.
    There is not indication of malicious behavior, it also does not interfere with the Spybot S&D scan.

    But please note that the current Antbar uses a program file folder different from the one detected by MBAM on your computer.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  3. #3
    Member
    Join Date
    Nov 2005
    Posts
    39

    Default

    Thank you, Yodama - I appreciate your taking the time. I have sent an error report to Malwarebytes with the info they requested for that and TrojanHunter has already corrected their defs. Pete

  4. #4
    Junior Member
    Join Date
    Oct 2009
    Posts
    1

    Smile not a threat

    I have been using the toolbar like months now and I have no problems with it. You can try it in firefox if you have problems in Internet Explorer.

  5. #5
    Member
    Join Date
    Nov 2005
    Posts
    39

    Default

    I've been getting the following results on SBS&D for awhile now, but haven't had the time to post them until now:

    "--- Search result list ---
    MyFreezeToolbar: [SBI $2B077DBF] Browser helper object (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

    MyFreezeToolbar: [SBI $4037D96B] Class ID (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

    Softomate.BullseyeToolBar: [SBI $4EC7D8F9] Class ID (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0}

    If this is not due to the Ant toolbar, I'd appreciate knowing it. If it is from the Ant toolbar, I'll just keep un-checking it when I run SBS&D like I have been.

    Thank you. Pete

  6. #6
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Hello,

    thank you providing these information.
    These 2 results are not related to the Ant Toolbar, since one of the entries refers to a Browser Helper Object you can look it up within your Internet Explorer or within Spybot S&D for more details:
    • start Spybot S&D and switch to advanced mode
    • navigate to tools - BHO
    • click on the CLSID to have the right pane expand and show more information

    Quote Originally Posted by spy1 View Post
    "--- Search result list ---
    MyFreezeToolbar: [SBI $2B077DBF] Browser helper object (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

    MyFreezeToolbar: [SBI $4037D96B] Class ID (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
    This entry however is also shared by the Ant Toolbar and is thus considered a false positive. We will change our detection on this item with our next detection update.
    Quote Originally Posted by spy1 View Post
    Softomate.BullseyeToolBar: [SBI $4EC7D8F9] Class ID (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0}
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  7. #7
    Member
    Join Date
    Nov 2005
    Posts
    39

    Default

    Yodama - Thank you for your response.

    Here's a c&p of the "BHO" results:


    {DA3D342F-FF20-4E31-9E82-22334155730C} (TBSB00982)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: TBSB00982
    CLSID name: TBSB00982 Class
    Path: C:\Program Files\Antbar\Ant.com Toolbar\
    Long name: tbcore3.dll
    Short name:
    Date (created): 7/3/2009 11:59:28 AM
    Date (last access): 2/25/2010 9:13:30 AM
    Date (last write): 6/2/2009 3:51:20 PM
    Filesize: 2695168
    Attributes: archive
    MD5: 0696ED69F157EFFD7EEC48AA52059F03
    CRC32: 75A3B4BD
    Version: 4.1.0.67

    {FCBCCB87-9224-4B8D-B117-F56D924BEB18} (TBSB00982)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: TBSB00982
    CLSID name: TBSB00982 Class
    Path: C:\Program Files\Antbar\Ant.com Toolbar\
    Long name: tbcore3.dll
    Short name:
    Date (created): 7/3/2009 11:59:28 AM
    Date (last access): 2/25/2010 9:13:30 AM
    Date (last write): 6/2/2009 3:51:20 PM
    Filesize: 2695168
    Attributes: archive
    MD5: 0696ED69F157EFFD7EEC48AA52059F03
    CRC32: 75A3B4BD
    Version: 4.1.0.67

    Does that not mean that they're related to the Ant toolbar also? Not questioning your judgement, just don't understand. It's the second one listed and the " {FCBCCB87-9224-4B8D-B117-F56D924BEB18} (TBSB00982) " shows up there as related to Ant. Pete
    Last edited by spy1; 2010-02-25 at 17:22.

  8. #8
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    hello,

    looks like it is related to Ant Toolbar after all. Since the file dates are early 2009 and I tested with a current version of Ant Toolbar it is safe to assue that these entries are no longer used by Ant Toolbar.
    But they are considered false positives as well and will also be changed in our detection to avoid detection of older versions of Ant Toolbar.

    Thank you for your information.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  9. #9
    Member
    Join Date
    Nov 2005
    Posts
    39

    Default

    You're quite welcome - and thank you for being interested enough to stick with it and clear that up. I appreciate it. Pete

  10. #10
    Member
    Join Date
    Nov 2005
    Posts
    39

    Default

    Due to the latest "update" of the ant toolbar, I've decided to un-install it for good.

    It immediately turned into "annoyance-ware" because it wouldn't accept the fact that I did not want to update it. It continually would pop up the message about the update, freezing IE until it was cleared (this happened every single time the browser was opened).

    I also took the time to read the new T.O.S. - and it's horrible. The information gathered and distributed to everyone on earth is totally un-acceptable - I've quit websites for less.

    In one single leap, it went from being a very useful addition for gathering YouTube and news website film clips to whatever it's become now.

    Might want to put it back on the list, or at least perhaps make up a little "scrubber" program for it for what I am sure will be the legions of people who will now un-install it and want to make sure they get rid of it all, once they find out about it.

    I notice they brag on their site that SBS&D has/had guaranteed it was spyware-free - may want to re-think/rebut that. Later. Pete

    *This is the message I just sent them: "

    Un-installed your toolbar tonight due to the new "annoyance-ware" feature of the update itself - as well as the T.O.S for use and the so-called "Privacy" claims.

    I also posted this problem to the SBS&D forum (where I HAD been one of your staunchest supporters) and let everyone know just what a P.O.S. you've turned into.

    http://forums.spybot.info/showthread...348#post366348

    Have a great weekend."
    Last edited by spy1; 2010-04-04 at 06:04.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •