PartnerHBO false positive?? running windows 7 home premium

[jdh86]

Hi all I have recentyl pruchased a brand new ACER with Windows 7 Home premium. Did my usual of installing Avast home edition, spybot, and malwarebytes, as well as having Mcafee security centre pre-installed. I have turnt off the Mcafee anti-virus as I prefer Avast. But when I ran spy bot last night I was getting warning of Trojan PartnerBHO. 16 entries. But upon doing some research it may be a false positive as nothing else is picking it up i.e. AVAST, malwarebytes and Mcafee. The log follows from spybot. I cant see how I could have been infected so quickly nor see how it happened as I am usually so careful.


--- Search result list ---
PartnerBHO: [SBI $2FE4A5BE] Application ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}
PartnerBHO: [SBI $2FE4A5BE] Application ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}
PartnerBHO: [SBI $BE743C00] Application ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\kt_bho_dll.dll
PartnerBHO: [SBI $BE743C00] Application ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\kt_bho_dll.dll
PartnerBHO: [SBI $F3EE08ED] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
PartnerBHO: [SBI $F3EE08ED] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
PartnerBHO: [SBI $14904C60] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\kt_bho.KettleBho
PartnerBHO: [SBI $14904C60] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\kt_bho.KettleBho.1
PartnerBHO: [SBI $14904C60] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
PartnerBHO: [SBI $14904C60] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
PartnerBHO: [SBI $14904C60] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\kt_bho.KettleBho.1
PartnerBHO: [SBI $14904C60] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
PartnerBHO: [SBI $14904C60] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
PartnerBHO: [SBI $14904C60] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\kt_bho.KettleBho
PartnerBHO: [SBI $6B47FF4E] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
PartnerBHO: [SBI $6B47FF4E] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}


as some forums are reporting this is a false positive I have not acted on them. But I have to open as administrator to be able to do anything in spybot...

thanks in advance

[MisterW]

Hello,
I don't think that this is a false positive as the google results of the ID show that other security tools detect it as well as Spybot does. So I am quite sure that it is a real infection.
To make absolutely sure it would be helpful if you could send us a bug report to detections@spybot.info .In order to do so, please run Spybot - Search & Destroy and switch to Advanced Mode via the menu item Mode, let it scan, try to fix the problems (!) and then go to "Tools" --> "View Report". Tick all the 10 checkboxes (leave "Do not report disabled or known legitimate items" unchecked) you can find there and click on "View Report". Now choose "Export" and save the file to your desktop. Please attach this file to your email and send it again to detections@spybot.info.

Although nothing is present after a scan we will be able to locate the threat in your bug report.

Best regards,
Markus

[jdh86]

Hello,
I don't think that this is a false positive as the google results of the ID show that other security tools detect it as well as Spybot does. So I am quite sure that it is a real infection.
To make absolutely sure it would be helpful if you could send us a bug report to detections@spybot.info .In order to do so, please run Spybot - Search & Destroy and switch to Advanced Mode via the menu item Mode, let it scan, try to fix the problems (!) and then go to "Tools" --> "View Report". Tick all the 10 checkboxes (leave "Do not report disabled or known legitimate items" unchecked) you can find there and click on "View Report". Now choose "Export" and save the file to your desktop. Please attach this file to your email and send it again to detections@spybot.info.

Although nothing is present after a scan we will be able to locate the threat in your bug report.

Best regards,
Markus

Hi thanks for the update, I am worried about deleting or removing incorrect files...as windows 7 is new and 64bit I wasnt sure if this is the reason its coming up. Malwarebytes and AVAST dont seem to detect it which is why im confused..I wont be able to send you a full log for about 8 hours or so untill I return home hope that is ok

[jdh86]

http://translate.googleusercontent.c...jfxOyvxUiAjx1Q

thats what put me off editing or removing anything yet

[jdh86]

i have submitted the report now

[Yodama]

Thank you for submitting the requested information.
We received your email on 2009-11-13.
It appears that the PartnerBHO belongs to a parter program by Google.
There is very little information about what this is actually good for but there is indication that it is related to custom software using services provided by Google.

We will treat this as a false positive and remove it from detection with the next update scheduled for Wednesday 2009-11-18.