Fixed: Babylon.Toolbar and Claro.Toolbar false positives

A

AndreH

New member
Currently using Win XP sp3 fully patched
* ZoneAlarm Extreme Security version: 10.2.078.000 (latest).
* SpyBot 1.6.2.46 with latest rules

The scan results include the following:

Babylon.Toolbar: [SBI $C5E991BF] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Point to ===> C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll

Babylon.Toolbar: [SBI $7C893BE9] Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Point to ===> C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmApp.dll

Babylon.Toolbar: [SBI $07586C96] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane

Babylon.Toolbar: [SBI $07586C96] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane.1

Babylon.Toolbar: [SBI $07586C96] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DBF5819-8634-464E-92F4-1F29C1EFF773}

Point to ===> C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll

Claro.Toolbar: [SBI $3BB2FCFF] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\c

Claro.Toolbar: [SBI $3BB2FCFF] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}

Point to ===> C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmEng.dll

I think these dll's are all false positives. I have checked the files with www.virustotal.com and malwarebytes. All give a negative result.

Cheers Andre
 
Thank you for reporting this issue,
these appear to be generic toolbar parts that also get installed when the Zonealarm toolbar get installed.
This will be fixed with the next detection update scheduled for Wednesday 2012-10-17.
 
You must log in or register to reply here.
Back
Top