Fixed: false positive: Ant toolbar - malware or not?

[spy1]

http://forums.spybot.info/showthread.php?t=46531

After all that, I'm hearing back that the Ant toolbar is not malware of any type.

Could someone from here please install and check it and see?

Because if it's not, then the problem I had with SBS&D self-aborting its' run was caused by something else entirely.

Not in a hurry here or anything, I'd just like to clear this up. Thank you. Pete

 

[Yodama]

hello Pete,

I have taken a look at the current version of Antbar for the IE.
There is not indication of malicious behavior, it also does not interfere with the Spybot S&D scan.

But please note that the current Antbar uses a program file folder different from the one detected by MBAM on your computer.

 

[spy1]

Thank you, Yodama - I appreciate your taking the time. I have sent an error report to Malwarebytes with the info they requested for that and TrojanHunter has already corrected their defs. Pete

 

[buenz]

not a threat

I have been using the toolbar like months now and I have no problems with it. You can try it in firefox if you have problems in Internet Explorer.

 

[spy1]

I've been getting the following results on SBS&D for awhile now, but haven't had the time to post them until now:

"--- Search result list ---
MyFreezeToolbar: [SBI $2B077DBF] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

MyFreezeToolbar: [SBI $4037D96B] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Softomate.BullseyeToolBar: [SBI $4EC7D8F9] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0}

If this is not due to the Ant toolbar, I'd appreciate knowing it. If it is from the Ant toolbar, I'll just keep un-checking it when I run SBS&D like I have been.

Thank you. Pete

 

[Yodama]

Hello,

thank you providing these information.
These 2 results are not related to the Ant Toolbar, since one of the entries refers to a Browser Helper Object you can look it up within your Internet Explorer or within Spybot S&D for more details:

• start Spybot S&D and switch to advanced mode
• navigate to tools - BHO
• click on the CLSID to have the right pane expand and show more information

"--- Search result list ---
MyFreezeToolbar: [SBI $2B077DBF] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

MyFreezeToolbar: [SBI $4037D96B] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

This entry however is also shared by the Ant Toolbar and is thus considered a false positive. We will change our detection on this item with our next detection update.

Softomate.BullseyeToolBar: [SBI $4EC7D8F9] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0}

 

[spy1]

Yodama - Thank you for your response.

Here's a c&p of the "BHO" results:


{DA3D342F-FF20-4E31-9E82-22334155730C} (TBSB00982)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: TBSB00982
CLSID name: TBSB00982 Class
Path: C:\Program Files\Antbar\Ant.com Toolbar\
Long name: tbcore3.dll
Short name:
Date (created): 7/3/2009 11:59:28 AM
Date (last access): 2/25/2010 9:13:30 AM
Date (last write): 6/2/2009 3:51:20 PM
Filesize: 2695168
Attributes: archive
MD5: 0696ED69F157EFFD7EEC48AA52059F03
CRC32: 75A3B4BD
Version: 4.1.0.67

{FCBCCB87-9224-4B8D-B117-F56D924BEB18} (TBSB00982)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: TBSB00982
CLSID name: TBSB00982 Class
Path: C:\Program Files\Antbar\Ant.com Toolbar\
Long name: tbcore3.dll
Short name:
Date (created): 7/3/2009 11:59:28 AM
Date (last access): 2/25/2010 9:13:30 AM
Date (last write): 6/2/2009 3:51:20 PM
Filesize: 2695168
Attributes: archive
MD5: 0696ED69F157EFFD7EEC48AA52059F03
CRC32: 75A3B4BD
Version: 4.1.0.67

Does that not mean that they're related to the Ant toolbar also? Not questioning your judgement, just don't understand. It's the second one listed and the " {FCBCCB87-9224-4B8D-B117-F56D924BEB18} (TBSB00982) " shows up there as related to Ant. Pete

 

[Yodama]

hello,

looks like it is related to Ant Toolbar after all. Since the file dates are early 2009 and I tested with a current version of Ant Toolbar it is safe to assue that these entries are no longer used by Ant Toolbar.
But they are considered false positives as well and will also be changed in our detection to avoid detection of older versions of Ant Toolbar.

Thank you for your information.

 

[spy1]

You're quite welcome - and thank you for being interested enough to stick with it and clear that up. I appreciate it. Pete

 

[spy1]

Due to the latest "update" of the ant toolbar, I've decided to un-install it for good.

It immediately turned into "annoyance-ware" because it wouldn't accept the fact that I did not want to update it. It continually would pop up the message about the update, freezing IE until it was cleared (this happened every single time the browser was opened).

I also took the time to read the new T.O.S. - and it's horrible. The information gathered and distributed to everyone on earth is totally un-acceptable - I've quit websites for less.

In one single leap, it went from being a very useful addition for gathering YouTube and news website film clips to whatever it's become now.

Might want to put it back on the list, or at least perhaps make up a little "scrubber" program for it for what I am sure will be the legions of people who will now un-install it and want to make sure they get rid of it all, once they find out about it.

I notice they brag on their site that SBS&D has/had guaranteed it was spyware-free - may want to re-think/rebut that. Later. Pete

*This is the message I just sent them: "

Un-installed your toolbar tonight due to the new "annoyance-ware" feature of the update itself - as well as the T.O.S for use and the so-called "Privacy" claims.

I also posted this problem to the SBS&D forum (where I HAD been one of your staunchest supporters) and let everyone know just what a P.O.S. you've turned into.

http://forums.spybot.info/showthread.php?p=366348#post366348

Have a great weekend."

 

[Yodama]

thanks for the update on Ant Toolbar, we will check it out.

 

[MatRx]

Thanks

Spy1 and Yodama,

I was considering the Ant Toolbar and did a quick search and happened upon this thread. I am now going to hold off on this download, based on the investigations you guys have conducted in both this and the thread linked in a previous post.

I registered just to say thanks. No other site provided this information with data to back it up, only opinions. In my opinion, if Ant Toolbar were a legitimate open-source, free and useful product, the people behind the business would at least register and respond here given that this post shows up on the first page on most variants of a Google search of the term "Ant Toolbar". At any rate, your effort is appreciated. Thanks again.:thanks: