7201 Adware On Install ?

Page 1 of 2 12 LastLast

  1. detoxa
    Posts : 66
    W7 Build 7201 / Vista Home SP2 ( Both x86)
       New #1

    7201 Adware On Install ?


    I just did a clean install of 7201 and am going through the process of setting up my toys just the way i like them .

    Unfortunately after running a Malwarebytes scan i have found 6 reg keys infected with ad-ware , So after deleting them i ran a scan with Spy-Bot and found another item of ad-ware on my w7 partition.

    See attachments below for full details.

    Seems very odd that i should have them on my notebook as its a "clean install". I did use IE8 briefly to set it up the way i like but all my security was inplace before hand.

    Do you think these could be false positives/possible bug Ive inherited from the the shortcuts i transfered from 7137 ? Seems unlikely because i do regular scans and i always get a clean bill of health. (Hence why its so odd to me)
    Any help/suggestions much appreciated as I'm curious as to whats happened please ?

    Malwarebytes log :

    Malwarebytes' Anti-Malware 1.37
    Database version: 2227
    Windows 6.1.7201
    04/06/2009 04:34:25
    mbam-log-2009-06-04 (04-34-25).txt
    Scan type: Quick Scan
    Objects scanned: 68661
    Time elapsed: 2 minute(s), 50 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 6
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bfast.com (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\commission-junction.com (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.com (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.net (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\kqzyfj.com (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\linksynergy.com (Adware.BHO) -> Quarantined and deleted successfully.
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)
    Attached Thumbnails Attached Thumbnails 7201 Adware On Install ?-spybot-scan.jpg  
    7201 Adware On Install ? Attached Files
      My Computer
    Quote Quote

  3. Captain Zero
    Posts : 990
    Windows 7 Home Premium x64
       New #2

    That's not on the 7201 build. You got nailed running IE somehow. Confirmed using a fresh x64 build.
      My Computer
    Quote Quote

  4. detoxa
    Posts : 66
    W7 Build 7201 / Vista Home SP2 ( Both x86)
    Thread Starter
       New #3

    Wasnt suggesting its in the build , just wondering how i got 7 lots of adware setting up IE 8 ?
      My Computer
    Quote Quote

  6. Captain Zero
    Posts : 990
    Windows 7 Home Premium x64
       New #4

    IE was your first mistake. Sorry, run Firefox and use AdBlock Plus.
      My Computer
    Quote Quote

  7. detoxa
    Posts : 66
    W7 Build 7201 / Vista Home SP2 ( Both x86)
    Thread Starter
       New #5

    Thanks for the advice lol.
      My Computer
    Quote Quote

  8. aussiegreen
    Posts : 83
    windows 7 rc 64bit and vista 32bit
       New #6

    that a good idea cap zero i'll use the advice too
      My Computer
    Quote Quote

  10. Airbot
    Posts : 18,404
    Windows 7 Ultimate x64 SP1
       New #7

    Hi detoxa,



    I have these too on a clean 7201 x64 install. I confirmed my hashes. Do you perhaps have Spywareblaster installed as well? I don't think it's from setting up IE8, and there's nothing wrong with running IE . I'm thinking it might be false positives from some recent Malwarebytes updates and Spywareblaster entries. I'm running further scans with other scanners, I'll post back if I find anything more. This is the first build I've encountered this with.
      My Computer
    Quote Quote

  11. jimbo45
    Posts : 5,941
    Linux CENTOS 7 / various Windows OS'es and servers
       New #8

    Hi all
    Sorry to disappoint you -- it's not so much the browser itself as to what you run in it.

    Also NEVER EVER run those programs that offer to scan your registry or fix your drivers from a Browser.

    This is the EASIEST way ever of getting an infected system. If you must run these wretched type of programs (they are usually sneakware -- you get things like problems found but you need to "upgrade" to a PRO (i.e PAY) version to use the feature you want) run then stand alone first (i.e from an .EXE file having scanned it carefully first).

    Switch off all things like accelerators etc etc in Browsers -- ideally have as few plugins as possible -- with the speed of the Internet these days it doesn't take much longer to download a file such as a PDF / HTML or wahtever and run it in stand alone mode on your PC in a dedicated application.

    Same (or especially true) for multi media files -- run these also from within a dedicated application and not within a browser.

    Cheers
    jimbo
      My Computer
    Quote Quote

  12. Captain Zero
    Posts : 990
    Windows 7 Home Premium x64
       New #9

    These entries don't appear in my reg. But... I also haven't run IE, not once, since a clean install. My point earlier is that it doesn't appear to have come with the OS unless it's something that's installed on first-run or something that's loaded from MSN.com when it loads. No other ideas on this one.
      My Computer
    Quote Quote

  13. Generator
    Posts : 805
    XP Pro SP3 x86/Vista SP2 x64/Win7 x64 Triple-boot
       New #10

    Someone from MajorGeeks forums claims they are false-positives. Apparently if you check the reg keys and they have the data value of 5 then everythings ok.

    Block-Checker [Archive] - MajorGeeks Support Forums
      My Computer
    Quote Quote

 
Page 1 of 2 12 LastLast

  Related Discussions
Best build from 7201?
in General Discussion

I'm currently running build 7201 x64 and getting bored with it. What's the next best thing? 7232 x64? Or 7260 x86? Is 7260 worth downgrading to x86?
And then install a fresh new copy of Win 7 RC 7229 x64 as my only OS on computer How to do that i tried formatting XP it says "WINDOWS was unable to complete formatting"
Hey guys, I want to try Windows 7 7201 x64 on my laptop. I don't wanna burn a DVD but use the Virtual Clone Drive like I used on my x86 desktop. Is this possible to install a fresh copy of x64 on a new partition from within Windows Vista SP2 x86? I tried and it wouldn't let me for some reason. ...
7137 to 7201
in General Discussion

hey just a quick question is it possible to upgrade from 7137 to 7201 or do you have to clean install?
hh.exe can open drive C when trying old dos '/?' Command!... First off.. this isn't a problem for me, Not asking for help just sharing something I've found that seems strange. This is ONLY tested on build 7201 x64 because I only just found it so I cant vouche for other builds. I set...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 17:27.
Find Us