[ActiveX] Description Netster - confirmed as Malware

Modérateur: Modérateurs et Modératrices

[ActiveX] Description Netster - confirmed as Malware

Messagede jeje753 » 17 Mai 2006, 12:12

Bonjour!
Je viens de découvrir cet excélent site, et j'ai essayé de suivre quelques étapes de "La Manip d'Assiste.com"
A l'étape : "SSD_11 - Contrôle d'inocuité des ActiveX avec SpyBot Search & Destroy" le logiciel mis une croix rouge.

    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2006-03-25 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2006-02-06 advcheck.dll (1.0.2.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2006-02-20 Tools.dll (2.0.0.2)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2006-05-12 Includes\Cookies.sbi
    2006-05-12 Includes\Dialer.sbi
    2006-05-12 Includes\Hijackers.sbi
    2006-05-12 Includes\Keyloggers.sbi
    2004-11-29 Includes\LSP.sbi
    2006-05-15 Includes\Malware.sbi
    2006-05-12 Includes\PUPS.sbi
    2006-05-12 Includes\Revision.sbi
    2006-05-12 Includes\Security.sbi
    2006-05-12 Includes\Spybots.sbi
    2005-02-17 Includes\Tracks.uti
    2006-05-12 Includes\Trojans.sbi

    DirectAnimation Java Classes (DirectAnimation Java Classes)
    DPF name: DirectAnimation Java Classes
    CLSID name:
    Installer:
    Codebase: file://C:\WINDOWS\Java\classes\dajava.cab
    description:
    classification: Legitimate
    known filename: %WINDIR%\Java\classes\dajava.cab
    info link:
    info source: Patrick M. Kolla

    Microsoft XML Parser for Java (Microsoft XML Parser for Java)
    DPF name: Microsoft XML Parser for Java
    CLSID name:
    Installer:
    Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
    description:
    classification: Legitimate
    known filename: %WINDIR%\Java\classes\xmldso.cab
    info link:
    info source: Patrick M. Kolla

    {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
    DPF name:
    CLSID name: Shockwave ActiveX Control
    Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
    Codebase: http://download.macromedia.com/pub/shoc ... tor/sw.cab
    description: Macromedia ShockWave Flash Player 7
    classification: Legitimate
    known filename: SWDIR.DLL
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\System32\macromed\Shockwave 10\
    Long name: Download.dll
    Short name:
    Date (created): 02/03/2006 16:07:10
    Date (last access): 17/05/2006 10:30:06
    Date (last write): 02/03/2006 16:07:10
    Filesize: 79552
    Attributes: archive
    MD5: 5A6DF88E7C362AE834B13E49EAD0136B
    CRC32: 719C8355
    Version: 10.1.1.16

    {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object)
    DPF name:
    CLSID name: CMediaMix Object
    Installer: C:\WINDOWS\Downloaded Program Files\Medialogic.INF
    Codebase: http://musicmix.messenger.msn.com/Medialogic.CAB
    Path: C:\WINDOWS\System32\
    Long name: MediaLogic.dll
    Short name: MEDIAL~1.DLL
    Date (created): 20/12/2005 11:00:40
    Date (last access): 17/05/2006 11:10:40
    Date (last write): 20/12/2005 11:00:40
    Filesize: 253128
    Attributes: archive
    MD5: 0F768B295C27FB1BD9B3376575DD730A
    CRC32: D7266458
    Version: 1.0.1514.0

    {233C1507-6A77-46A4-9443-F871F945D258} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
    Codebase: http://download.macromedia.com/pub/shoc ... tor/sw.cab

    {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
    DPF name:
    CLSID name: Minesweeper Flags Class
    Installer:
    Codebase: http://messenger.zone.msn.com/binary/Mi ... b31267.cab
    description:
    classification: Legitimate
    known filename: minesweeper.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: minesweeper.dll
    Short name: MINESW~1.DLL
    Date (created): 29/05/2003 15:00:22
    Date (last access): 17/05/2006 11:05:34
    Date (last write): 29/05/2003 15:00:22
    Filesize: 84064
    Attributes: archive
    MD5: F951FD0EA383DF2D49CA0359E4A86968
    CRC32: 50A69718
    Version: 7.1.9502.1

    {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
    DPF name:
    CLSID name: Office Update Installation Engine
    Installer: C:\WINDOWS\Downloaded Program Files\opuc.inf
    Codebase: http://office.microsoft.com/officeupdat ... t/opuc.cab
    description:
    classification: Legitimate
    known filename: opuc.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\
    Long name: opuc.dll
    Short name:
    Date (created): 27/08/2003 05:10:30
    Date (last access): 17/05/2006 11:11:18
    Date (last write): 27/08/2003 05:10:30
    Filesize: 314368
    Attributes: archive
    MD5: 1E32EC4A8A17B19926B49EA5F6B79A76
    CRC32: E98FC293
    Version: 11.0.5626.0

    {56336BCB-3D8A-11D6-A00B-0050DA18DE71} ()
    DPF name:
    CLSID name:
    Installer:
    Codebase: http://software-dl.real.com/2821fd5ae35 ... 601_fr.cab
    description: Netster
    classification: Confirmed as malware
    known filename:
    info link:
    info source:


    {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5)
    DPF name:
    CLSID name: Housecall ActiveX 6.5
    Installer: C:\WINDOWS\Downloaded Program Files\hcImpl.inf
    Codebase: http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: Housecall_ActiveX.dll
    Short name: HOUSEC~1.DLL
    Date (created): 26/04/2006 17:51:28
    Date (last access): 17/05/2006 11:05:34
    Date (last write): 26/04/2006 17:51:28
    Filesize: 359936
    Attributes: archive
    MD5: 9E964EFD02785E75819941DD486933AB
    CRC32: FE48FA14
    Version: 6.5.2.9

    {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)
    DPF name:
    CLSID name: HouseCall Control
    Installer: C:\WINDOWS\Downloaded Program Files\xscan.inf
    Codebase: http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
    description: Trend Micro Antivirus online scanner
    classification: Legitimate
    known filename: XSCAN53.OCX
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\DOWNLO~1\
    Long name: xscan53.ocx
    Short name:
    Date (created): 02/11/2005 18:07:08
    Date (last access): 17/05/2006 10:51:02
    Date (last write): 02/11/2005 18:07:08
    Filesize: 435712
    Attributes: archive
    MD5: BEC3AAB1D47A4DC26D7A7C4C5CAE3304
    CRC32: D7C39B20
    Version: 5.70.0.1090

    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2)
    DPF name: Java Runtime Environment 1.4.2
    CLSID name: Java Plug-in 1.4.2_05
    Installer:
    Codebase: http://java.sun.com/products/plugin/aut ... s-i586.cab
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Java\j2re1.4.2_05\bin\
    Long name: NPJPI142_05.dll
    Short name: NPJPI1~1.DLL
    Date (created): 03/06/2068 22:05:12
    Date (last access): 17/05/2006 10:58:12
    Date (last write): 03/06/2004 22:05:06
    Filesize: 65650
    Attributes: archive
    MD5: 174488C8877FA852448D1937C322AABB
    CRC32: 62C2460D
    Version: 1.4.2.50

    {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)
    DPF name:
    CLSID name: MessengerStatsClient Class
    Installer:
    Codebase: http://messenger.zone.msn.com/binary/Me ... b31267.cab
    description:
    classification: Legitimate
    known filename: messengerstatsclient.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: messengerstatsclient.dll
    Short name: MESSEN~1.DLL
    Date (created): 29/05/2003 15:00:20
    Date (last access): 17/05/2006 11:05:34
    Date (last write): 29/05/2003 15:00:20
    Filesize: 160864
    Attributes: archive
    MD5: B069B555A00AA026F657AA4FD13AE154
    CRC32: 89BB01E1
    Version: 7.1.9502.1

    {9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
    DPF name:
    CLSID name:
    Installer: C:\WINDOWS\Downloaded Program Files\iuctl.inf
    Codebase: http://v4.windowsupdate.microsoft.com/C ... 2093865741
    description: Windows Update
    classification: Legitimate
    known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
    info link:
    info source: Patrick M. Kolla

    {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
    DPF name: Java Runtime Environment 1.4.2
    CLSID name: Java Plug-in 1.4.2_05
    Installer:
    Codebase: http://java.sun.com/products/plugin/aut ... s-i586.cab
    description:
    classification: Legitimate
    known filename: NPJPI142_05.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\j2re1.4.2_05\bin\
    Long name: NPJPI142_05.dll
    Short name: NPJPI1~1.DLL
    Date (created): 03/06/2068 22:05:12
    Date (last access): 17/05/2006 12:54:16
    Date (last write): 03/06/2004 22:05:06
    Filesize: 65650
    Attributes: archive
    MD5: 174488C8877FA852448D1937C322AABB
    CRC32: 62C2460D
    Version: 1.4.2.50

    {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
    DPF name:
    CLSID name: Shockwave Flash Object
    Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
    Codebase: http://download.macromedia.com/pub/shoc ... wflash.cab
    description: Macromedia Shockwave Flash Player
    classification: Legitimate
    known filename:
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\System32\Macromed\Flash\
    Long name: Flash8b.ocx
    Short name:
    Date (created): 31/03/2006 11:45:12
    Date (last access): 17/05/2006 12:09:36
    Date (last write): 31/03/2006 11:45:12
    Filesize: 1443464
    Attributes: readonly archive
    MD5: 12719EDDAAB9CAEEF28C6E58192F594B
    CRC32: 680E085C
    Version: 8.0.24.0

    {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
    DPF name:
    CLSID name: Solitaire Showdown Class
    Installer:
    Codebase: http://messenger.zone.msn.com/binary/So ... b31267.cab
    description:
    classification: Legitimate
    known filename: solitaireshowdown.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: solitaireshowdown.dll
    Short name: SOLITA~1.DLL
    Date (created): 29/05/2003 15:00:20
    Date (last access): 17/05/2006 11:05:34
    Date (last write): 29/05/2003 15:00:20
    Filesize: 86112
    Attributes: archive
    MD5: 6E0E81210B17C225AD8DBB86F0C41E32
    CRC32: 1C944476
    Version: 7.1.9502.1


Je voudrai avoir votre avis sur ce probleme.
C'est quoi exactement ce fichier ?
Faut-il que je le supprime ?
Merci d'avance
jeje753
 
Messages: 59
Inscription: 17 Mai 2006, 12:02

Messagede nickW » 17 Mai 2006, 21:01

Bonsoir,

Le CLSID (le grand numéro composé de lettres et chiffres) est en effet celui de Netser ... mais le site software-dl.real.com ne fait pas partie des "méchants".
Voir: http://castlecops.com/atxlist-8.html

Il s'agit donc peut-être d'un faux positif.

De toute façon, tu peux toujours supprimer un contrôle ActiveX: il se re-téléchargera sans problème s'il en est besoin ultérieurement.
(Attention cependant pour ceux qui ont une connexion lente, supprimer un contrôle ActiveX utile et sûr constitué d'un gros fichier ... entraînera un re-téléchargement très long inutilement!).

Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede jeje753 » 18 Mai 2006, 07:10

ah ok!
Ben je vais le supprimer au cas ou, on verra bien s'il se retéléchargera!
Merci ;)
jeje753
 
Messages: 59
Inscription: 17 Mai 2006, 12:02


Retourner vers Spybot S&D

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 2 invités

cron