Adware.BHO.Browser Protection detection - outbreak or false-positive?

I have seen today in customer's PSB quite some incidents of Adware.BHO.BrowserProtection detections. Way more than normal. (from 3 different customers).

 

Is there an outbreak on web-pages regarding this virus? or it's a false positive detection of Firefox plugin?

 

F-secure has something to comment?

 

Thank you

Costas

Answers

  • etomcatetomcat Posts: 1,310

    Hello,

     

    You should probably send an e-mail to "[email protected]" (if you do NOT have file samples) or to "[email protected]" (if you do have file samples attached).

     

    Best Regards: Tamas Feher, Hungary.

  • JagadesanJagadesan Posts: 129

    Hi Costas-Inter,

    With regards to your problem, kindly visit the link below and register as a user and submit your sample. If you don't have a sample just upload an empty file and put in your queries in the message box.

     

    https://analysis.f-secure.com/portal/login.html

     

    As per your question, below is the response from our Malware Analysts:-

     

    The detection is detecting an adware browser plugin pretending to be a legitimate plugin (most probably disguised as Babylon Toolbar or plugin signed by Bit89 Inc.). In this case, the detection is valid. In order to remove the detection, get the customer to uninstall any unknown plugins from Control Panel as well as from the browser Plugin tab itself.


    Thanks.

    Best Regards,
    Jagadesan

  • johnbjohnb Posts: 3

    Hi

    I am having problems that fsecure does not seem to be detecting. Last week it took tech support over an hour to sort out my machine. Yesterday was hijacked by snap.search, after watching victor from tech support sort the problem remotely I sorted it myself. Problem was an unknown program told me it had found the infection, I ignored it as it was not from f-secure. Said no to all delete instructions then ran Google chrome up it popped. Ran full scan found nothing, manually edited registry deleted snap search entries, could not find program to delete. Problem seems to be solved. This is now twice in about two weeks that something appears to have slipped by fsecure, I thought I was protected against attacks like this. I do not download and run programs unless it is a trusted site.

    Looking forward to comments.

    johnb

  • Ehm, well. There is NO trustful domain anymore. Every site could be infected.


    You should update your installed software asap. The crapware is still on your pc. If you do not submit the file to f-secure the is not detected in the near future. It just happened if others will send the file. So avoid not to send the file. For the community.

  • johnbjohnb Posts: 3

    Hi

    All software up to date, fsecure can not detect file so how can I submit a sample or even find it?  There are multipall sites explaining how to delete the bug so shurley  fsecure should be aware of it. What is happening to fsecure its its starting to  let me down!

    johnb

  • JagadesanJagadesan Posts: 129

    Hi johnb,

    With regards to your problem, kindly provide me the SRID so that I can take a look at your case.

    Thanks.

    Best Regards,
    Jagadesan

  • johnbjohnb Posts: 3

    Hi Jagadesan

    SR ID:  1-568519960

This discussion has been closed.