URGENT -- Microsoft Agent Compatability (BonziBUDDY and WhenU.SaveNow false positives)

T

Tim Malouff

I noticed that Microsoft AntiSpyware (Beta 1) as do other anti-spyware
applications always report BonziBUDDY as being installed at a Elevated
Threat Level.

I know what BonziBUDDY is and does but do not have the application istalled,
I as well as every other XP user am getting this error becase Microsft Agent
is installed with Windows-XP and Windows-ME.

BonziBUDDY does however use Microsoft Agent Technology and is was all these
anti-spyware applications are
detecting Microsft Agent registry keys and reporting them as BonziBUDDY.

All the anti-spyware application must not have ever heard of Microsft Agent
including Microsft.

All the anti-spyware recomends and removes the following clsid tree
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\

Are any of these detected registry entries needed by Microsoft Agent to run
properly, and if so where are they being deleted?

Here are the registry entries that Microsoft AntiSpyware (Beta 1) detected
and quarantiened on my Machine.

HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\VersionIndependentProgID
WebImage.WebImageCtl
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf} WebImageCtl
Object
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\InprocServer32
C:\Program Files\E-Book Systems\FlipAlbum 5 Pro\WImg.Ocx
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\InprocServer32
ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\MiscStatus\1
131473
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\MiscStatus 0
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\ProgID
WebImage.WebImageCtl.1
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\ToolboxBitmap32
C:\Program Files\E-Book Systems\FlipAlbum 5 Pro\WImg.Ocx, 1
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\TypeLib
{B92BB5C0-2E73-11CF-B6CF-00AA00A74DAF}
HKEY_CLASSES_ROOT\clsid\{bd11a280-2e73-11cf-b6cf-00aa00a74daf}\Version 1.0

Looking at these Keys I notice two of my programs showing up and none of
them are BonziBUDDY

mIRC available from http://www.mirc.com/ this does have a feature to use
Microsoft Agents http://www.mirc.co.uk/agents.html

FlipAlbum 5 Pro available from http://www.flipalbum.com/

The funny thing about Flip Album 5 Pro is that when it quarantiened it
removed WImg.Ocx and it looks like it was made by Microsoft.
Another funny thing about that file is the File Version it is listed as both
4.0.28.10 and 5.00.2810
I have attached the file for Reference.

Microsoft AntiSpyware (Beta 1) has also detected WhenU.SaveNow at a High
Treat Level and you can't Quarantine a High Risk.

Again it is targeting Microsoft Agent but more specifically the
Text-to-Speech Engine used by Microsft Agent and text readers.
Lernout & Hauspie TruVoice American English TTS Engine to be exact and it is
the most commonly installed and used.

It also detected the following registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8F2846E-CE36-11D0-AC83-00C04FD97575}
And the following Fille C:\WINDOWS\lhsp\tv\tvenuax.dll again I attached for
reference.

Why don't all these anti-spyware applications not be so lazy and find out
the files and registry keys the real spyware is using/added to a computer
and remove it and leave the legitimate software they are using behind.
 
C

Carl R. Knecht

Tim said:
BonziBUDDY does however use Microsoft Agent Technology and is was all these
anti-spyware applications are
detecting Microsft Agent registry keys and reporting them as BonziBUDDY.

You are saying Microsoft Agent is spyware but BonziBuddy isn't?
BWAHAHAHHAHAHAHAHAHA!
 
T

Tim Malouff

I am not saying that Microsoft Agent is Spyware.

I am saying that the anti-spyware programs detect
Microsoft Agent installed by it's self as BonziBUDDY
because BonziBuddy uses Microsoft Agent Technology.

I should have proof read and taken out the "is was"

BonziBUDDY does however use Microsoft Agent Technology
and all these anti-spyware applications are detecting
Microsoft Agent registry keys and reporting them as
BonziBUDDY.

There is that better?

Why didn't you too have BonziBUDDY listed?

Every Windows XP user should get this false positive
becuase Microsoft Agent is installed by defalut.

Unless mIRC or Flip album are the cause for my false
positive BonziBUDDY.
 
B

Bill Sanderson

Tim - I've installed this app on more than a dozen XP PRO sp2 machines and a
couple of Windows 2000 servers, and haven't seen the detection you are
seeing--so it isn't directly from the Microsoft Agent pieces that come with
the OS.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top