False Positive: StartNow Hyperbar


J

Jonathan Holmes

StartNow Hyperbar is detected based on the presence of this CLSID in the
registry:

3F2BBC05-40DF-11D2-9455-00104BC936FF

Unfortunately, this CLSID is used in some sample source code found here:

http://members.shaw.ca/iedelphi/downloads/source/IEDocHostUIHandler.pas

Any application vendor utilising this sample source code without
intentionally modifying it to prevent this will inadvertently use the same
CLSID. This means that inferring the presence of spyware based on the
existence of this CLSID in the registry is not a reliable or sound thing to
do.

Below my signature is the result of a scan falsely detecting the presence of
this spyware in an application I wrote.


Jonathan Holmes



Details: StartNow Hyperbar redirects Internet Explorer search and homepage
URLs.
Status: Ignored
High threat - High risk threats typically are remotely exploitable
vulnerabilities, which can lead to system compromise. Successful
exploitation does not normally require any interaction. May open up
communication ports, use polymorphic tactics, stealth installations, and/or
anti-spy counter measures. May us a security flaw in the operating system to
gain access to your computer.

Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\LocalServer32
C:\PROGRA~1\ZONEOR~1\ZONEOR~1.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\ProgID
ZoneOrchestrator.DocHostUIHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
Implements DocHostUIHandler
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

False positive 0
False Positives 14
False Positive 1
False positive 0
False Positive 1
false positive 1
False Positives 1
false positive 0

Top