Help - Search - Members
Full Version: What is "not-a-virus:AdWare.Win32.MegaSearch.p" ??
Kaspersky Lab Forum > English User Forum > Virus-related issues
higginslads
I used the Kaspersky online scanner and it found "not-a-virus:AdWare.Win32.MegaSearch.p" in two different locations, as well as "NSIS: infected - 1." I run Avast and Spybot and they didn't find these. Can I manually delete these, and if so, how? Sorry for my ignorance - I'm relatively new to this. I've included the full report from the scan below, as well as uploaded the file. Thank you.

Monday, February 18, 2008 12:35:19 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 3, v.3264 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/02/2008
Kaspersky Anti-Virus database records: 570276
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 60552
Number of viruses found 2
Number of infected objects 3
Number of suspicious objects 2
Duration of the scan process 02:09:36

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\comodo\Firewall Pro\cfplogdb.sdb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject6.zip/uninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject6.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\peg\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\peg\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\peg\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\peg\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\peg\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\peg\Local Settings\Temp\vol_bt_all.exe/data0033 Infected: not-a-virus:AdWare.Win32.MegaSearch.p skipped
C:\Documents and Settings\peg\Local Settings\Temp\vol_bt_all.exe NSIS: infected - 1 skipped
C:\Documents and Settings\peg\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\peg\ntuser.dat Object is locked skipped
C:\Documents and Settings\peg\ntuser.dat.LOG Object is locked skipped
C:\Program Files\vol_toolbar\vol_toolbar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.p skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP489\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Antivirus.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
higginslads
I did a little research, and it looks like it may be a false positive. I recently got Verizon FIOS, and the installation included the Verizon Toolbar, which uses the same CSLID as the malware known as Megasearch, at least according to this: http://www.dslreports.com/forum/r18781702-...are-and-Verizon. So, as far as I can tell, there's no problem. As for the NSIS, I found this to help me remove it: http://www.schrockinnovations.com/removensismedia2.php. Evidently, this is tied in with Firefox, and my Firefox had been acting strangely lately, particularly in regards to not allowing me to download anything, even after several attempts at fixing it (deleting the download.rdf folder) and uninstalling and reinstalling. I haven't had a chance to run through the fix yet, but I'll post back and let you know how it goes. Any further information is greatly appreciated.
Lucian Bara
hello
simply send
C:\Documents and Settings\peg\Local Settings\Temp\vol_bt_all.exe
C:\Program Files\vol_toolbar\vol_toolbar.dll
to the lab for confirmation: http://forum.kaspersky.com/index.php?showtopic=13881
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.