SD compromized

**Midicow** · 2007-05-14, 00:32

I installed the latest spybot (1.4) directly from the spybot web page (http://www.spybot.info/en/home/index.html) from the safer networking links.

When I update, I recieve a list of updates which appears to be valid, but no matter what mirror list I select before I scan, when I hover over the update links they show that they come from a "http://www.spybotupdates.biz" website.

Upon downloading and installing these updates through SD's update manager, numerous trojans are installed, and avg's email scanner becomes compromised.

I have checked for rootkits and did not find any, I was able to disable and destroy these trojans.

I have repeated this on a fresh virtual install of windows XP.

Also to note, the spybot sd process is also prevented from running correctly, as it runs extreamly sluggishly.

**Midicow** · 2007-05-14, 01:19

Final part of removal involves removing the "hggday.dll" malware

**Midicow** · 2007-05-14, 01:43

confirmed that the virus removal tool "prevx" detects and removes the threats, AVG free dosen't even seem to know whats going on past a few randomly generated files being infected.

**tashi** · 2007-05-14, 02:03

Hello.

Something else must be at work here, please do the following:

Open Spybot-S&D.

Start a scan ("check for problems"). After the scan, right-click in the results field and choose either "Save full report to file..." or "Copy full report to clipboard".

Attach the file (or copy the report) to the email and send it to: detections(at)spybot.info (Replace AT with @)

Thank you.

**Midicow** · 2007-05-14, 04:43

sry uninstalled spybot

**tashi** · 2007-05-14, 04:46

Alright, but without a log we cannot see what is on the System.

Our download mirrors appear to be fine.

If you wish, you can post a HJT log in the Malware Removal Forum

The procedure to produce a hjt log is here: "BEFORE you POST"

You can skip the other steps.

Thread: SD compromized

Thread Tools

Display

SD compromized

Posting Permissions