Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: spyware removal question

  1. #1
    Junior Member
    Join Date
    Sep 2007
    Posts
    4

    Default spyware removal question

    Guys, I had someone install v 1.4 on my system and decided to try it today for the first time.

    it found 60 threats (red) and I opted to FIX which I assume it did. Well, after that, i did an update and decided to run search again and it found the exact same problems except for one so 59 total.

    What's the deal?

    Thanks

    George

  2. #2
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,879

    Default

    Spybot 1.5 is the current version. Consider upgrading.

    It would help if you posted the log of the actual detections you are getting. To do that:
    • Run another scan.
    • When the scan completes, right click on the results list, select "Copy results to clipboard".
    • Then paste (Ctrl+V) those results to a new post in this thread.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  3. #3
    Junior Member
    Join Date
    Sep 2007
    Posts
    4

    Default Alright, here it is

    CiD.IEPop: User settings (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-842925246-823518204-839522115-1003\Software\Microsoft\Internet Explorer\New Windows\Allow\netbios-wait.com

    CiD.IEPop: User settings (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-842925246-823518204-839522115-1003\Software\Microsoft\Internet Explorer\New Windows\Allow\netsearchsoft.com

    CiD.IEPop: User settings (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-842925246-823518204-839522115-1003\Software\Microsoft\Internet Explorer\New Windows\Allow\www.netbios-wait.com

    CiD.IEPop: User settings (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-842925246-823518204-839522115-1003\Software\Microsoft\Internet Explorer\New Windows\Allow\www.netsearchsoft.com

    DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


    AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


    AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


    AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


    BurstMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


    DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


    HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


    HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


    HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


    HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


    HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


    HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


    HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


    HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


    HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


    HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


    FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


    FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


    FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


    FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


    FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


    FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


    FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


    FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


    FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


    FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


    HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


    HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


    MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)


    MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


    DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


    CoreMetrics: Tracking cookie (Firefox: default) (Cookie, nothing done)


    AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


    AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


    AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


    AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


    AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


    AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


    WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)



    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2007-07-04 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2007-05-23 advcheck.dll (1.5.3.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2007-07-31 Tools.dll (2.1.2.0)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2007-09-19 Includes\Cookies.sbi (*)
    2007-07-25 Includes\Dialer.sbi (*)
    2007-09-19 Includes\DialerC.sbi (*)
    2007-08-29 Includes\Hijackers.sbi (*)
    2007-09-19 Includes\HijackersC.sbi (*)
    2007-07-25 Includes\Keyloggers.sbi (*)
    2007-09-19 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2007-09-12 Includes\Malware.sbi (*)
    2007-09-19 Includes\MalwareC.sbi (*)
    2007-09-05 Includes\PUPS.sbi (*)
    2007-09-19 Includes\PUPSC.sbi (*)
    2007-09-19 Includes\Revision.sbi (*)
    2007-05-30 Includes\Security.sbi (*)
    2007-09-19 Includes\SecurityC.sbi (*)
    2007-09-12 Includes\Spybots.sbi (*)
    2007-09-19 Includes\SpybotsC.sbi (*)
    2007-08-21 Includes\Tracks.uti
    2007-09-12 Includes\Trojans.sbi (*)
    2007-09-19 Includes\TrojansC.sbi (*)
    2007-06-06 Plugins\TCPIPAddress.dll

  4. #4
    Junior Member
    Join Date
    Sep 2007
    Posts
    4

    Default

    I don't mind upgrading though but I was curious why this happens and if there is something I don't understand.

    george

  5. #5
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,879

    Default

    Spybot 1.5 can immunize Firefox whereas Spybot 1.4 could not.

    Spybot 1.4 sometimes has trouble removing Firefox tracking cookies. There are suggestions in the following post on how to remove them as well as block them from being stored in the future:


    There is also another discussion about FireFox tracking cookies (3rd party cookies) in the following thread:

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  6. #6
    Junior Member
    Join Date
    Sep 2007
    Posts
    4

    Default

    Alright, I'll try the newer version and see if that'll take care of it but I kinda screwed something up last night so I may have to go back to a much older configuration on the computer...oh well

    Thanks

    George

  7. #7
    Junior Member
    Join Date
    Oct 2007
    Posts
    5

    Default

    What is Cid.IEPop? I have removed it at least 15 times, but it still comes back. I think itis responsible for "killing" my computer and having to send it to a computer repairman.......

    Any ideas what it is? Or how to permanently get rid of it?

  8. #8
    Junior Member
    Join Date
    Oct 2007
    Posts
    5

    Angry Help!!! CiD.lEPop is not nice to my puter!!

    What is Cid.IEPop? I have removed it at least 15 times, but it still comes back. I think itis responsible for "killing" my computer and having to send it to a computer repairman.......

    Any ideas what it is? Or how to permanently get rid of it?

  9. #9
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,111

    Default

    hello,

    CiD.IEPop is part of a series of trojan horses that usually get installed along with other software. It usually has serveral instances running in background and registered in system start. This may be a new variant that does not get detected completely, which is why the found entries return/ get recreated by the trojan horse.

    Please create a full Spybot S&D log and attach it to your next post. You can also check your system start for strange folder and filenames like Atom mp3 admin, Htmbiasbowsfork, Free draw chic, LOGANTIFORK, okay four.exe, Bindhole.exe or similar. These names usually change from version to version so they may not be present, with the log file we will be able to determine which system start entries are suspicious and help you with removal.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  10. #10
    Junior Member
    Join Date
    Oct 2007
    Posts
    5

    Default

    I hope this is what you mean. I am not particularly computer savvy. If this is not what you need, let me know and I will try again. Thanks so much for your help. I so appreciate it.




    --- Search result list ---
    CiD.IEPop: [SBI $9596E091] User settings (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-527237240-1547161642-682003330-1004\Software\Microsoft\Internet Explorer\New Windows\Allow\netbios-wait.com

    CiD.IEPop: [SBI $73413041] User settings (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-527237240-1547161642-682003330-1004\Software\Microsoft\Internet Explorer\New Windows\Allow\www.netbios-wait.com

    DoubleClick: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)


    BurstMedia: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)


    BurstMedia: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)


    MediaPlex: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)


    TagASaurus: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)


    WarezP2P: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)


    Zedo: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)


    FastClick: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)


    Advertising.com: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)


    DirectTrack: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)


    BlueStreak: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)


    AzoogleAds: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)


    DirectTrack: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)


    MediaPlex: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •