PDA

View Full Version : A spyware called darkonia?


naraku4656
2007-02-05, 22:58
spybot tells me one of my bookmarks has a spyware called darkonia, of which is not in any threat catolouge i've looked through, it says one of my bookmarks has it, so i tried to get rid of the bookmark through spybot, so i went back to the site and bookmarked it again and it game me the same threat message, so what is darkonia and why does it keep appearing even after i delete it with spybot and get the same bookmark again, note: i've had this bookmark over a year and have had no problems with it
Buster
2007-02-06, 08:42
Please post your scan results. To do so, right click into the results window and select "Copy results to clipboard". Thanks in advance!
naraku4656
2007-02-07, 00:19
Darkonia: Bookmark (Internet Explorer: Matt) (Bookmark, nothing done)


Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

MS Media Player: Anonymous ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1957994488-602609370-839522115-1003\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

MS Direct3D: Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name!=

MS DirectDraw: Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=

MS DirectInput: Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1957994488-602609370-839522115-1003\Software\Microsoft\DirectInput\MostRecentApplication\Name!=

MS DirectInput: Most recent application ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1957994488-602609370-839522115-1003\Software\Microsoft\DirectInput\MostRecentApplication\Id!=

Windows Explorer: User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1957994488-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: User Assistant history files (11 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1957994488-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Media SDK: Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1957994488-602609370-839522115-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

Windows Media SDK: Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1957994488-602609370-839522115-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

Windows Media SDK: Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1957994488-602609370-839522115-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cookie: Cookie (9) (Cookie, nothing done)


Cache: Cache (969) (Cache, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-11-20 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-02 advcheck.dll (1.2.0.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-02-02 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-02-02 Includes\DialerC.sbi (*)
2006-11-24 Includes\Hijackers.sbi (*)
2007-02-02 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-02-02 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-01-12 Includes\Malware.sbi (*)
2007-02-02 Includes\MalwareC.sbi (*)
2007-01-19 Includes\PUPS.sbi (*)
2007-02-02 Includes\PUPSC.sbi (*)
2007-02-02 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-02-02 Includes\SecurityC.sbi (*)
2007-02-02 Includes\Spybots.sbi (*)
2007-02-02 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2006-12-08 Includes\Trojans.sbi (*)
2007-02-02 Includes\TrojansC.sbi (*)
naraku4656
2007-02-07, 23:37
ok now what?
Buster
2007-02-08, 11:22
Did you already download the latest updates, which have been released yesterday?:scratch:
naraku4656
2007-02-10, 00:25
yes i did everything is up to date on spybot
md usa spybot fan
2007-02-10, 00:39
naraku4656:

With the latest updates you should have these dates (see items marked in red):

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-01-16 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-15 advcheck.dll (1.2.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-02-07 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-02-07 Includes\DialerC.sbi (*)
2007-02-07 Includes\Hijackers.sbi (*)
2007-02-07 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-02-07 Includes\KeyloggersC.sbi (*)
2007-01-12 Includes\Malware.sbi (*)
2007-02-07 Includes\MalwareC.sbi (*)
2007-01-19 Includes\PUPS.sbi (*)
2007-02-07 Includes\PUPSC.sbi (*)
2007-02-07 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-02-07 Includes\SecurityC.sbi (*)
2007-02-02 Includes\Spybots.sbi (*)
2007-02-07 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-12-08 Includes\Trojans.sbi (*)
2007-02-07 Includes\TrojansC.sbi (*)
naraku4656
2007-02-10, 05:37
your right, at the time of the thrid scan (listed on site) no i did not have those updates, i have them now and i still get darkonia
naraku4656
2007-02-10, 05:44
here is the reposted resultes post updates:

Darkonia: Bookmark (Internet Explorer: Matt) (Bookmark, nothing done)





--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-11-20 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-02 advcheck.dll (1.2.0.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-02-07 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-02-07 Includes\DialerC.sbi (*)
2007-02-07 Includes\Hijackers.sbi (*)
2007-02-07 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-02-07 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-01-12 Includes\Malware.sbi (*)
2007-02-07 Includes\MalwareC.sbi (*)
2007-01-19 Includes\PUPS.sbi (*)
2007-02-07 Includes\PUPSC.sbi (*)
2007-02-07 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-02-07 Includes\SecurityC.sbi (*)
2007-02-02 Includes\Spybots.sbi (*)
2007-02-07 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2006-12-08 Includes\Trojans.sbi (*)
2007-02-07 Includes\TrojansC.sbi (*)
Buster
2007-02-12, 09:10
I guess we found the reason for this detection. A fixed detection file will be released on Wednesday. :)
naraku4656
2007-02-12, 22:50
what was the reason?
Buster
2007-02-14, 10:03
Spybot was looking for a erroneously added domain, which has been removed, now.
naraku4656
2007-02-14, 21:53
oh ok, lemme see if it fixes it
naraku4656
2007-02-14, 22:10
no it didn't fix it


Darkonia: Bookmark (Internet Explorer: Matt) (Bookmark, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-11-20 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-02 advcheck.dll (1.2.0.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-02-14 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-02-14 Includes\DialerC.sbi (*)
2007-02-07 Includes\Hijackers.sbi (*)
2007-02-14 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-02-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-02-14 Includes\Malware.sbi (*)
2007-02-14 Includes\MalwareC.sbi (*)
2007-01-19 Includes\PUPS.sbi (*)
2007-02-14 Includes\PUPSC.sbi (*)
2007-02-14 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-02-14 Includes\SecurityC.sbi (*)
2007-02-02 Includes\Spybots.sbi (*)
2007-02-14 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2007-02-14 Includes\Trojans.sbi (*)
2007-02-14 Includes\TrojansC.sbi (*)
Buster
2007-02-16, 08:08
Did you restart your Spybot after the update? :scratch:
naraku4656
2007-02-16, 20:27
yes i did
Buster
2007-02-19, 09:45
Hello naraku4656,

if this problem still persists, please send us your domains.sbs, located in Spybot´s "Includes" folder. Please send your email to detections#spybot.info (replace # with @)

Thanks in advance!
naraku4656
2007-02-19, 22:49
ok, i'll check it in a mintute
naraku4656
2007-02-22, 22:49
don't worry it's fine, i got rid of the bookmark so it would stop bugging me