How to find which program causing prob? [Archive]

View Full Version : How to find which program causing prob?

gehang

2007-04-04, 01:02

I have some program which keeps trying to change the registry. So I clicked always deny, now my computer is really slow because I have about 10 windows saying registry changed denied that never go away becuse this program won't stop trying the changes..

How can I find out which process is trying to initate the change so I can stop the service, and remove the program?

Zenobia

2007-04-04, 01:17

Hello.Could you open Spybot,click mode up top,then Advanced Mode,then click tools,then resident,and there should be a resident log there.Highlight the last couple of things,then rightclick,select copy,then paste it here.

theikonx

2007-04-04, 18:31

I'm having the same problem. Here's the resident log

3/6/2007 5:01:39 PM Denied value "{A6ACAE64-F798-4930-AD86-BD3FB32038DB}" (new data: "") added in Browser Helper Object!
3/6/2007 5:01:40 PM Denied value "{A6ACAE64-F798-4930-AD86-BD3FB32038DB}" (new data: "") added in Browser Helper Object!
3/6/2007 5:01:41 PM Denied value "{A6ACAE64-F798-4930-AD86-BD3FB32038DB}" (new data: "") added in Browser Helper Object!
3/6/2007 5:01:42 PM Denied value "{A6ACAE64-F798-4930-AD86-BD3FB32038DB}" (new data: "") added in Browser Helper Object!
3/6/2007 5:01:43 PM Denied value "{A6ACAE64-F798-4930-AD86-BD3FB32038DB}" (new data: "") added in Browser Helper Object!
3/6/2007 5:01:44 PM Denied value "{A6ACAE64-F798-4930-AD86-BD3FB32038DB}" (new data: "") added in Browser Helper Object!

md usa spybot fan

2007-04-04, 19:23

theikonx:

Assuming your question is the same or similar to gehang (http://forums.spybot.info/member.php?u=20751)'s:

How to find which program causing prob?

How can I find out which process is trying to initate the change so I can stop the service, and remove the program?

If you go into the following Web page:
CastleCops - CLSID BHOList ToolbarList
http://www.castlecops.com/CLSID.html
Then do a search for the following CLSID/GUID (Class ID/Globally Unique ID):
A6ACAE64-F798-4930-AD86-BD3FB32038DB
The results indicate:

OBJECT NAME: (no name)
GUID: {A6ACAE64-F798-4930-AD86-BD3FB32038DB}
STATUS: X BHO ("X" - Certified spyware/foistware, or other malware, "BHO" - Browser Helper Object)
FILENAME: isadd.dll
DESCRIPTION : Variant of the Zlob aka Puper (http://vil.nai.com/vil/Content/v_139987.htm) Trojan
The Puper (http://vil.nai.com/vil/Content/v_139987.htm) link in the above description links to the following McAfee write-up:
Puper.gen
http://vil.nai.com/vil/Content/v_139987.htm