PDA

View Full Version : Fixed: GuardianMonitor



beancowboys
2007-04-26, 00:14
Search&Destroy showed 35 registry entries of GuardianMonitor but I did not have any of the files or folders that GuardianMonitor is supposed to create if it is installed. Wondering if anyone else has seen this.

md usa spybot fan
2007-04-26, 00:47
The detections for "GuardianMonitor" were listed as updates among the updates for 2007-04-25. See:
http://forums.spybot.info/showthread.php?t=13220]Updates: 2007-04-25
I suggest that you post the actual "35 registry entries of GuardianMonitor" that you are getting so that someone can take a look at them. To do that:
Run another scan.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Then paste (Ctrl+V) those results to a new post in this thread.

beancowboys
2007-04-26, 03:29
GuardianMonitor: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{36A0E3F8-5BD1-4ED6-B6D1-4519A2FC6D23}

GuardianMonitor: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{697DF023-B24E-11D3-B57C-00105AA461D0}

GuardianMonitor: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{697DF025-B24E-11D3-B57C-00105AA461D0}

GuardianMonitor: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{697DF027-B24E-11D3-B57C-00105AA461D0}

GuardianMonitor: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{697DF029-B24E-11D3-B57C-00105AA461D0}

GuardianMonitor: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{697DF02B-B24E-11D3-B57C-00105AA461D0}

GuardianMonitor: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{697DF02D-B24E-11D3-B57C-00105AA461D0}

GuardianMonitor: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{798CBE35-B27D-11D3-B57C-00105AA461D0}

GuardianMonitor: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{A967E5D2-B0E1-11D3-B57C-00105AA461D0}

GuardianMonitor: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{A967E5D6-B0E1-11D3-B57C-00105AA461D0}

GuardianMonitor: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{A967E5C4-B0E1-11D3-B57C-00105AA461D0}

GuardianMonitor: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Dten600.FileConverter

GuardianMonitor: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Dten600.FileConverter.1

GuardianMonitor: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{697DF027-B24E-11D3-B57C-00105AA461D0}

GuardianMonitor: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Dten600.IndexJob

GuardianMonitor: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Dten600.IndexJob.1

GuardianMonitor: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{697DF023-B24E-11D3-B57C-00105AA461D0}

GuardianMonitor: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\dten600.JobErrorInfo

GuardianMonitor: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\dten600.JobErrorInfo.1

GuardianMonitor: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A967E5D6-B0E1-11D3-B57C-00105AA461D0}

GuardianMonitor: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Dten600.Options

GuardianMonitor: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Dten600.Options.1

GuardianMonitor: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{697DF02B-B24E-11D3-B57C-00105AA461D0}

GuardianMonitor: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Dten600.SearchJob

GuardianMonitor: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Dten600.SearchJob.1

GuardianMonitor: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{697DF025-B24E-11D3-B57C-00105AA461D0}

GuardianMonitor: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Dten600.SearchReportJob

GuardianMonitor: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Dten600.SearchReportJob.1

GuardianMonitor: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{697DF029-B24E-11D3-B57C-00105AA461D0}

GuardianMonitor: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Dten600.SearchResults

GuardianMonitor: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Dten600.SearchResults.1

GuardianMonitor: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{798CBE35-B27D-11D3-B57C-00105AA461D0}

GuardianMonitor: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Dten600.WordListBuilder

GuardianMonitor: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Dten600.WordListBuilder.1

GuardianMonitor: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{697DF02D-B24E-11D3-B57C-00105AA461D0}




--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-04-09 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-04-18 advcheck.dll (1.5.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-04-25 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-04-25 Includes\DialerC.sbi (*)
2007-04-04 Includes\Hijackers.sbi (*)
2007-04-25 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-04-25 Includes\KeyloggersC.sbi (*)
2007-03-21 Includes\Malware.sbi (*)
2007-04-25 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-04-25 Includes\PUPSC.sbi (*)
2007-04-25 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-04-25 Includes\SecurityC.sbi (*)
2007-03-21 Includes\Spybots.sbi (*)
2007-04-25 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-04-25 Includes\Trojans.sbi (*)
2007-04-25 Includes\TrojansC.sbi (*)

antdude
2007-04-26, 05:16
I have the same problem. I attached my zip file with logs and exported registry.

Thanks in advance. :)

md usa spybot fan
2007-04-26, 07:16
This Symantec article appears to indicate that those entries are connected with a product they call Spyware.GuardMon:
Spyware.GuardMon
http://www.symantec.com/security_response/writeup.jsp?docid=2005-052615-2337-99&tabid=1

antdude
2007-04-26, 07:46
This Symantec article appears to indicate that those entries are connected with a product they call Spyware.GuardMon:
Spyware.GuardMon
http://www.symantec.com/security_response/writeup.jsp?docid=2005-052615-2337-99&tabid=1

Looks old:

Protection

* Virus Definitions (LiveUpdate™ Weekly) May 27, 2005
* Virus Definitions (Intelligent Updater) May 26, 2005


I don't have any of those files.

md usa spybot fan
2007-04-26, 08:07
Looks old
Please note:

Updated: February 13, 2007 11:44:22 AM

antdude
2007-04-26, 08:16
Please note:Yes, I saw that but NAV didn't find anything odd with the latest definitions.

md usa spybot fan
2007-04-26, 09:10
beancowboys:

See Yodama (http://forums.spybot.info/member.php?u=223)'s comments here:
GuardianMonitor FP?
http://forums.spybot.info/showthread.php?t=13239

beancowboys
2007-04-26, 17:27
I had read the spyware.guardmon on symantec but the latest defs did not pick up these 35 reg keys nor did I have any of the files or folders symantec says it adds so I can not follow the removal process.

md usa spybot fan
2007-04-26, 18:38
beancowboys:

Ignore the detections until the next update.

Yodama (http://forums.spybot.info/member.php?u=223)'s comments from this thread:
GuardianMonitor FP?
http://forums.spybot.info/showthread.php?t=13239


hello,

thank you for your detailed informations. You are right it is a false positive.
The TypeLib references a SMTP engine, which is also used by GuardianMonitor.

The fp will be removed from detection with the next update, scheduled for the middle of next week.

Doraemon
2007-04-30, 19:33
I had the same problem too. I scanned after downloading the new update today.


GuardianMonitor: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{36A0E3F8-5BD1-4ED6-B6D1-4519A2FC6D23}

Unlike Beancowboys and Antdude, Spybot fixed GuardianMonitor in my computer though. Is that something that I should be concerned with or was it still false positive? There was no GuardianMonitor when I scanned my computer on the day before I updated my Spybot. I found no files/folders on GuardianMonitor.

Just in case I have changed every password that I have.

Doraemon
2007-05-01, 05:11
Please ignore my post above. I was mumbling at 2.30 am.

But here is my result.

GuardianMonitor: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{5F371410-C836-11D2-BEF8-525400DFB47A}


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-03-23 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-15 advcheck.dll (1.2.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-04-25 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-04-25 Includes\DialerC.sbi (*)
2007-04-04 Includes\Hijackers.sbi (*)
2007-04-25 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-04-25 Includes\KeyloggersC.sbi (*)
2007-03-21 Includes\Malware.sbi (*)
2007-04-25 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-04-25 Includes\PUPSC.sbi (*)
2007-04-25 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-04-25 Includes\SecurityC.sbi (*)
2007-03-21 Includes\Spybots.sbi (*)
2007-04-25 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-04-25 Includes\Trojans.sbi (*)
2007-04-25 Includes\TrojansC.sbi (*)

Can someone tell me if its false positive or not? It would be very much appreciated. Thank you.

burfie
2007-05-01, 16:18
Doraemon - - I had the same result this morning.
Do you have Mindsoft Utilities installed on your system?

I looked at that registry key, and it seems to be associated with that.
It points to: vbalTabStrip6.TabControl... C:\Program Files\MindSoft Utilities\vbalTab6.ocx
So, I suspect it is a false positive.

Yodama
2007-05-02, 09:47
hi,

like md usa spybot fan worte, please ignore the detection on GuardianMonitor if there are no file found with it until the update

it is a false positive, it will be corrected with the next update coming up in a couple of hours if all goes well ;)



thanks for reporting