Spybot has just found Win32.Zhelatin.k on my computer. I have my browsers set to protect me from unwanted cookies and downloads, so why would I get this? Can you help?

It might be helpful if you showed the short log,so that someone could have a look at it.
Produce a short log (showing items flagged)

Open SpyBot.
Check for problems.
When finished, right click and choose copy results (not the full report) to clipboard and post that into topic.

I've since found a couple of holes in my browser privacy which I've now patched up. I ran Spybot again, and this time the trojan didn't come up - I had done the "fix" when it first appeared. So if this happens again I'll try collecting the results as you suggested, Zenobia. Thanks!

P.S. Is there something significant about "Produce a short log (showing items flagged)?" Should I find that somewhere when I get notification of a possible threat?

That was so that what Spybot was finding could be posted on here,so it could be seen on this forum.It's basically what you see after a scan if you click the + signs,in text form.It's sometimes helpful to see.In your case,where you seemed surprised that Spybot detected something,I wanted to see if I could find out if it might be a false positive or something. :)

This is Sophos description of W32/Dref-Y,aka Email-Worm.Win32.Zhelatin.k.
http://www.sophos.com/security/analyses/w32drefy.html

How is your computer,since Spybot fixed it?Everything seem okay?Was your computer acting funny before Spybot detected that?

Hi Zenobia. My computer's been behaving fine lately, thanks. (The last time it was acting up I was using a spyware/antivirus package that was constantly running around my computer and slowing things down enormously. That was Shaw Secure, a derivative I gather of FSecure. I removed it and everything speeded up enormously.)

I was reading today that Windows Defender is supposed to "protect" against spyware. In fact, I do a Windows Defender scan once a week and it never finds ANYTHING; whereas AdAware, Spybot & AVG do find things on occasion. I really wonder if Windows Defender does anything at all.

I'll keep notes on what you've said for next time Spybot detects something, and I'll see what comes up then. Thanks again for your help.

Okay,that's good to hear.I thought I'd fish around a little and see how things were with your computer,where the description of Zhelatin.k says it drops more malware. :)

I see your title says "False Positive?",so in case you're unsure what that term means,I thought I'd put this link on for you.It can also apply to an antispyware app:
http://www.viruslist.com/en/glossary?glossid=153654932

Thanks for that link describing false positives. Obviously, it doesn't apply to something like Zhelatin.k being identified. Today I had some slow-downs on my system and I made a point of checking my task manager. But all the CPU was being used up by legit software, and the main culprit was Microsoft processes. So I think I'm ok. Will keep my eyes open, though. And there's nothing like disabling cookies except for only those highly trusted sites, huh?

Hi Zenobia. I just did a Spybot scan, and the trojan Win32.Zhelatin.k came up again, along with something about a windows firewall bypass. Here's the short log you asked me to copy:

Microsoft.Windows.IEFirewallBypass: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Internet Explorer\IEXPLORE.EXE

Microsoft.Windows.IEFirewallBypass: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Internet Explorer\IEXPLORE.EXE

Win32.Zhelatin.k: Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3293823761-4021508746-2703944788-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\*\greeting card.exe


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2007-06-05 spybotsd14.exe (0.0.0.0)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-06-05 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-06-20 Includes\Cookies.sbi (*)
2007-05-30 Includes\Dialer.sbi (*)
2007-06-20 Includes\DialerC.sbi (*)
2007-06-20 Includes\Hijackers.sbi (*)
2007-06-20 Includes\HijackersC.sbi (*)
2007-06-20 Includes\Keyloggers.sbi (*)
2007-06-20 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-06-20 Includes\Malware.sbi (*)
2007-06-20 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-06-20 Includes\PUPSC.sbi (*)
2007-06-20 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-06-20 Includes\SecurityC.sbi (*)
2007-06-20 Includes\Spybots.sbi (*)
2007-06-20 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-06-20 Includes\Trojans.sbi (*)
2007-06-20 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll

Can you figure out what's going on?

Also, when I first opened Spybot today, I got that "weird popup" that people were talking about in February, that led to PepiMK's website.

Hi there Benzmum.

I see greeting card.exe in the log, please run an on-line anti virus scan.


eTrust Antivirus Web Scanner (http://www3.ca.com/securityadvisor/virusinfo/scan.aspx) Requires Internet Explorer. (If prompted on that page, allow Active X and the install of software - this is needed to scan your system)
It may take a while to download the updates needed, and then you will be presented with a screen to scan your system.
Trend Micro Online Scan (http://housecall.trendmicro.com/) Does not produce log, useful for a second scan.Do not be concerned if the scanner "finds" things it says it cannot fix.

Let us know how it goes, and save the log in case we need to move you to the malware removal forum. :)

Thanks, Tashi. I have a slow connection so I'll wait till tomorrow morning before I do the online scan - takes hours, and my computer's right next to my bed! :sad:

Hi Benzmum.

Let's make it easier on you and your PC, go ahead and post a HJT log in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22)

Give a link back to this topic and we will take a quick look. :)

I did an online scan for viruses with eTrust and got the following results:

Scan Results: Scan Completed. 130672 files scanned. No viruses found.
File Infection Status Path
- No Infections
I didn't scan for Spyware. I gather you have to do that separately. Also I didn't scan my recovery disk (D:) - is that ok?

What do you think?

...Just saw your suggestion re the Malware Removal Forum, Tashi. I'll do that.

Hi Tashi. I've posted in Malware Removal and there's a fellow named Jak3 telling me to run another online scan from a site I haven't heard of before. He's listed as a Security Expert, but I thought I should check with you first since he's not one of the "Team" as such. Can I go ahead with his suggestions? Don't want to offend him if he's totally legit. :red:

I guess maybe you were looking at this,and not seeing Security Expert listed:

Malware Removal: only people with the following titles above their avatar may assist members.

Helper, Warrior, Expert, Developer, Team Spybot.
http://forums.spybot.info/showthread.php?t=288
But it's okay,Mr.Jak_3 is part of the group that can respond to your Hijackthis log and give you malware advice,as well as the ones with the titles above.You can see him posting often in the malware forum,as well,for added assurance.
http://forums.spybot.info/search.php?searchid=334754
I think maybe it was just forgotten to put Security Expert in the above post.

Thanks so much, Tashi. You're always a big help!:crowned:

Benzmum:

Additional information:

From the following list you will see that Mr_JAk3 (http://forums.spybot.info/member.php?u=13023) moderator in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum:
View Forum Leaders (http://forums.spybot.info/showgroups.php)
ps: That response came from Zenobia not tashi.

:oops:Oh, I'm sorry - thanks for pointing that out. I wasn't looking carefully enough obviously. Zenobia my apologies. I've very grateful for Team Spybot and everyone on it who takes the time to answer our questions.

I think maybe it was just forgotten to put Security Expert in the above post. We also have an esteemed expert, could end up a long list so will leave it simple for now. :laugh:

Zenobia my apologies

No problem.Good luck in malware removal. :bigthumb: :)