Harry Letterman
2007-09-16, 22:06
With Spybot 1.5 this morning I noticed a registry entry change warning from Spybot. A toolbar was trying to install. I clicked the "Deny change" button and ticked "Remember this decision". I have a screenshot of the Spybot registry change warning window.
About a week ago I had a bad encounter with h**p:/mamaha.info/drugs/CalCet.htm. Details of that incident can be read at this Spyware Warrior thread (http://www.spywarewarrior.com/viewtopic.php?t=26227). "Dawg" at Wilders Security Forum says that the host of the malware is h**p://www.sex2person.info/xxxxxx/ (link to Dawg's post (http://www.wilderssecurity.com/showpost.php?p=1076615&postcount=10)).
I scanned with Spybot 1.4 and it fixed 3 registry changes. A couple days later I updated to Spybot 1.5 and a scan showed no problems. However, I have noticed a couple of times where IE 6 windows would "cascade open" uncontrollably. I have a HijackThis thread at Spyware Warrior but there are no takers so far. I am also doing a trial evaluation of SpywareTerminator and did a "Fast Spyware Scan" and it found 2 items (the links are to descriptions only):
AnalogX PacketMon ( http://www.analogx.com/contents/download/network/pmon.htm)
BrainNames (http://www.sophos.com/security/analyses/brainnames.html?_log_from=rss) (Sophos link)
I just performed a new scan with Spybot 1.5 and it says that no problems were found. I do have the Logs from v1.4 where Mamaha was involved. Should I post a HJT log here? I'm primarily concerned about that attempted registry change (BHO toolbar). I DID deny the change.
Thanks for reading!
About a week ago I had a bad encounter with h**p:/mamaha.info/drugs/CalCet.htm. Details of that incident can be read at this Spyware Warrior thread (http://www.spywarewarrior.com/viewtopic.php?t=26227). "Dawg" at Wilders Security Forum says that the host of the malware is h**p://www.sex2person.info/xxxxxx/ (link to Dawg's post (http://www.wilderssecurity.com/showpost.php?p=1076615&postcount=10)).
I scanned with Spybot 1.4 and it fixed 3 registry changes. A couple days later I updated to Spybot 1.5 and a scan showed no problems. However, I have noticed a couple of times where IE 6 windows would "cascade open" uncontrollably. I have a HijackThis thread at Spyware Warrior but there are no takers so far. I am also doing a trial evaluation of SpywareTerminator and did a "Fast Spyware Scan" and it found 2 items (the links are to descriptions only):
AnalogX PacketMon ( http://www.analogx.com/contents/download/network/pmon.htm)
BrainNames (http://www.sophos.com/security/analyses/brainnames.html?_log_from=rss) (Sophos link)
I just performed a new scan with Spybot 1.5 and it says that no problems were found. I do have the Logs from v1.4 where Mamaha was involved. Should I post a HJT log here? I'm primarily concerned about that attempted registry change (BHO toolbar). I DID deny the change.
Thanks for reading!