PDA

View Full Version : spyware removal question



guiri
2007-09-20, 09:07
Guys, I had someone install v 1.4 on my system and decided to try it today for the first time.

it found 60 threats (red) and I opted to FIX which I assume it did. Well, after that, i did an update and decided to run search again and it found the exact same problems except for one so 59 total.

What's the deal?

Thanks

George

md usa spybot fan
2007-09-20, 09:16
Spybot 1.5 is the current version. Consider upgrading.

It would help if you posted the log of the actual detections you are getting. To do that:
Run another scan.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Then paste (Ctrl+V) those results to a new post in this thread.

guiri
2007-09-20, 09:34
CiD.IEPop: User settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-842925246-823518204-839522115-1003\Software\Microsoft\Internet Explorer\New Windows\Allow\netbios-wait.com

CiD.IEPop: User settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-842925246-823518204-839522115-1003\Software\Microsoft\Internet Explorer\New Windows\Allow\netsearchsoft.com

CiD.IEPop: User settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-842925246-823518204-839522115-1003\Software\Microsoft\Internet Explorer\New Windows\Allow\www.netbios-wait.com

CiD.IEPop: User settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-842925246-823518204-839522115-1003\Software\Microsoft\Internet Explorer\New Windows\Allow\www.netsearchsoft.com

DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done)


BurstMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)


MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


CoreMetrics: Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-07-04 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-09-19 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-09-19 Includes\DialerC.sbi (*)
2007-08-29 Includes\Hijackers.sbi (*)
2007-09-19 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-09-19 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-09-12 Includes\Malware.sbi (*)
2007-09-19 Includes\MalwareC.sbi (*)
2007-09-05 Includes\PUPS.sbi (*)
2007-09-19 Includes\PUPSC.sbi (*)
2007-09-19 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-09-19 Includes\SecurityC.sbi (*)
2007-09-12 Includes\Spybots.sbi (*)
2007-09-19 Includes\SpybotsC.sbi (*)
2007-08-21 Includes\Tracks.uti
2007-09-12 Includes\Trojans.sbi (*)
2007-09-19 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll

guiri
2007-09-20, 09:35
I don't mind upgrading though but I was curious why this happens and if there is something I don't understand.

george

md usa spybot fan
2007-09-20, 16:11
Spybot 1.5 can immunize Firefox whereas Spybot 1.4 could not.

Spybot 1.4 sometimes has trouble removing Firefox tracking cookies. There are suggestions in the following post on how to remove them as well as block them from being stored in the future:
http://forums.spybot.info/showpost.php?p=64081&postcount=4

There is also another discussion about FireFox tracking cookies (3rd party cookies) in the following thread:
Reappearing cookies?
http://forums.spybot.info/showthread.php?t=10743

guiri
2007-09-20, 22:56
Alright, I'll try the newer version and see if that'll take care of it but I kinda screwed something up last night so I may have to go back to a much older configuration on the computer...oh well :)

Thanks

George

wlrdew
2007-10-06, 03:20
What is Cid.IEPop? I have removed it at least 15 times, but it still comes back. I think itis responsible for "killing" my computer and having to send it to a computer repairman.......

Any ideas what it is? Or how to permanently get rid of it?

wlrdew
2007-10-08, 05:13
What is Cid.IEPop? I have removed it at least 15 times, but it still comes back. I think itis responsible for "killing" my computer and having to send it to a computer repairman.......

Any ideas what it is? Or how to permanently get rid of it?

Yodama
2007-10-08, 09:11
hello,

CiD.IEPop is part of a series of trojan horses that usually get installed along with other software. It usually has serveral instances running in background and registered in system start. This may be a new variant that does not get detected completely, which is why the found entries return/ get recreated by the trojan horse.

Please create a full Spybot S&D log and attach it to your next post. You can also check your system start for strange folder and filenames like Atom mp3 admin, Htmbiasbowsfork, Free draw chic, LOGANTIFORK, okay four.exe, Bindhole.exe or similar. These names usually change from version to version so they may not be present, with the log file we will be able to determine which system start entries are suspicious and help you with removal.

wlrdew
2007-10-09, 07:03
I hope this is what you mean. I am not particularly computer savvy. If this is not what you need, let me know and I will try again. Thanks so much for your help. I so appreciate it.

:red:


--- Search result list ---
CiD.IEPop: [SBI $9596E091] User settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-527237240-1547161642-682003330-1004\Software\Microsoft\Internet Explorer\New Windows\Allow\netbios-wait.com

CiD.IEPop: [SBI $73413041] User settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-527237240-1547161642-682003330-1004\Software\Microsoft\Internet Explorer\New Windows\Allow\www.netbios-wait.com

DoubleClick: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)


BurstMedia: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)


BurstMedia: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)


MediaPlex: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)


TagASaurus: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)


WarezP2P: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)


Zedo: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)


FastClick: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)


Advertising.com: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)


DirectTrack: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)


BlueStreak: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)


AzoogleAds: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)


DirectTrack: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)


MediaPlex: [SBI $4CDCC3D5] Tracking cookie (Internet Explorer: Wendy) (Cookie, nothing done)

Yodama
2007-10-09, 08:34
hello,

I am sorry I should have told you how to get the full Spybot log, what you posted is only the search result list :oops:

To get the log:
* switch Spybot S&D to advanced mode
* then go to "Tools" - "View Report"
* check all boxes
* click the "View Report" button
* export the report to a text file and attach it to your next post, since the report will be very long posting it directly would take up several posts.

wlrdew
2007-10-09, 08:48
ok...is this right?

spybotsandra
2007-10-09, 11:10
Hello,

I am sorry, but this is also not the full report.
Please send us a complete bug report. In order to do so, please run Spybot - Search & Destroy and switch to Advanced Mode via the menu item Mode, let it scan, try to fix the problems (!) and then go to "Tools" --> "View Report". Tick all the 10 checkboxes (leave "Do not report disabled or known legitimate items" unchecked) you can find there and click on "View Report". Now choose "Export" and save the file to your desktop.

Best regards
Sandra
Team Spybot

wlrdew
2007-10-10, 06:15
I am so srry. As I said, I am not very computer savvy. Thanks for telling me how to. Hopefully this will be the right report.

Yodama
2007-10-11, 11:01
I am so srry. As I said, I am not very computer savvy. Thanks for telling me how to. Hopefully this will be the right report.

it appears that the attached zip file is empty, please try to attach the report file again.