erminator
2007-11-05, 18:01
I have 3 systems that have shown this behavior.
Two are Win XP Sp2
One is Server Enterprise 2003 R2
All have IE7
All have Spybot is 1.5.1.15 (Corp)
All definitions update every day
Spybot is finding "Naupoint" in certain startup entries (entries that I am pretty sure are legitimate).
Spybot will remove these entries, which prevents these programs from starting, which has various odd effects on the system.
Spybot also finds entries in the hosts file that it attempts to remove.
Upon rebooting and a subsequent scan, the host file entries are found once again and legitimate startup entries are again found to be "Naupoint."
Here the log from once such scan:
--- Search result list ---
Naupoint: [SBI $89F4134C] Autorun settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1803905534-2379313150-3934839200-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Eraser
Naupoint: [SBI $89F4134C] Autorun settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1803905534-2379313150-3934839200-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe
Naupoint: [SBI $89F4134C] Program file (File, nothing done)
C:\WINDOWS\system32\ctfmon.exe
Naupoint: [SBI $89F4134C] Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vptray
Naupoint: [SBI $89F4134C] Program file (File, nothing done)
C:\PROGRA~1\SYMANT~1\VPTray.exe
Naupoint: [SBI $89F4134C] Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ccApp
Naupoint: [SBI $89F4134C] Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Defender
Naupoint: [SBI $89F4134C] Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vptray
Naupoint: [SBI $89F4134C] Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ccApp
Naupoint: [SBI $89F4134C] Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Defender
Microsoft.Windows.RedirectedHosts: [SBI $82672CA1] Redirected host (Redirected host, nothing done)
net-integration.net=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $7F540B12] Redirected host (Redirected host, nothing done)
www.net-integration.net=127.0.0.1
-----
I personally installed all of these startup programs, so I know what they are and why they're there. What I do not know is why Spybot sees them as Naupoint.
On all these systems, I see the same identifier in the scan: SBI $89F4134C
Any idea what SBI is? I searched Google for "$89F4134C" and found nothing.
Anyone see anything similar with entries being detected as “Naupoint??”
Thanks,
Erminator
Two are Win XP Sp2
One is Server Enterprise 2003 R2
All have IE7
All have Spybot is 1.5.1.15 (Corp)
All definitions update every day
Spybot is finding "Naupoint" in certain startup entries (entries that I am pretty sure are legitimate).
Spybot will remove these entries, which prevents these programs from starting, which has various odd effects on the system.
Spybot also finds entries in the hosts file that it attempts to remove.
Upon rebooting and a subsequent scan, the host file entries are found once again and legitimate startup entries are again found to be "Naupoint."
Here the log from once such scan:
--- Search result list ---
Naupoint: [SBI $89F4134C] Autorun settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1803905534-2379313150-3934839200-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Eraser
Naupoint: [SBI $89F4134C] Autorun settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1803905534-2379313150-3934839200-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe
Naupoint: [SBI $89F4134C] Program file (File, nothing done)
C:\WINDOWS\system32\ctfmon.exe
Naupoint: [SBI $89F4134C] Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vptray
Naupoint: [SBI $89F4134C] Program file (File, nothing done)
C:\PROGRA~1\SYMANT~1\VPTray.exe
Naupoint: [SBI $89F4134C] Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ccApp
Naupoint: [SBI $89F4134C] Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Defender
Naupoint: [SBI $89F4134C] Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vptray
Naupoint: [SBI $89F4134C] Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ccApp
Naupoint: [SBI $89F4134C] Autorun settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Defender
Microsoft.Windows.RedirectedHosts: [SBI $82672CA1] Redirected host (Redirected host, nothing done)
net-integration.net=127.0.0.1
Microsoft.Windows.RedirectedHosts: [SBI $7F540B12] Redirected host (Redirected host, nothing done)
www.net-integration.net=127.0.0.1
-----
I personally installed all of these startup programs, so I know what they are and why they're there. What I do not know is why Spybot sees them as Naupoint.
On all these systems, I see the same identifier in the scan: SBI $89F4134C
Any idea what SBI is? I searched Google for "$89F4134C" and found nothing.
Anyone see anything similar with entries being detected as “Naupoint??”
Thanks,
Erminator