I use Ulead Video Studio 10 which seems to install the registry key below which Spybot identifies as Grokloader. Spybot will remove it but it reappears every time Video Studio is used. Is this really malware and, if so, how can it be removed?
Thanks!
HKEY_USERS..............\Software\Softwrap\Adtracker

Hello.
Please produce a short log.

Open SpyBot.
Check for problems.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Paste (Ctrl+V) those results to a new post in this thread.


Regards. :)

Dear Tashi
Many thanks for picking this up. I post the Spybot report below. The Teknum updates are part of two Handybits programmes that I use and I don't think that they are a problem. However, I would welcome your views on "Grokloader". I think that this is installed by Ulead Video Studio 10. Spybot will delete the key but I believe that it reappears whenever Video Studio is run.
Thank you again.

GrokLoader: [SBI $A8A047C2] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1177238915-1993962763-839522115-1003\Software\Softwrap\Adtracker________

Teknum Updater: [SBI $62A07EE6] Common file (global) (File, nothing done)
C:\Program Files\Common Files\Teknum Systems\update.exe

Teknum Updater: [SBI $9A32A26C] Common file (global) (File, nothing done)
C:\Program Files\Common Files\Teknum Systems\update.dat


--- Spybot - Search & Destroy version: 1.5 (build: 20070924) ---

2007-11-02 unins000.exe (51.46.0.0)
2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 TeaTimer.exe (1.5.0.9)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 SpybotSD_orig.exe (1.5.1.15)
2007-09-24 SpybotSD.exe (1.5.1.16)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2007-10-31 Includes\Dialer.sbi (*)
2007-08-29 Includes\Hijackers.sbi (*)
2007-10-04 Includes\Keyloggers.sbi (*)
2007-10-24 Includes\Malware.sbi (*)
2007-10-24 Includes\PUPS.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-10-24 Includes\Spybots.sbi (*)
2007-11-01 Includes\Trojans.sbi (*)
2007-10-31 Includes\Cookies.sbi (*)
2007-10-31 Includes\Revision.sbi (*)
2007-08-21 Includes\Tracks.uti
2007-10-31 Includes\TrojansC.sbi (*)
2007-10-31 Includes\SpybotsC.sbi (*)
2007-10-31 Includes\SecurityC.sbi (*)
2007-10-31 Includes\PUPSC.sbi (*)
2007-10-31 Includes\MalwareC.sbi (*)
2007-10-31 Includes\KeyloggersC.sbi (*)
2007-10-31 Includes\HijackersC.sbi (*)
2007-10-31 Includes\DialerC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll

Hi Tashi
Any thoughts on this?
Best regards.

It's unlikely to be doing anything, per se. However, it's [fairly] simple to prevent VideoStudio from adding this key each time you run ti.

Start...Run...regedit...OK to start the Registry Editor.

Make your way down to where the key gets inserted--on your system:
HKEY_USERS\S-1-5-21-1177238915-1993962763-839522115-1003\Software\Softwrap\

If there's a subfolder (i.e., Adtracker), delete it. However, keep the empty Softwrap folder there, or, if you're doing this after Spybot has cleared things out, add the empty Softwrap folder back as a subfolder of Software again. (Right-click on Software, select New...Key and type Softwrap for the name.)

Now, Right-click on the empty Softwrap folder. and select Permissions. Select each of the Group or user names in turn, and check the Deny box down below for each one. (The Read box will also get a check mark in it, that's normal.) Once you've done that, click OK, close the editor, and you're down.

That's it. What you've done is to refuse permission to any program or routine to write any data to that empty Softwrap key in the registry. So the next time you run VideoStudio, it won't be able to write anything there, and there will be nothing for Spybot to comment on when you run Spybot again.

Hello,

Please upgrade your program, version 1.5.2 is available!
Just install over the old version.
You can download the new version here:
http://www.safer-networking.org/en/mirrors/index.html
Or choose the direct installation file (http://www.spybotupdates.com/files/spybotsd152.exe).
Don't forget to update afterwards!
We hope you enjoy 1.5.2 even more than our previous releases!

Best regards
Sandra
Team Spybot