PDA

View Full Version : Suspected browser hijacker



Doug06
2006-03-07, 00:35
Spyware Blaster reports: Wind Update
Trend Micro antiSpyware reports : tspy_LowZones.A

SpybotS&D 1.4 finds nothing
Windows Defender finds nothing
The Cleaner finds nothing
AdAware finds nothing

puzzled and frustrated

http://forums.spybot.info/attachment.php?attachmentid=430&stc=1&d=1141684328
HJT log.txt

Doug06
2006-03-07, 00:47
Sorry, forgot to attach this RunAlyzer log.

LonnyRJones
2006-03-08, 13:15
Hi

It appears you have items on hijackthis's ignorlist ?

"Spyware Blaster reports: Wind Update
Trend Micro antiSpyware reports : tspy_LowZones.A"

What program reports wind update ? and where is it located ? whats the file name ? and finaly does it keep returning ?

Where does trend see the file and what name is it using ?

Lets get another opinion
Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Save the report and post it back here please if there are any that it is unable to deal with.

Doug06
2006-03-11, 07:43
First, Thanks for the help so far. Asking for help does not come easy for me.

Spyware Blaster reports that windupdates.com is on my list of restricted sites, but for some reason it shows up in red and is unchecked. If I change this setting it reverts back to unchecked when I reboot.

Trend reports tspy_LowZone.A from company ID 6120. I can't find it with Search and I get a popup stating Unable to view log file a this time [Spysubtract] Error 2 Error O)xlba

Panda Active Scan Free report is attached--another virus and a bunch of cookies that do not show up in AVG.

Ran a new HJT scan but don't know how to post more than 1 attachment at a time. Guess I'll just post again.

Doug06
2006-03-11, 07:51
I have nothing on my ignore list. Log attached

LonnyRJones
2006-03-11, 09:22
Logfile of HijackThis v1.98.0

Post a current version hijackthis log

Place it in a folder of its own not in a temp , such as c:\antispyware

First Make a new folder, example C:\AntiSpyWare
and download/Save HijackThis, to that new folder.
This is necessary to ensure you have backups should anything go wrong
http://www.merijn.org/files/HijackThis.exe
Double click HijackThis.exe, Hit None of the above, just start the program.
Hit Scan When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log somewhere, and please show us its contents.
Most of what it lists will be harmless or even required, so do NOT fix anything yet.

So what version of SpywareBlaster and SpyBot is it you have ?

Also
Kaspersky Lab - Free Online scan:
http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.

Doug06
2006-03-12, 01:44
I downloaded Hijackthis ver 1.99.0.1 to a separate folder, ran it and have attached a log.

Kapersky online scan picked up nothing.

I am running SpybotSD version 1.4.0.3 and Spyware Blaster 3.05.0001

LonnyRJones
2006-03-12, 03:58
SpyBot 1.4o3 was a beta, the final is out now, you should replace it.

I think one of you other security programs (perhaps trend)is undoing what SpywareBlaster did..

Doug06
2006-03-12, 05:09
Can you direct me to a legitimate download site? Just tried to download Spybot 1.4 from one of the mirror sites but I worry that my request may have been re-directed. What is the MD-5 hash of the version you want me to use?

LonnyRJones
2006-03-12, 07:08
spybotsd14.exe
Date: 3/11/2006 9:06:09 PM
General ***********************************************
Size: 5037072
Version: 0.0.0.0
CRC-32: 7C294AAC
MD5: C1A843913269018A8FC962407D7E5169
SHA1: F6FECA87BF7AE26BB175753129DE87D7577C822E

Doug06
2006-03-14, 02:34
Thanks for your reply to my concerns about legitimacy of HJT 1.4. I ran Panda's online scan and then installed their evaluation software. Not a good idea. Now I can't get rid of it. Any suggestions? Tried to use HJT tools to delete Panda files upon reboot but this did not work. How to get rid of the services that Panda installed without breaking HJT?

FYI--FilAlyzer was not able to process the downloaded Panda installation package.

Current HJT log attached.

LonnyRJones
2006-03-14, 04:02
Its uninstaller wont work ? if so reinstall the program then uninstall if you like
Why not keep it for now ?

tashi
2006-03-22, 09:06
This topic will now be archived to prevent others with similar issues posting in it.
If you need it re-opened please send me a pm and provide a link to the thread.