Hi guys and girls. Im looking help with a little problem(well i hope its little). Afew weeks back my brother downloaded a proggy (dont know what it was or what it was for). But from the day he done it iv been having problems with my pc. Im running Norton A/V, and everytime i scan pc i am getting tracking cookies. I run S/B and its picking up the same cookies. Norton says it fixed the problen when the scan ended but if i scan right away it picks up the cookies again. And just last night i found my pc going funny and i opened Taskmanger 2 see if i could see anything that wasnt ment 2 be running and low and behold i seen a proggy running called project 1 (i ended that right away). I dont know alot about Pc's and dont want 2 restore my pc cos iv 2 much 2 loss on it. This is what SpyBot has found (ill paste at end). But the thing is what was that proggy running. Is there anything i can run 2 see what and if i have any keyloggers, virus etc that my norton wont pick up. Sorry if sounds Noobish but as i said i know little about Pc's Thx Company: AdRevolver
Product: Cookie
Threat: Tracking cookie or cookie of tracking site.


Description
Uses information about your web surfing that could include any information, like accounts and passwords.

Adviva 2 entries Browser
Company: HitBox
Product: Cookie
Threat: Tracking cookie or cookie of tracking site

Company privacy URL:
_http://www.websidestory.com/cgi-bin/wss.cgi?privacy&privacy&index_

Description
How do they want to deliver specific content, if not by watching my surfing behaviour?

Privacy Statement
We may use cookies to:
Keep count of your return visits to our site or our clients' sites
Accumulate and report anonymous, aggregate, statistical information on Web site usage
Deliver content specific to your interests

Company: Mediaplex
Product: Cookie
Threat: Tracking cookie or cookie of tracking site.

Company:
Product: WindowsSecurityCenter_disabled
Threat: Security


Functionality
if the Windows Security Center is disabled this entry will be shown

Description
Malware can disable the Windows Security Center to make your System more vulnerable.

If you have other security software suit installed, this may also deactivate the Windows Security Center to avoid double warning messages.

Right Media 1 entries Browser

ompany: Tradedoubler
Product: Cookie
Threat: Tracking cookie or cookie of tracking site.


Description
Uses information about your web surfing that could include any information, like accounts and passwords.

Company: WebTrends live
Product: Cookie
Threat: Tracking cookie or cookie of tracking site.


Description
Uses information about your web surfing that could include any information, like accounts and passwords.

Hello,

Doubleclick (and others like Advertising.com, Avenue A, Inc, CasaleMedia, Fastclick, Hitbox, Mediaplex etc.) are so-called tracking cookies. It is quite common for popular websites to employ such tracking cookies from third parties. They use them in order to track the users' surfing habits on their websites. As I said, these cookies are from third parties but they are employed by the site. There is a tool in Spybot-S&D: BrowserHelper, i.e. a bad download blocker for Internet Explorer. With this tool enabled such tracking cookies will be blocked. In order to activate this tool, please run Spybot-S&D and go to the "Tools"->"Resident" page. Checking the checkbox in front of SDHelper will enable the BrowserHelper.

Now open the Tools menu in your Internet Explorer and choose 'Spybot - Search Destroy Configuration'.
There you will find a drop down menu which will appear giving you some options.
http://www.safer-networking.org/en/spybotsd15/index.html (3rd picture)
You should select "Block all bad pages silently".
With that option set the notifications will no longer come up, but you will still have the protection.
Further choose "Spybot-S&D->Immunize" from the navigation bar on the left.
Now the baddies are blocked.

Best regards
Sandra
Team Spybot

Thank you for ur help Sandra

Hi People, i posted in the forum the other day and 'spybotsandra' helped me out. I have just tryed 2 log in afew yahoo id's 2 yahoo and its not letting me log them in. i know i havent changed the passwords. I have asked friends what could be the problem and afew have said that iv been keylogged cos my id's have a value ie (they are called rares cos you cant make them no more) as these id's were made 10+years ago i forget all the info 2 get the id's back (but thats not the thing). I want 2 know where i can look or find anything in the shape of form of a keylogger in my pc. Hope someone understands my post and can help me out because iv 2 much on Pc 2 loss by reformating it. Thx in Adv

Hello,

For someone to take a look at the system, please follow the procedure in this link:
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a helper will advise you when available.

Regards. :)

Hi Tashi i downloaded that HJT and scanned it with virustotal and heres the scan File HiJackThis.zip received on 09.12.2008 11:30:29 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 4/36 (11.12%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 37 and 53 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2008.9.12.2 2008.09.12 -
AntiVir 7.8.1.28 2008.09.12 -
Authentium 5.1.0.4 2008.09.12 -
Avast 4.8.1195.0 2008.09.11 -
AVG 8.0.0.161 2008.09.12 -
BitDefender 7.2 2008.09.11 -
CAT-QuickHeal 9.50 2008.09.12 -
ClamAV 0.93.1 2008.09.12 -
DrWeb 4.44.0.09170 2008.09.12 -
eSafe 7.0.17.0 2008.09.11 Suspicious File
eTrust-Vet 31.6.6086 2008.09.12 -
Ewido 4.0 2008.09.11 -
F-Prot 4.4.4.56 2008.09.12 -
F-Secure 8.0.14332.0 2008.09.12 -
Fortinet 3.113.0.0 2008.09.12 -
GData 19 2008.09.12 -
Ikarus T3.1.1.34.0 2008.09.12 -
K7AntiVirus 7.10.452 2008.09.11 -
Kaspersky 7.0.0.125 2008.09.12 -
McAfee 5382 2008.09.11 -
Microsoft 1.3903 2008.09.12 -
NOD32v2 3437 2008.09.12 -
Norman 5.80.02 2008.09.12 -
Panda 9.0.0.4 2008.09.11 Suspicious file
PCTools 4.4.2.0 2008.09.11 -
Prevx1 V2 2008.09.12 Suspicious
Rising 20.61.41.00 2008.09.12 -
Sophos 4.33.0 2008.09.12 -
Sunbelt 3.1.1628.1 2008.09.11 -
Symantec 10 2008.09.12 -
TheHacker 6.3.0.9.077 2008.09.10 -
TrendMicro 8.700.0.1004 2008.09.12 -
VBA32 3.12.8.5 2008.09.10 Backdoor.Win32.Bifrose.zzv
ViRobot 2008.9.11.1373 2008.09.11 -
VirusBuster 4.5.11.0 2008.09.11 -
Webwasher-Gateway 6.6.2 2008.09.12 -
Additional information
File size: 318369 bytes
MD5...: abf906fe4df76912bc71046a1cd521c8
SHA1..: 93ebd355dd4fe05345de8a4c0ce2230fbfba8774
SHA256: fcc78bc085d103ded19ea01e518ae8f082f2012a51e18b84a1ca27fc4a0a1621
SHA512: fc46c23adabd6ae8ce047773eccb1c4f29645a6623037d86b7231cc7ce626dc4
54d3aebae444770503e9c633cd8a0d3691a9448249c5e906288eb407c4438da0
PEiD..: -
TrID..: File type identification
ZIP compressed archive (100.0%)
PEInfo: -
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=44C120F738065514211C067B4ABA7A00E4635499
packers (Kaspersky): PE_Patch.UPX, UPX
Is it ok 2 run this on Pc with these files??

Hello DumbAsHell,

After downloading TrendMicro's HJT program from here (http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download), you ran it through Virus Total?


Edit: Malware forum topic. http://forums.spybot.info/showthread.php?t=34060

Yes Tashi, Iv posted the HJT report in malware. Thx for Ur help