SpyBot has identified Nurech, but does not resolve. Is this a false positive? What is ShellBotR?


Hint of the Day: Click the bar at the right of this to see more information! ()


Nurech: [SBI $DD2B7EA5] Settings (Registry key, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellBotR





--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---



2008-07-07 blindman.exe (1.0.0.8)

2008-07-07 SDFiles.exe (1.6.0.4)

2008-07-07 SDMain.exe (1.0.0.6)

2008-07-07 SDShred.exe (1.0.2.3)

2008-07-07 SDUpdate.exe (1.6.0.8)

2008-07-07 SDWinSec.exe (1.0.0.12)

2008-07-07 SpybotSD.exe (1.6.0.30)

2008-07-07 TeaTimer.exe (1.6.0.20)

2004-04-27 unins000.exe (51.13.0.0)

2008-08-14 unins001.exe (51.49.0.0)

2008-07-07 Update.exe (1.6.0.7)

2008-07-07 advcheck.dll (1.6.1.12)

2007-04-02 aports.dll (2.1.0.0)

2004-05-12 borlndmm.dll (7.0.4.453)

2004-05-12 delphimm.dll (7.0.4.453)

2008-06-14 DelZip179.dll (1.79.11.1)

2008-07-07 SDHelper.dll (1.6.0.12)

2008-06-19 sqlite3.dll

2008-07-07 Tools.dll (2.1.5.7)

2004-05-12 UnzDll.dll (1.73.1.1)

2004-05-12 ZipDll.dll (1.73.2.0)

2008-08-05 Includes\Adware.sbi (*)

2008-08-12 Includes\AdwareC.sbi (*)

2008-06-03 Includes\Cookies.sbi (*)

2008-06-03 Includes\Dialer.sbi (*)

2008-08-05 Includes\DialerC.sbi (*)

2008-07-22 Includes\HeavyDuty.sbi (*)

2008-07-30 Includes\Hijackers.sbi (*)

2008-08-12 Includes\HijackersC.sbi (*)

2008-08-05 Includes\Keyloggers.sbi (*)

2008-08-12 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2008-08-05 Includes\Malware.sbi (*)

2008-08-12 Includes\MalwareC.sbi (*)

2008-08-05 Includes\PUPS.sbi (*)

2008-08-12 Includes\PUPSC.sbi (*)

2007-11-07 Includes\Revision.sbi (*)

2008-06-18 Includes\Security.sbi (*)

2008-08-12 Includes\SecurityC.sbi (*)

2008-06-03 Includes\Spybots.sbi (*)

2008-06-03 Includes\SpybotsC.sbi (*)

2008-08-11 Includes\Spyware.sbi (*)

2008-08-11 Includes\SpywareC.sbi (*)

2008-06-03 Includes\Tracks.uti

2008-08-05 Includes\Trojans.sbi (*)

2008-08-12 Includes\TrojansC.sbi (*)

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll

surfsista:

I do not believe that the detection is a false positive. See:
ThreatExpert Report Trojan-Proxy.Agent!sd5, Trojan-Proxy.Win32.Agent.jo, Backdoor.Shellbot..
http://www.threatexpert.com/report.aspx?uid=4762863e-9ecf-4b27-ae4a-08985179791b

The following Registry Key was created:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellBotR
I believe you are running with month old updates. Please go into Spybot » Help »About. Make sure you are running the latest detection updates:
Latest detection update 9/10/2008
If not update.

After updating try running another scan/fix. If that does not fix the problem, try running Spybot in Safe Mode (http://www.laplink.com/support/kb/article.asp?ID=102) and see if that helps with the removal of the problem.

If Spybot still fails to correct the problem consider posting in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum and having someone take a look at your system.

If you decide to have an experienced malware removal specialist assist you, please follow the procedure in this link to run scans and produce a HijackThis log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) ( http://forums.spybot.info/showthread.php?t=288).
After you have completed the required scans and produced the requested logs, start your own thread in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum, making sure to post the HijackThis log produced from the above instructions.