PDA

View Full Version : Malware removal problem


BaadB
2008-09-27, 19:56
Can anyone help? The last few times I have run Spybot is has successfully identified several problems including Adrevolver, BurstMedia, CasaleMedia, DoubleClick, FastClick, Hitbox, MediaPlex, Statcounter, Webtrends live and Zedo. I have clicked “Fix selected problems” and got the message “32 problems fixed”. The problems remain in the "Scan for problems page” however and are still there when I re-scan.

I have Spybot 1.6.0.30, running on XP SP3. I have updated Spybot twice, rebooted, rerun the scan, all the items in the list were checked but still they are there.

I am considering un-installing and re-installing Spybot as my next step. Is this a known problem and or does anyone have any alternative suggestions?
129260
2008-09-28, 03:47
tried scanning in safe mode and removing them there? If you need directions to do that let me know and i can help you.

Also, if safe mode cannot get rid of them, let us know immediately.
md usa spybot fan
2008-09-28, 06:12
BaadB:

All those problems sound like tracking cookies.

Please post a log of the actual detections you are getting. To do that:
Run another scan.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Then paste (Ctrl+V) those results to a new post in this thread.
BaadB
2008-09-29, 18:44
Hey thnx 129260 & mdusaspybotfan, I have tried running in safe and got same result, problems remain.

Below is the result of the latest scan as requested, note I copied this report after running “fix selected problems” and all the problems were selected.

I only copied the first section of the report as the whole report was too long to post, 224685 characters long...


--- Search result list ---
Hint of the Day: Click the bar at the right of this to see more information! ()


AdRevolver: Tracking cookie (Flock: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Flock: default) (Cookie, nothing done)


MediaPlex: Tracking cookie (Flock: default) (Cookie, nothing done)


BurstMedia: Tracking cookie (Flock: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Flock: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Flock: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Flock: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Flock: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Flock: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Flock: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Flock: default) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Flock: default) (Cookie, nothing done)


DoubleClick: Tracking cookie (Flock: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Flock: default) (Cookie, nothing done)


HitBox: Tracking cookie (Flock: default) (Cookie, nothing done)


HitBox: Tracking cookie (Flock: default) (Cookie, nothing done)


FastClick: Tracking cookie (Flock: default) (Cookie, nothing done)


FastClick: Tracking cookie (Flock: default) (Cookie, nothing done)


FastClick: Tracking cookie (Flock: default) (Cookie, nothing done)


FastClick: Tracking cookie (Flock: default) (Cookie, nothing done)


HitBox: Tracking cookie (Flock: default) (Cookie, nothing done)


MediaPlex: Tracking cookie (Flock: default) (Cookie, nothing done)


MediaPlex: Tracking cookie (Flock: default) (Cookie, nothing done)


Statcounter: Tracking cookie (Flock: default) (Cookie, nothing done)


Zedo: Tracking cookie (Flock: default) (Cookie, nothing done)


Zedo: Tracking cookie (Flock: default) (Cookie, nothing done)


Zedo: Tracking cookie (Flock: default) (Cookie, nothing done)


Zedo: Tracking cookie (Flock: default) (Cookie, nothing done)


Zedo: Tracking cookie (Flock: default) (Cookie, nothing done)


Zedo: Tracking cookie (Flock: default) (Cookie, nothing done)


AdRevolver: Tracking cookie (Flock: default) (Cookie, nothing done)


WebTrends live: Tracking cookie (Flock: default) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-08-18 TeaTimer.exe (1.6.2.23)
2008-08-18 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-07-07 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-09-02 Includes\Adware.sbi (*)
2008-09-09 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-09-02 Includes\Hijackers.sbi (*)
2008-09-02 Includes\HijackersC.sbi (*)
2008-09-09 Includes\Keyloggers.sbi (*)
2008-09-23 Includes\KeyloggersC.sbi (*)
2008-09-09 Includes\Malware.sbi (*)
2008-09-23 Includes\MalwareC.sbi (*)
2008-09-02 Includes\PUPS.sbi (*)
2008-09-11 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-09-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-09-09 Includes\Spyware.sbi (*)
2008-09-23 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-09-16 Includes\Trojans.sbi (*)
2008-09-23 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB916281
/ Internet Explorer 6 / SP1: Windows XP Hotfix - KB918439
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Outlook Express 6 / SP1: Windows XP Hotfix - KB911567
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 8: Security Update for Windows Media Player 8 (KB917734)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB928090)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB931768)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB933566)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB937143)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB939653)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB953838)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Security Update for Windows XP (KB938464)
/ Windows XP / SP4: Security Update for Windows XP (KB946648)
/ Windows XP / SP4: Security Update for Windows XP (KB950760)
/ Windows XP / SP4: Security Update for Windows XP (KB950762)
/ Windows XP / SP4: Security Update for Windows XP (KB950974)
/ Windows XP / SP4: Security Update for Windows XP (KB951066)
/ Windows XP / SP4: Update for Windows XP (KB951072-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951376)
/ Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
/ Windows XP / SP4: Security Update for Windows XP (KB951698)
/ Windows XP / SP4: Security Update for Windows XP (KB951748)
/ Windows XP / SP4: Update for Windows XP (KB951978)
/ Windows XP / SP4: Hotfix for Windows XP (KB952287)
/ Windows XP / SP4: Security Update for Windows XP (KB952954)
/ Windows XP / SP4: Security Update for Windows XP (KB953839)
/ Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)
spybotsandra
2008-09-29, 18:46
Hello,

Doubleclick (and others like Advertising.com, Avenue A, Inc, CasaleMedia, Fastclick, Hitbox, Mediaplex etc.) are so-called tracking cookies. It is quite common for popular websites to employ such tracking cookies from third parties. They use them in order to track the users' surfing habits on their websites. As I said, these cookies are from third parties but they are employed by the site. There is a tool in Spybot-S&D: BrowserHelper, i.e. a bad download blocker for Internet Explorer. With this tool enabled such tracking cookies will be blocked. In order to activate this tool, please run Spybot-S&D and go to the "Tools"->"Resident" page. Checking the checkbox in front of SDHelper will enable the BrowserHelper.

Now open the Tools menu in your Internet Explorer and choose 'Spybot - Search Destroy Configuration'.
There you will find a drop down menu which will appear giving you some options.
http://www.safer-networking.org/en/spybotsd15/index.html (3rd picture)
You should select "Block all bad pages silently".
With that option set the notifications will no longer come up, but you will still have the protection.
Further choose "Spybot-S&D->Immunize" from the navigation bar on the left.
Now the baddies are blocked.

Best regards
Sandra
Team Spybot
BaadB
2008-09-30, 21:33
Hi Sandra, thanks for your suggestions, I’m confused though.

I went to Spybot-S&D, "Tools"->"Resident" page and SDHelper was already checked.

I also went to Internet Explorer, and chose 'Spybot - Search Destroy Configuration' and "Block all bad pages silently" was already selected.

I have also run "Spybot-S&D->Immunize" several times.

I should point out that I do not generally use Internet Explorer, I use Firefox and Flock.

BTW I went to Flock, Tools and there is no 'Spybot - Search Destroy Configuration' option, just in case that was what you really meant for me to do.

Does this mean simply that the “Flock Browser” is not supported by Spybot and that’s the real problem?

Any help is appreciated…
129260
2008-09-30, 22:21
unchecking them, wait a bit, then check them again, close spybot and restart? see if that helps :)