PDA

View Full Version : Spybot closes during fixing problems



Jut Imes
2006-05-22, 18:27
I have a laptop that is filled with spyware/malware. I ran all sorts of scans in safe mode, it doesn't seem to be correcting the problem, i am getting tons of popups (even in safe mode)

my question is though, when i run spybot 1.4 it finds 113 problems, when i click fix problem.. it will attempt to fix the problem, but then all of a sudden spybot will close by itself. If i reopen it and scan again, it will find 113 problems but when i click fix problems, spybot will close again. (even in safe mode)

do you know what this problem is or why spybot keeps closing on me?


:fear:

md usa spybot fan
2006-05-22, 19:31
do you know what this problem is or why spybot keeps closing on me?
I have absolutely no idea. Please post the actual detections that you are getting. To do that:
Run another scan.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Then paste those results to a new post in this thread.
Thanks

Jut Imes
2006-05-23, 00:48
MaxSearch: User settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Director

MaxSearch: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Director

Look2Me.Topconverting: Temporary file (File, nothing done)
C:\WINDOWS\system32\guard.tmp

Smitfraud-C.: Web page (File, nothing done)
C:\Program Files\Common Files\windows\ack.html

Smitfraud-C.: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\drsmartload2

Smitfraud-C.: Settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\XBTB04715

Smitfraud-C.: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-265528821-1196942128-114826909-1003\Software\XBTB04715

Smitfraud-C.: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\XBTB04715

Smitfraud-C.: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

Smitfraud-C.: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\{645FF040-5081-101B-9F08-00AA002F954E}

Smitfraud-C.: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\{6BF52A52-394A-11D3-B153-00C04F79FAA6}

Smitfraud-C.: Data (File, nothing done)
c:\windows\drsmartload2.dat

Smitfraud-C.: Program directory (Directory, nothing done)
C:\Program Files\Common Files\InetGet\

Smitfraud-C.: Data (File, nothing done)
c:\windows\teller2.chk

Smitfraud-C.: Program directory (Directory, nothing done)
C:\WINDOWS\system32\drv32dta\

Spy Sheriff: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-265528821-1196942128-114826909-1003\Software\SNO2

SurfSideKick: Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{02EE5B04-F144-47BB-83FB-A60BD91B74A9}

SurfSideKick: User settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\SurfSideKick3

SurfSideKick: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-265528821-1196942128-114826909-1003\Software\SurfSideKick3

SurfSideKick: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\SurfSideKick3

SurfSideKick: User settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\SurfSideKick3

SurfSideKick: Library (File, nothing done)
C:\Documents and Settings\Owner\Application Data\Sskcwrd.dll

SurfSideKick: Library (File, nothing done)
C:\Documents and Settings\Owner\Application Data\Sskknwrd.dll

SurfSideKick: Library (File, nothing done)
C:\Documents and Settings\Owner\Application Data\Sskuknwrd.dll

Web-Nexus: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\qstat

Network Monitor: Program directory (Directory, nothing done)
C:\Documents and Settings\LocalService\Application Data\NetMon\

Network Monitor: Text file (File, nothing done)
C:\WINDOWS\uninstall_nmon.vbs

NewDotNet: User settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\new.net

NewDotNet: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\new.net

Windows.ActiveDesktop: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-265528821-1196942128-114826909-1003\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1

Windows Security Center.SP2Update: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotAllowXPSP2!=dword:0

Windows Security Center.AntiVirusOverride: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

Windows Security Center.FirewallOverride: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride!=dword:0

Windows Security Center.FirewallDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

Windows Security Center.UpdateDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify!=dword:0

KillSec: System Service (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\InitRegKey

KillSec: System Service (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\InitRegKey

KillSec: System Service (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\InitRegKey

Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


Advertising.com: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


WebTrends live: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


FastClick: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


FastClick: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


Avenue A, Inc.: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


WebTrends live: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


MediaPlex: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


DoubleClick: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done)


Avenue A, Inc.: Tracking cookie (Firefox: default) (Cookie, nothing done)


DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-05-16 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-05-19 Includes\Cookies.sbi (*)
2006-05-19 Includes\Dialer.sbi (*)
2006-05-19 Includes\Hijackers.sbi (*)
2006-05-19 Includes\Keyloggers.sbi (*)
2004-05-12 Includes\LSP.sbi (*)
2006-05-19 Includes\Malware.sbi (*)
2006-05-19 Includes\PUPS.sbi (*)
2006-05-19 Includes\Revision.sbi (*)
2006-05-19 Includes\Security.sbi (*)
2006-05-19 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-05-19 Includes\Trojans.sbi (*)

Jut Imes
2006-05-23, 00:51
after i pasted this
clicked on fix problem and it created a restore point, then asked me if i'm sure about deleting these files, then it got about 3 or 4 geen status bars, then closed. it doesn't fix any of the files that were selected.

i do only have 54 problems this time, i ran nortons in safe mode, it got rid of some

md usa spybot fan
2006-05-23, 06:54
Jut Imes:

Reboot your system in Safe mode and run a Spybot-S&D scan and fix. If Spybot-S&D still fails to remove the problems you can request assistance in the Malware Removal forum for help removing the remaining problems. To post in the Malware Removal forum follow these instructions:
BEFORE you post a log, and who will advise you. Preliminary Steps
http://forums.spybot.info/showthread.php?t=288
Then post in the following forum:
Malware Removal
http://forums.spybot.info/forumdisplay.php?f=22