PDA

View Full Version : Weird Problem



Hidden
2006-07-02, 16:38
Last night, my computer appeared to contract something that made the spyboy resident alarm go off. I ran spybot search and destroy and it found one item, and easily fixed it.

No weird processes were running, computer wasn't slow or lagged, everything seemed to be fine. However, the resident alarm continually keeps going off.

I did a search for any .exe's created yesterday and found this weird file in my My Documents folder. Had to go into safe mode to delete it, but it is gone now.

Booted up again and the resident alarm still goes off.

It has found two registry changes. Both considered Browder Helper Objects. Registries are:

5CA3D70E-1895-11CF-8E15-001234567890

4D25F921-B9FE-4682-BF72-8AB8210D6D75

The "Deny changes" object also is not highlighted, so I can't continually block this threat. I also ran hijack this, and it found no errors.

Any idea what this problem is? Thanks

Hidden
2006-07-02, 16:59
Just ran pandascan....apparently it is coming up with some spyware and two viruses.

It deleted the viruses but the spyware/dialers are still there.

md usa spybot fan
2006-07-02, 17:14
The "Deny changes" object also is not highlighted, so I can't continually block this threat. I also ran hijack this, and it found no errors.

Any idea what this problem is?
If the TeaTimer pup-up dialog was for the deletion of those BHOs then the "Deny change" would be grayed out and not be an option.

Go into Spybot > Mode > Advanced Mode > Tools > Resident. If the log shows "deleted in Browser Helper Object!" for those CLSIDs than the objects were being deleted.

Note: From CastleCops CLSID BHO List (http://www.castlecops.com/CLSID.html) those BHOs are:
Object Name: DriveLetterAccess
GUID: {5CA3D70E-1895-11CF-8E15-001234567890}
Status: Legitimate
Filename: tfswshx.dll, dlashx_w.dll
Description: "Direct Media Access" module belonging to Sonic or Hewlett-Packard/Veritas DLA (Disk Letter Assignment ) packet writing software
Object Name: (no name)
GUID: {4D25F921-B9FE-4682-BF72-8AB8210D6D75}
Status: Open to debate
Filename: deSrcAs.dll
Description: MyWebSearch/MySearch - now owned by Ask Jeeves Inc - see note (http://www.benedelman.org/spyware/installations/askjeeves-banner/)

Hidden
2006-07-02, 17:45
Ah yes, it does show the "deleted in browser helper object!"

Another problem...I tried running Pandascan a few more times. Either the scanner is really fast and it takes 5-10 seconds to scan the entire C drive, or something is wrong. It either does that, or closes internet explorer entirely.

Hijackthis still finds no errors...spybot finds no errors...and adaware finds no errors.

Any recommendations?