PDA

View Full Version : SBUSA adware- how to get writ of it?



infisoul
2010-05-27, 19:52
Hello I search this forum for related thread and found: this one http://forums.spybot.info/showthread.php?t=39875

but my case has completely different scenario:

Before the log let me just say a few words.
How I learned that i have something is that my websites got hacked and hosting company and google webmaster tools team both suggested that my ftp login info was hijacked and used- and i only use it from my laptop via cuteFTP.

So I ran full Norton scan and it found the following adware and 3 cookies.
(i ran it with internet unplugged) and after the removal and restart the same adware and cookies appeared again in norton scan).
I also ran Spybot in advanced mode and it didn't find a single thing.
Please if someone can provide me with step by step instructions on how to get writ it I would highly appreciate it.

Here is my Norton 360 log:

Resolved Threats:
Adware.Hotbar
Type: Anomaly
Risk: Low (Low Stealth, Low Removal, Medium Performance, Low Privacy)
Categories: Adware
Status: Restart Required
-----------
13 Registry Entries
HKEY_USERS\S-1-5-19\Software\sbusa - Restart Required
HKEY_USERS\S-1-5-21-507921405-2077806209-1801674531-500\Software\sbusa - Restart Required
HKEY_USERS\S-1-5-20\Software\sbusa - Restart Required
HKEY_USERS\.DEFAULT\Software\sbusa - Restart Required
HKEY_USERS\S-1-5-19\Software\ShoppingReport - Restart Required
HKEY_USERS\S-1-5-21-507921405-2077806209-1801674531-500\Software\ShoppingReport - Restart Required
HKEY_USERS\S-1-5-20\Software\ShoppingReport - Restart Required
HKEY_USERS\.DEFAULT\Software\ShoppingReport - Restart Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3->1601:1 - Repaired
HKEY_USERS\S-1-5-21-507921405-2077806209-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3->1601:1 - Repaired
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3->1601:1 - Repaired
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3->1601:1 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search->SearchAssistant:http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm - Repaired


2 Tracking Cookies
Type: Anomaly
Risk: Low (Low Stealth, Low Removal, Low Performance, Low Privacy)
Categories: Cookie
Status: Fully Resolved
-----------
2 Tracking Cookies
Cookie:administrator@atdmt.com/ - Deleted
- Deleted
-----

thank you

tashi
2010-05-27, 20:54
Hello infisoul,

For someone to take a look at the laptop please see this forum's FAQ to post a preliminary DDS log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) and start a new topic.



How I learned that i have something is that my websites got hacked and hosting company and google webmaster tools team both suggested that my ftp login info was hijacked and used- and i only use it from my laptop via cuteFTP.
Stopbadware.org
Information for Website Owners (http://stopbadware.org/home/webmasters)
Tips for Cleaning & Securing Your Website (http://stopbadware.org/home/security)

Best regards. :)