ciaXPRegSvr20.dll is flagged by the heuristic scan but ciaSCls20.dll and ciaXPButton30.ocx are not.

Can some one explain this. I have quarantined the first one for now manually but am not sure how to deal with the total potential threat.

:confused:

Hi dpminusa,

:snwelcome:

if you aren't sure, whether this file is bad or not, you can upload the file(s) to VirusTotal (http://www.virustotal.com/).

Moreover, if you think it's a false positive, you can post a new thread here (http://forums.spybot.info/forumdisplay.php?f=16). Make sure that you've read the sticky threads in this area first. :thanks:

I know that ciaXPRegSvr20.dll is produced by http://www.ematrixsoft.com/icq-spy-monitor-software.htm {Edit http://www.mywot.com/en/scorecard/ematrixsoft.com } as a commercial product. It can be see as having some benefits to those that want to track what their children or a wandering spouse are doing. At least that is the sales pitch. So this seems to be somewhat of a philosophical debate type of product.

My thought is, if I did not put the software on knowingly, it should not be there.

So my question is really "are the latter two files part of the same product ICQ Spy and how do I completely remove it with the registry entries and any other parts of the system?"

I am not sure that sending to the virus examination site is the way to get that information.

Do you guys have information on ICQ Spy and how to completely remove it?

Thanks for the quick reply Matt. :)

My thought is, if I did not put the software on knowingly, it should not be there. You're right. That sounds very suspicious. :fear:




Do you guys have information on ICQ Spy and how to completely remove it?
Me not, but as far as I know, Spybot has ICQ-SpyMonitor in it's database. Have you already updated Spybot and run a scan?
Perhaps a member of Team Spybot will read through this thread and can give you an answer according to "information on ICQ Spy". :bigthumb:

I would like you to read through the thread "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288). After that, create your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22). Make sure that you add the DDS logfile. Moreover, describe your problem as good as you can. An analyst will help you as soon as possible.



Thanks for the quick reply Matt. :)
You're welcome. :)

Hello dpminusa,

ciaXPRegSvr20.dll is flagged by the heuristic scan but ciaSCls20.dll and ciaXPButton30.ocx are not.

To clarify, is this dll being flagged by Spybot-S&D?

but as far as I know, Spybot has ICQ-SpyMonitor in it's database.
Correct: http://www.safer-networking.org/en/threats/1916.html

Best regards. :)

ciaXPRegSvr20.dll is flagged by the heuristic scan but ciaSCls20.dll and ciaXPButton30.ocx are not.


To clarify, is this dll being flagged by Spybot-S&D?


Did you use Spybot's single file scanner? I suppose so. :)

To both of you: Have a nice weekend. :bigthumb:

To locate the suspicious files I used the following crude method:

1. Used PC Wizard to scan the Files in C:/Windows/System32 folder looking for funky strings in the description field and/or suspicious file names.
2. Any that caught my eye were scanned with Spybot single file scanner.
3. Previously I had scanned my system with the latest S&D definitions.

So why the system scan did not find anything and the single file scan did is not clear to me.

I think I understand the purpose of Safer-Networks, Spybot, and your forum. I will reread your rules. I am just asking a simple question as I see it, though.

Thanks for your help.