Botter
2011-06-29, 19:09
Immediately after installing PC Tools Free Firewall, I ran Spybot and it found several entries for Fraud.InternetSecurity2011. However, the entries aren't the same as the files and registry entries listed online for the virus. In addition, I checked for the virus files listed by http://www.wiki-security.com/wiki/Parasite/InternetSecurity2011, and none of them are on my computer.
I'm guessing that Spybot falsely detected changes made by the PC Tools Firewall. I figure that I should exclude the detections from future scans (command available by right-clicking on the detection entries). Would you say that's correct?
Or maybe 'exclude this product' from future scans (also in the right-click menu)?
Thanks for your help.
The files listed for InternetSecurity2001 by wiki-security.com are:
Processes
* c:\WINDOWS\system32\exefile.exe
DLLs
* c:\WINDOWS\system32\mswmqnei.dll
* c:\windows\WinSxS\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\shsvcs.dll
Other Files
* c:\WINDOWS\system32\drivers\vbma22b4.sys
* c:\WINDOWS\assembly\GAC\__AssemblyInfo__.ini
* c:\Documents and Settings\All Users\Application Data\.wtav
* c:\WINDOWS\WinSxS\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\
Registry Keys
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\userinit
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vbma22b4
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9CB00F85-D96F-1C82-F5A4-A31D57D6528D}
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiSpywareOverride" = '1'
The files and settings on my computer flagged by Spybot are:
Fraud.InternetSecurity2011: [SBI $2A617167] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\=..."C:\Documents and Settings\Taeji\Local Settings\Application Data\idi.exe" -a...
Fraud.InternetSecurity2011: [SBI $E9E3260B] User settings (Registry value, nothing done)
HKEY_CLASSES_ROOT\.exe\shell\open\command\=..."C:\Documents and Settings\Taeji\Local Settings\Application Data\idi.exe" -a "%1" %*...
Fraud.InternetSecurity2011: [SBI $E57DC831] User settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-776561741-308236825-1801674531-1003\Software\Classes\.exe\shell\open\command\=..."C:\Documents and Settings\Taeji\Local Settings\Application Data\idi.exe" -a "%1" %*...
Fraud.InternetSecurity2011: [SBI $9CCE589D] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-776561741-308236825-1801674531-1003\Software\Classes\.exe\shell\open\command\
Fraud.InternetSecurity2011: [SBI $159933E4] User settings (Registry change, nothing done)
HKEY_CLASSES_ROOT\.exe\shell\open\command\
Fraud.InternetSecurity2011: [SBI $5AEDDF0A] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DisableNotifications
Fraud.InternetSecurity2011: [SBI $758FB1E3] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DoNotAllowExceptions
Fraud.InternetSecurity2011: [SBI $CDC1B6A2] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall
Fraud.InternetSecurity2011: [SBI $76913945] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications
Fraud.InternetSecurity2011: [SBI $5814B995] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DisableNotifications
Fraud.InternetSecurity2011: [SBI $7776D77C] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DoNotAllowExceptions
Fraud.InternetSecurity2011: [SBI $D802F795] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall
Fraud.InternetSecurity2011: [SBI $24996904] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications
Fraud.InternetSecurity2011: [SBI $F16F6CE5] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DisableNotifications
Fraud.InternetSecurity2011: [SBI $DE0D020C] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DoNotAllowExceptions
Fraud.InternetSecurity2011: [SBI $6D4031BB] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall
Fraud.InternetSecurity2011: [SBI $FD1F9FD2] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications
Fraud.InternetSecurity2011: [SBI $378CD8D9] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify
Fraud.InternetSecurity2011: [SBI $BF76AFF0] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify
Fraud.InternetSecurity2011: [SBI $7D8AC3AB] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify
Fraud.InternetSecurity2011: [SBI $07CC9A4D] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Start
Fraud.InternetSecurity2011: [SBI $953CC77A] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall
Fraud.InternetSecurity2011: [SBI $61C84F7D] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Start
Fraud.InternetSecurity2011: [SBI $04E0038B] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall
Fraud.InternetSecurity2011: [SBI $F5EC9C27] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start
Fraud.InternetSecurity2011: [SBI $7DE0D860] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-08-21 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-06-28 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-06-28 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-05-24 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-06-14 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-06-20 Includes\Trojans.sbi (*)
2011-06-28 Includes\TrojansC-02.sbi (*)
2011-05-11 Includes\TrojansC-03.sbi (*)
2011-06-20 Includes\TrojansC-04.sbi (*)
2011-06-28 Includes\TrojansC-05.sbi (*)
2011-06-27 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
I'm guessing that Spybot falsely detected changes made by the PC Tools Firewall. I figure that I should exclude the detections from future scans (command available by right-clicking on the detection entries). Would you say that's correct?
Or maybe 'exclude this product' from future scans (also in the right-click menu)?
Thanks for your help.
The files listed for InternetSecurity2001 by wiki-security.com are:
Processes
* c:\WINDOWS\system32\exefile.exe
DLLs
* c:\WINDOWS\system32\mswmqnei.dll
* c:\windows\WinSxS\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\shsvcs.dll
Other Files
* c:\WINDOWS\system32\drivers\vbma22b4.sys
* c:\WINDOWS\assembly\GAC\__AssemblyInfo__.ini
* c:\Documents and Settings\All Users\Application Data\.wtav
* c:\WINDOWS\WinSxS\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\
Registry Keys
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\userinit
* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vbma22b4
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9CB00F85-D96F-1C82-F5A4-A31D57D6528D}
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiSpywareOverride" = '1'
The files and settings on my computer flagged by Spybot are:
Fraud.InternetSecurity2011: [SBI $2A617167] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\=..."C:\Documents and Settings\Taeji\Local Settings\Application Data\idi.exe" -a...
Fraud.InternetSecurity2011: [SBI $E9E3260B] User settings (Registry value, nothing done)
HKEY_CLASSES_ROOT\.exe\shell\open\command\=..."C:\Documents and Settings\Taeji\Local Settings\Application Data\idi.exe" -a "%1" %*...
Fraud.InternetSecurity2011: [SBI $E57DC831] User settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-776561741-308236825-1801674531-1003\Software\Classes\.exe\shell\open\command\=..."C:\Documents and Settings\Taeji\Local Settings\Application Data\idi.exe" -a "%1" %*...
Fraud.InternetSecurity2011: [SBI $9CCE589D] User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-776561741-308236825-1801674531-1003\Software\Classes\.exe\shell\open\command\
Fraud.InternetSecurity2011: [SBI $159933E4] User settings (Registry change, nothing done)
HKEY_CLASSES_ROOT\.exe\shell\open\command\
Fraud.InternetSecurity2011: [SBI $5AEDDF0A] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DisableNotifications
Fraud.InternetSecurity2011: [SBI $758FB1E3] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DoNotAllowExceptions
Fraud.InternetSecurity2011: [SBI $CDC1B6A2] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall
Fraud.InternetSecurity2011: [SBI $76913945] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications
Fraud.InternetSecurity2011: [SBI $5814B995] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DisableNotifications
Fraud.InternetSecurity2011: [SBI $7776D77C] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DoNotAllowExceptions
Fraud.InternetSecurity2011: [SBI $D802F795] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall
Fraud.InternetSecurity2011: [SBI $24996904] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications
Fraud.InternetSecurity2011: [SBI $F16F6CE5] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DisableNotifications
Fraud.InternetSecurity2011: [SBI $DE0D020C] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DoNotAllowExceptions
Fraud.InternetSecurity2011: [SBI $6D4031BB] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall
Fraud.InternetSecurity2011: [SBI $FD1F9FD2] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications
Fraud.InternetSecurity2011: [SBI $378CD8D9] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify
Fraud.InternetSecurity2011: [SBI $BF76AFF0] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify
Fraud.InternetSecurity2011: [SBI $7D8AC3AB] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify
Fraud.InternetSecurity2011: [SBI $07CC9A4D] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Start
Fraud.InternetSecurity2011: [SBI $953CC77A] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall
Fraud.InternetSecurity2011: [SBI $61C84F7D] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Start
Fraud.InternetSecurity2011: [SBI $04E0038B] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall
Fraud.InternetSecurity2011: [SBI $F5EC9C27] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start
Fraud.InternetSecurity2011: [SBI $7DE0D860] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-08-21 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-06-28 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-06-28 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-05-24 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-06-14 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-06-20 Includes\Trojans.sbi (*)
2011-06-28 Includes\TrojansC-02.sbi (*)
2011-05-11 Includes\TrojansC-03.sbi (*)
2011-06-20 Includes\TrojansC-04.sbi (*)
2011-06-28 Includes\TrojansC-05.sbi (*)
2011-06-27 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll