PDA

View Full Version : HKUS virus?



kirks
2013-02-22, 04:08
Spybot keeps bringing up this

HKEY_USERS\S-1-5-21-3178937742-4136365996-382294235-1001\Software\Microsoft\DirectInput

HKUS\S-1-5-21-3178937742-4136365996-382294235-1001\Software\Microsoft\DirectInput\Name (is not)

It can't seem to get rid of it. I am not sure even if this is a virus, and have no idea how to get rid of it. Not technically very able.

A little help?

Zenobia
2013-02-22, 08:43
That looks to be under the tracks category:
http://www.safer-networking.org/faq/usage-tracks/
However,there is usually MostRecentApplication\ at the end of it,so I'm going to go ahead and be fussy,and ask if you could please do another scan and post the logfile here. :)
If you're using Spybot 2.0,please do another scan,click Save Scan Log when Spybot is finished,then click Show Previous Logs,scroll through and open the logfile with the date of the scan(probably will be named similar to this:Checks.130222-0238),once the logfile opens,go to edit,Select All,then go to Edit again,select Copy,then paste it here.

kirks
2013-02-22, 19:26
Search results from Spybot - Search & Destroy

22/02/2013 17:26:21
Scan took 00:32:44.
2 items found.

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3178937742-4136365996-382294235-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-3178937742-4136365996-382294235-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id


--- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) ---

2012-11-13 blindman.exe (2.0.12.151)
2012-11-13 explorer.exe (2.0.12.173)
2012-11-13 SDBootCD.exe (2.0.12.109)
2012-11-13 SDCleaner.exe (2.0.12.110)
2012-11-13 SDDelFile.exe (2.0.12.94)
2012-11-13 SDFiles.exe (2.0.12.135)
2012-11-13 SDFileScanHelper.exe (2.0.12.1)
2012-11-13 SDFSSvc.exe (2.0.12.205)
2012-11-13 SDImmunize.exe (2.0.12.130)
2012-11-13 SDLogReport.exe (2.0.12.107)
2012-11-13 SDPESetup.exe (2.0.12.3)
2012-11-13 SDPEStart.exe (2.0.12.86)
2012-11-13 SDPhoneScan.exe (2.0.12.27)
2012-11-13 SDPRE.exe (2.0.12.13)
2012-11-13 SDPrepPos.exe (2.0.12.10)
2012-11-13 SDQuarantine.exe (2.0.12.103)
2012-11-13 SDRootAlyzer.exe (2.0.12.116)
2012-11-13 SDSBIEdit.exe (2.0.12.39)
2012-11-13 SDScan.exe (2.0.12.173)
2012-11-13 SDScript.exe (2.0.12.53)
2012-11-13 SDSettings.exe (2.0.12.130)
2012-11-13 SDShred.exe (2.0.12.105)
2012-11-13 SDSysRepair.exe (2.0.12.101)
2012-11-13 SDTools.exe (2.0.12.150)
2012-11-13 SDTray.exe (2.0.12.127)
2012-11-13 SDUpdate.exe (2.0.12.89)
2012-11-13 SDUpdSvc.exe (2.0.12.76)
2012-11-13 SDWelcome.exe (2.0.12.126)
2012-11-13 SDWSCSvc.exe (2.0.12.2)
2013-01-16 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
2012-11-13 SDECon32.dll (2.0.12.113)
2012-11-13 SDECon64.dll (2.0.12.113)
2012-11-13 SDEvents.dll (2.0.12.2)
2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
2012-11-13 SDHelper.dll (2.0.12.88)
2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
2012-11-13 SDLists.dll (2.0.12.4)
2012-11-13 SDResources.dll (2.0.12.7)
2012-11-13 SDScanLibrary.dll (2.0.12.131)
2012-11-13 SDTasks.dll (2.0.12.15)
2012-11-13 SDWinLogon.dll (2.0.12.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2012-11-13 Tools.dll (2.0.12.36)
2012-11-13 UninsSrv.dll (2.0.12.52)
2012-12-18 Includes\Adware.sbi (*)
2013-02-05 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-12-18 Includes\KeyloggersC.sbi (*)
2012-11-21 Includes\Malware.sbi (*)
2013-02-05 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-02-05 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2013-01-16 Includes\Trojans.sbi (*)
2013-02-06 Includes\TrojansC-02.sbi (*)
2013-02-05 Includes\TrojansC-03.sbi (*)
2013-01-28 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2013-02-04 Includes\TrojansC.sbi (*)

Zenobia
2013-02-23, 08:56
Thanks for posting your logfile. :)
Both of those should be under the tracks category,and not a threat.
A description of tracks is here:
http://www.safer-networking.org/faq/usage-tracks/

It's odd that those were the only two tracks found,though,and nothing else.If you did a recent scan,that might be why,I suppose.
Spybot will find and fix them when you do a scan,but they are of no harm.
If you would rather not scan for Tracks,you can doubleclick Spybot-S&D Start Center,checkmark Advanced User Mode,then click Settings.If you have an operating system with User Account Control,you should be prompted by it,please click Yes.
After Settings opens,click the Categories tab,rightclick somewhere in the window,and select Spyware scan only,then click Apply and OK.

leoforce
2014-02-25, 12:26
I've got a problem in changing internet explorer proxy settings, every time i try to change and apply the proxy, it returns to loop back IP 127.0.0.1 .
so i tried to fix it by SPYBOT.
every time it scans, finds some track problem plus a "win32.loadmoney" threat in HKCU/S-1-5-21-xxx (of course the xxx is something else!) I tried to fix them so many times and it fixes usually. but next time it appears again.
please help me with this problem.
how could i get rid of this?!

Zenobia
2014-02-25, 22:30
If you're using Windows Vista or higher,please try rightclicking the Spybot Start Center and running as administrator if you haven't been already,then try running a system scan again.Then again after that,if you would,to see if the problems return. :)

I've got a problem in changing internet explorer proxy settings, every time i try to change and apply the proxy, it returns to loop back IP 127.0.0.1.
Are you attempting to use the Spybot proxy,or to change your own proxy settings?
If it's your own,do you ordinarily use a proxy when connecting to the internet?