View Full Version : Spyhunter : malware or not ??
Spybot IDed and removed "Spyhunter".
Is it really malware ?
I installed Spyhunter because it was listed as an automatic remove for the
"Spyware Quake 2.3" Virus.
I did not buy Spyhunter,m but it listed all the Spyware Quake files and reg entries, I removed them manually, and Spybot did the rest.
Spybot alone was not able to get rid of Spyware Quake 2.3.
So I wonder, how a software can be malware, if it actually helped a lot to get rid of Spyware Quake.
Also I did not found warnings on the web, that Spyhunter is a fake-anitvirues (like Spyware Quake)
I did also a search on this forums, and did not find a topic about this.
any commnets ?
spybotsandra
2006-09-01, 12:38
Hello,
The reasons why Spybot - Search & Destroy detects this software as malware are several ones:
There are anti-spyware tools like 1stAntivirus, AdsAlert, ADS-Remover, AdwareAlert, ADWAREBazooka, Adware-Patrol, AdWare Pro, AdwarePunisher, Adware Remover, AdwareSheriff, AdwareSpy, AdwareX Eliminator, AgentSpyware, Alfacleaner, Antispywaresoldier, Antivirus Gold, AntiVirusPro, BPS Spyware Remover, DiaRemover, Doctor-Adware-Pro, Easy-Spyware-Killer, ErrorGuard, ETD-Security-Scanner, EyeSpyNow, Goodbye-Spy, KillSpy, NoAdware, PC-Health-Plan, Pestbot, PSGuard, PurityScan, Registry Cleaner, Repair Registry Pro, ScanSpyware, Spionfrei, SpyAxe, SpyBlocs, SpyCleaner, Spycontra, Spydeface, SpyDestroy-Pro, SpyFalcon, SpyGuard, SpyHeal, Spyhunter, SpySherrif, SpySpotter, SpywareBomber, SpywareBot, SpywareCleaner, SpywareNO!, SpywareSoftStop, SpywareStormer, SpywareStrike, SpywareQuake, SpyQuake, Trek Blue Error Nuker, Trojan-Guarder, TrueSword, Virusblast, WareOut, WinAntivirusPro2006, WinFixer, WinHound, WorldAntispy, X-Con-Spyware-Destroyer, X-Spyware, XSRemover, YourSoft-AntiVS or YourSoft-AntiVT which have a very dubious or bad character. They state to be an anti-spyware tool but employ questionable advertising methods: In the form of a PopUp they offer a scan of your system. They refer you to an infection of viruses and spyware on your system which is actually not true, because the listed items are not really on your pc. After downloading the software you can only scan for the threats. If the threats (pseudo-infections) are detected you have to register first and pay (up to $30) in order to remove them. Some of these dubious anti-spyware tools do also create a toolbar in IE and create recurring PopUps.
Screenshots are availible at: http://board.protecus.de/showtopic.php?threadid=15694
More dubious anti-spyware tools you will find here:
http://spywarewarrior.com/rogue_anti-spyware.htm
Best regards
Sandra
Team Spybot
thanks Sandra,
I see the point now.
patspeak
2006-10-07, 16:31
I had a sim. issue with "toolbar888" - used spyhunter (which did not provide a cleaning tool as claimed), but it listed the registry entries which I manually removed..
Not happy about the false advertising, but it did allow me to remove the toolbar....
I guess it's sometimes a case of what ever works...
Cheers, Pat....
I love how some of these, after you purchase their stuff, list their own software as malware to be removed :eek:
Atribune
2006-10-15, 18:34
Toolbar888 is commonly seen with virtumonde(vundo) Should probably post logs
Toolbar888 is commonly seen with virtumonde(vundo) Should probably post logs
Indeed, thanks Atribune.
patspeak if you would like to post a Spybot S&D log so that we can check the System please do the following:
Spybot-S&D version 1.4
Version 1.4 :Systems Supported (http://www.safer-networking.org/en/spybotsd/index.html)
Close all browsers
Open SpyBot, check for and get any updates available
Check for problems and fix everything found in red
Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except
Uncheck[ ] do not report disabled or known legitimate Items.
Uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.
Now select (near the top) view report.
Press export in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report.
Or:
Follow the instructions in this sticky topic to post a HJT log in malware removal.
"BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D (http://forums.spybot.info/showthread.php?t=288)
Then start your own thread:
Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22)
Springerrr
2007-01-09, 16:55
I ran Spyhunter and got the following log.
http://i88.photobucket.com/albums/k180/springerrr/log.jpg
Why doesn't Spybot remove this stuff? Especially the stuff in my registry!! Zlob.trojan?
spybotsandra
2007-01-09, 17:05
Hello,
Please have a look at this link on our homepage:
Why do other anti-spyware applications detect so many more tracking cookies?
http://www.safer-networking.org/en/faq/37.html
Best regards
Sandra
Team Spybot
Springerrr
2007-01-10, 00:48
I tried to boot S&D a few hours after I installed SpyHunter and found I had to reinstall it!!!! Did Spyhunter uninstall SpyBot??
spybotsandra
2007-01-10, 10:16
Hello,
Yes, and we detect SpyHunter also.
So you have decide which program you like to use.
The free Spybot Search & Destroy or the SpyHunter you need to pay for. :D:
Best regards
Sandra
Team Spybot
Springerrr
2007-01-10, 22:42
You were right...my security settings on both IE and FF were too loose. I tightened them and used the SpyHunter log to manually remove the trojans (were they really trojans?) from my registry. Best of both worlds!!
I followed steps you have outlined in response to atribrune's quote, given here:
Originally Posted by Atribune
Toolbar888 is commonly seen with virtumonde(vundo) Should probably post logs
Here is my log of spyhunter report:
Edit: Removed log, this is the support forum for Spybot-S&D not Spyhunter. ;)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-08-24 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-08-29 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-08-29 Includes\DialerC.sbi (*)
2007-08-29 Includes\Hijackers.sbi (*)
2007-08-29 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-08-29 Includes\KeyloggersC.sbi (*)
2007-08-29 Includes\Malware.sbi (*)
2007-08-29 Includes\MalwareC.sbi (*)
2007-08-29 Includes\PUPS.sbi (*)
2007-08-29 Includes\PUPSC.sbi (*)
2007-08-29 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-08-29 Includes\SecurityC.sbi (*)
2007-08-01 Includes\Spybots.sbi (*)
2007-08-29 Includes\SpybotsC.sbi (*)
2007-08-21 Includes\Tracks.uti
2007-08-29 Includes\Trojans.sbi (*)
2007-08-29 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366) / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1
(KB867460)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2 / MSXML4SP2: Security update for MSXML4 SP2 (KB936181) / Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458) / Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723) / Windows Media Player 10: Security Update for Windows Media Player 10
(KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10
(KB917734)
/ Windows Media Player 10: Security Update for Windows Media Player 10
(KB936782)
/ Windows Media Player 6.4: Security Update for Windows Media Player
6.4 (KB925398)
/ Windows XP: Security Update for Windows XP (KB923689) / Windows XP / SP3: Windows XP Hotfix - KB834707 / Windows XP / SP3: Windows XP Hotfix - KB873333 / Windows XP / SP3: Windows XP Hotfix - KB873339 / Windows XP / SP3: Security Update for Windows XP (KB883939) / Windows XP / SP3: Windows XP Hotfix - KB885250 / Windows XP / SP3: Windows XP Hotfix - KB885835 / Windows XP / SP3: Windows XP Hotfix - KB885836 / Windows XP / SP3: Windows XP Hotfix - KB886185 / Windows XP / SP3: Windows XP Hotfix - KB887472 / Windows XP / SP3: Windows XP Hotfix - KB887742 / Windows XP / SP3: Windows XP Hotfix - KB888113 / Windows XP / SP3: Windows XP Hotfix - KB888302 / Windows XP / SP3: Windows XP Hotfix - KB888310 / Windows XP / SP3: Security Update for Windows XP (KB890046) / Windows XP / SP3: Windows XP Hotfix - KB890175 / Windows XP / SP3: Windows XP Hotfix - KB890859 / Windows XP / SP3: Windows XP Hotfix - KB891781 / Windows XP / SP3: Security Update for Windows XP (KB893066) / Windows XP / SP3: Windows XP Hotfix - KB893086 / Windows XP / SP3: Security Update for Windows XP (KB893756) / Windows XP / SP3: Windows Installer 3.1 (KB893803) / Windows XP / SP3: Update for Windows XP (KB894391) / Windows XP / SP3: Security Update for Windows XP (KB896358) / Windows XP / SP3: Security Update for Windows XP (KB896422) / Windows XP / SP3: Security Update for Windows XP (KB896423) / Windows XP / SP3: Security Update for Windows XP (KB896424) / Windows XP / SP3: Security Update for Windows XP (KB896428) / Windows XP / SP3: Security Update for Windows XP (KB896688) / Windows XP / SP3: Update for Windows XP (KB896727) / Windows XP / SP3: Update for Windows XP (KB898461) / Windows XP / SP3: Security Update for Windows XP (KB899587) / Windows XP / SP3: Security Update for Windows XP (KB899588) / Windows XP / SP3: Security Update for Windows XP (KB899589) / Windows XP / SP3: Security Update for Windows XP (KB899591) / Windows XP / SP3: Update for Windows XP (KB900485) / Windows XP / SP3: Security Update for Windows XP (KB900725) / Windows XP / SP3: Security Update for Windows XP (KB901017) / Windows XP / SP3: Security Update for Windows XP (KB901214) / Windows XP / SP3: Security Update for Windows XP (KB902400) / Windows XP / SP3: Security Update for Windows XP (KB903235) / Windows XP / SP3: Security Update for Windows XP (KB904706) / Windows XP / SP3: Security Update for Windows XP (KB905414) / Windows XP / SP3: Security Update for Windows XP (KB905749) / Windows XP / SP3: Security Update for Windows XP (KB905915) / Windows XP / SP3: Security Update for Windows XP (KB908519) / Windows XP / SP3: Security Update for Windows XP (KB908531) / Windows XP / SP3: Update for Windows XP (KB910437) / Windows XP / SP3: Security Update for Windows XP (KB911280) / Windows XP / SP3: Security Update for Windows XP (KB911562) / Windows XP / SP3: Security Update for Windows XP (KB911567) / Windows XP / SP3: Security Update for Windows XP (KB911927) / Windows XP / SP3: Security Update for Windows XP (KB912812) / Windows XP / SP3: Security Update for Windows XP (KB912919) / Windows XP / SP3: Security Update for Windows XP (KB913446) / Windows XP / SP3: Security Update for Windows XP (KB913580) / Windows XP / SP3: Security Update for Windows XP (KB914388) / Windows XP / SP3: Security Update for Windows XP (KB914389) / Windows XP / SP3: Security Update for Windows XP (KB916281) / Windows XP / SP3: Update for Windows XP (KB916595) / Windows XP / SP3: Security Update for Windows XP (KB917159) / Windows XP / SP3: Security Update for Windows XP (KB917344) / Windows XP / SP3: Security Update for Windows XP (KB917422) / Windows XP / SP3: Security Update for Windows XP (KB917953) / Windows XP / SP3: Security Update for Windows XP (KB918118) / Windows XP / SP3: Security Update for Windows XP (KB918439) / Windows XP / SP3: Security Update for Windows XP (KB918899) / Windows XP / SP3: Security Update for Windows XP (KB919007) / Windows XP / SP3: Security Update for Windows XP (KB920213) / Windows XP / SP3: Security Update for Windows XP (KB920214) / Windows XP / SP3: Security Update for Windows XP (KB920670) / Windows XP / SP3: Security Update for Windows XP (KB920683) / Windows XP / SP3: Security Update for Windows XP (KB920685) / Windows XP / SP3: Update for Windows XP (KB920872) / Windows XP / SP3: Security Update for Windows XP (KB921398) / Windows XP / SP3: Security Update for Windows XP (KB921503) / Windows XP / SP3: Security Update for Windows XP (KB921883) / Windows XP / SP3: Update for Windows XP (KB922582) / Windows XP / SP3: Security Update for Windows XP (KB922616) / Windows XP / SP3: Security Update for Windows XP (KB922760) / Windows XP / SP3: Security Update for Windows XP (KB922819) / Windows XP / SP3: Security Update for Windows XP (KB923191) / Windows XP / SP3: Security Update for Windows XP (KB923414) / Windows XP / SP3: Security Update for Windows XP (KB923694) / Windows XP / SP3: Security Update for Windows XP (KB923980) / Windows XP / SP3: Security Update for Windows XP (KB924191) / Windows XP / SP3: Security Update for Windows XP (KB924270) / Windows XP / SP3: Security Update for Windows XP (KB924496) / Windows XP / SP3: Security Update for Windows XP (KB924667) / Windows XP / SP3: Security Update for Windows XP (KB925454) / Windows XP / SP3: Security Update for Windows XP (KB925486) / Windows XP / SP3: Security Update for Windows XP (KB925902) / Windows XP / SP3: Security Update for Windows XP (KB926255) / Windows XP / SP3: Security Update for Windows XP (KB926436) / Windows XP / SP3: Security Update for Windows XP (KB927779) / Windows XP / SP3: Security Update for Windows XP (KB927802) / Windows XP / SP3: Update for Windows XP (KB927891) / Windows XP / SP3: Security Update for Windows XP (KB928090) / Windows XP / SP3: Security Update for Windows XP (KB928255) / Windows XP / SP3: Security Update for Windows XP (KB928843) / Windows XP / SP3: Security Update for Windows XP (KB929123) / Windows XP / SP3: Update for Windows XP (KB929338) / Windows XP / SP3: Security Update for Windows XP (KB929969) / Windows XP / SP3: Security Update for Windows XP (KB930178) / Windows XP / SP3: Update for Windows XP (KB930916) / Windows XP / SP3: Security Update for Windows XP (KB931261) / Windows XP / SP3: Security Update for Windows XP (KB931784) / Windows XP / SP3: Update for Windows XP (KB931836) / Windows XP / SP3: Security Update for Windows XP (KB932168) / Windows XP / SP3: Update for Windows XP (KB933360) / Windows XP / SP3: Security Update for Windows XP (KB933566) / Windows XP / SP3: Security Update for Windows XP (KB935839) / Windows XP / SP3: Security Update for Windows XP (KB935840) / Windows XP / SP3: Security Update for Windows XP (KB936021) / Windows XP / SP3: Update for Windows XP (KB936357) / Windows XP / SP3: Security Update for Windows XP (KB937143) / Windows XP / SP3: Security Update for Windows XP (KB938127) / Windows XP / SP3: Update for Windows XP (KB938828) / Windows XP / SP3: Security Update for Windows XP (KB938829)
--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
Located: HK_LM:Run, AOLDialer
command: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
file: C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
size: 71216
MD5: b9b78f0d9aebca8f717680fbabbb5ff4
Located: HK_LM:Run, Apoint
command: C:\Program Files\Apoint\Apoint.exe
file: C:\Program Files\Apoint\Apoint.exe
size: 155648
MD5: a0b4823c28ad825728550796042c68a4
Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 339968
MD5: e3288bbd172f6b5803b0cb7c4cdc5d1e
Located: HK_LM:Run, Dell QuickSet
command: C:\Program Files\Dell\QuickSet\quickset.exe
file: C:\Program Files\Dell\QuickSet\quickset.exe
size: 606208
MD5: c67c916b6b43b4b092adeaf7adf285bf
Located: HK_LM:Run, dla
command: C:\WINDOWS\system32\dla\tfswctrl.exe
file: C:\WINDOWS\system32\dla\tfswctrl.exe
size: 127035
MD5: 2ca827ba68d0cdb5437c40c6f53d7f20
Located: HK_LM:Run, DLBTCATS
command: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3
\DLBTtime.dll,_RunDLLEntry@16
file:
Located: HK_LM:Run, DMXLauncher
command: C:\Program Files\Dell\Media Experience\DMXLauncher.exe
file: C:\Program Files\Dell\Media Experience\DMXLauncher.exe
size: 86016
MD5: 526874efe8d1f0ec1b7bbb87d5c433e6
Located: HK_LM:Run, DVDLauncher
command: "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
file: C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
size: 53248
MD5: b3e3c57fd22e71ce20389372d972c6dc
Located: HK_LM:Run, Google Desktop Search
command: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
file: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 1836544
MD5: e3caea4c0864e9e0e05e4cd8e7432ebe
Located: HK_LM:Run, HostManager
command: C:\Program Files\Common Files\AOL\1124326005\ee\AOLSoftware.exe
file: C:\Program Files\Common Files\AOL\1124326005\ee\AOLSoftware.exe
size: 50736
MD5: c482c535cbfefe722ec1eb7f11f680a3
Located: HK_LM:Run, IntelWireless
command: C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
file:
Located: HK_LM:Run, ISUSPM Startup
command: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
file: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
size: 221184
MD5: fb9e5c251cf6c37749f296bacb34a69b
Located: HK_LM:Run, ISUSScheduler
command: "C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe" -start
file: C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 763dab43bdab27316dbf3373192823d7
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 271672
MD5: 75e7851ce99ea8f9b74361f284666fe0
Located: HK_LM:Run, MBkLogOnHook
command: C:\Program Files\McAfee\MBK\LogOnHook.exe
file: C:\Program Files\McAfee\MBK\LogOnHook.exe
size: 20480
MD5: ad32fdd7e1c04631da81b68f7072d29e
Located: HK_LM:Run, McAfee Backup
command: C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
file: C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
size: 4838952
MD5: 1656f3bb44b202e3c34f73a3a6fca84a
Located: HK_LM:Run, mcagent_exe
command: C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
file:
Located: HK_LM:Run, POINTER
command: point32.exe
file:
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 286720
MD5: 49ccfbe5d5225b9d3cc78c09dee147d0
Located: HK_LM:Run, SiteAdvisor
command: C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
file: C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
size: 35928
MD5: 2ddbe7aadb02d797504f2dc7e7e685a2
Located: HK_LM:Run, SpyHunter
command:
file:
Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
file: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
size: 32881
MD5: ed85b344e6edc30c1bc57ec1a2a56bf3
Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" - osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185784
MD5: 8a71139a5cd86ac55cf0e4383ab4ae33
Located: HK_LM:RunOnceEx,
command:
file:
Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8
Located: HK_CU:Run, DellSupport
command: "C:\Program Files\DellSupport\DSAgnt.exe" /startup
file: C:\Program Files\DellSupport\DSAgnt.exe
size: 460784
MD5: b75fdbf14073d72c50624cc8338dd534
Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259
Located: Startup (common), Digital Line Detect.lnk
command: C:\Program Files\Digital Line Detect\DLG.exe
file: C:\Program Files\Digital Line Detect\DLG.exe
size: 24576
MD5: b66e56733e2cd6a10fda5919625fbf46
Located: System.ini, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll
Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll
Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll
Located: System.ini, IntelWireless
command: C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
file: C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
size: 110592
MD5: e0305040e70be2ae657987ce0d7d14df
Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll
Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll
Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 11/3/2003 3:17:44 PM Date (last access): 9/3/2007 12:02:20 AM Date (last write): 11/3/2003 3:17:44 PM
Filesize: 54248
Attributes: archive
MD5: FC7850324464E4D19A24A03D882B5CC4
CRC32: 452E8571
Version: 6.0.1.1091
{089FD14D-132B-48FC-8861-0048AE113215} ()
BHO name:
CLSID name:
Path: C:\Program Files\SiteAdvisor\6172\
Long name: SiteAdv.dll
Short name:
Date (created): 9/1/2007 10:57:04 PM Date (last access): 9/3/2007 9:21:30 AM Date (last write): 8/24/2007 5:57:10 PM
Filesize: 910624
Attributes: archive
MD5: 1AC5D9A611A3AC2CA3978689DD1B6D6F
CRC32: 8A8AA088
Version: 2.5.0.6172
{243DD972-E201-4C9D-85EE-2CA11B1B8481} ()
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: ddaxw.dll
{377C180E-6F0E-4D4C-980F-F45BD3D40CF4} (McAntiPhishingBHO)
BHO name: McAntiPhishingBHO
CLSID name: McAfee Phishing Filter
Path: C:\Program Files\McAfee\MSK\
Long name: mcapbho.dll
Short name:
Date (created): 8/1/2007 2:22:50 AM
Date (last access): 9/3/2007 12:02:50 AM Date (last write): 7/27/2007 6:20:22 AM
Filesize: 324936
Attributes: archive
MD5: 66E25138FEF507F412F4C83C5F6A8C2B
CRC32: 0DAD767F
Version: 9.0.212.0
{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 8/24/2007 10:48:36 AM Date (last access): 9/3/2007 9:40:30 AM Date (last write): 5/31/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0
{5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
BHO name:
CLSID name: DriveLetterAccess
description: Hewlett-Packard's DLA software
classification: Unknown
known filename: tfswshx.dll
info link:
info source: TonyKlein
Path: C:\WINDOWS\system32\dla\
Long name: tfswshx.dll
Short name:
Date (created): 6/10/2005 11:21:28 PM Date (last access): 9/3/2007 9:55:38 AM Date (last write): 12/6/2004 2:05:00 AM
Filesize: 118842
Attributes: archive
MD5: 37943B990D318145D1EFCBEEF8F9566A
CRC32: C6D87067
Version: 1.4.8.0
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
BHO name: scriptproxy
CLSID name: scriptproxy
Path: C:\Program Files\McAfee\VirusScan\
Long name: scriptsn.dll
Short name:
Date (created): 8/7/2007 7:22:02 PM
Date (last access): 9/3/2007 12:02:26 AM Date (last write): 7/24/2007 12:02:40 PM
Filesize: 66880
Attributes: archive
MD5: 7586AE543FCEEBC47892D112628B70A9
CRC32: D1B86D73
Version: 14.0.0.349
--- ActiveX list ---
{5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control)
DPF name:
CLSID name: Facebook Photo Uploader Control
Installer: C:\WINDOWS\Downloaded Program Files\FacebookPhotoUploader.inf
Codebase:
http://upload.facebook.com/controls/FacebookPhotoUploader.cab
description:
classification: Open for discussion
known filename: FacebookPhotoUploader.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: FacebookPhotoUploader.ocx
Short name: FACEBO~1.OCX
Date (created): 11/3/2005 9:17:36 PM Date (last access): 9/3/2007 12:08:22 AM Date (last write): 11/3/2005 9:17:36 PM
Filesize: 1935120
Attributes: archive
MD5: 5A39F109CB87893FD683F49699BCE2B4
CRC32: 729D4EBC
Version: 3.5.122.2
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
DPF name:
CLSID name: MUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\muweb.inf
Codebase:
http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/cli
ent/muweb_site.cab?1188826446755
description:
classification: Legitimate
known filename: muweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: muweb.dll
Short name:
Date (created): 7/30/2007 7:18:34 PM Date (last access): 9/3/2007 9:34:12 AM Date (last write): 7/30/2007 7:18:34 PM
Filesize: 207736
Attributes: archive
MD5: 8038B166CE79E58E193566150CE26465
CRC32: 9137D395
Version: 7.0.6000.381
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_03
Installer:
Codebase: http://java.sun.com/products/plugin/autodl/jinstall-
142-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\j2re1.4.2_03\bin\
Long name: NPJPI142_03.dll
Short name: NPJPI1~1.DLL
Date (created): 11/19/2003 6:48:18 PM Date (last access): 9/3/2007 12:13:06 AM Date (last write): 11/19/2003 6:48:12 PM
Filesize: 65650
Attributes: archive
MD5: 2AD31341BE41AC9B086128AD86A2B53F
CRC32: 081CFB35
Version: 1.4.2.30
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_03
Installer:
Codebase: http://java.sun.com/products/plugin/autodl/jinstall-
142-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi142_03.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\j2re1.4.2_03\bin\
Long name: NPJPI142_03.dll
Short name: NPJPI1~1.DLL
Date (created): 11/19/2003 6:48:18 PM Date (last access): 9/3/2007 10:02:28 AM Date (last write): 11/19/2003 6:48:12 PM
Filesize: 65650
Attributes: archive
MD5: 2AD31341BE41AC9B086128AD86A2B53F
CRC32: 081CFB35
Version: 1.4.2.30
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase:
http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9b.ocx
Short name:
Date (created): 11/9/2006 3:46:28 PM Date (last access): 9/3/2007 9:29:20 AM Date (last write): 11/9/2006 3:46:28 PM
Filesize: 2262648
Attributes: readonly archive
MD5: F3B3EE66CA76C94510555ABE9D00A353
CRC32: A51F3CB4
Version: 9.0.28.0
--- Process list ---
PID: 0 ( 0) [System]
PID: 540 ( 4) \SystemRoot\System32\smss.exe
PID: 908 ( 540) \??\C:\WINDOWS\system32\csrss.exe
PID: 932 ( 540) \??\C:\WINDOWS\system32\winlogon.exe
PID: 976 ( 932) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 988 ( 932) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1144 ( 976) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1208 ( 976) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1400 ( 976) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1488 ( 976) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1564 ( 976) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1888 ( 976) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
size: 566616
MD5: 17AA6F937CFCDE9A7D464C7D53A8531F
PID: 1920 ( 932) C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
size: 389120
MD5: 17F5221A41F70386CD352AEE30CEA56F
PID: 260 (2004) C:\WINDOWS\Explorer.EXE
size: 1033216
MD5: 97BD6515465659FF8F3B7BE375B2EA87
PID: 536 ( 976) C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
size: 749904
MD5: 6309670BF9BF87C05F2C68DE2B73BA9E
PID: 620 ( 976) C:\Program Files\McAfee\MPF\MPFSrv.exe
size: 856864
MD5: 346F30F1FF73553AA466F4AE7948DA00
PID: 904 (1144) C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
size: 582992
MD5: 9405B452064BFA6A0F78E2F177A988A4
PID: 1944 (1580) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 472 (1144) C:\Program Files\McAfee\MSC\mcuimgr.exe
size: 265040
MD5: 02800372FA7F33E4042DA92D362D6573
PID: 1544 ( 260) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System
--- Browser start & search pages list --- Spybot - Search & Destroy browser pages report, 9/3/2007 10:02:28 AM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.thefacebook.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Main\Default_Page_URL
http://www.dell4me.com/myway
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.dell4me.com/myway
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Main\Default_Page_URL
http://www.dell4me.com/myway
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Main\Default_Search_URL
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list --- Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{17F6A272-352D-42CE-
BD47-3CD1EB615A08}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{17F6A272-352D-42CE-
BD47-3CD1EB615A08}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{00B8E8A1-6BAF-4B96-
B619-9F6A6E66DF30}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{00B8E8A1-6BAF-4B96-
B619-9F6A6E66DF30}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA219350-B25F-4304-
B0A7-CA6C15D25C3F}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA219350-B25F-4304-
B0A7-CA6C15D25C3F}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C8FB8631-14EB-4BD0-
9EBA-74664FE3AF1E}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C8FB8631-14EB-4BD0-
9EBA-74664FE3AF1E}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9DDF534A-782E-4E4C-
85D1-002DB44D4C23}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9DDF534A-782E-4E4C-
85D1-002DB44D4C23}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A253742E-8EF2-40B9-
AE69-87D5C50C4E0C}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A253742E-8EF2-40B9-
AE69-87D5C50C4E0C}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD NetBIOS *
Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\winrnr.dll DB protocol: NTDS
Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: NLA-Namespace
Hello sstites,
You are running Spybot - Search & Destroy version: 1.4 which you have not updated since 2007. We are at version 1.6 and the latest definitions were released 2008-12-23.
Also,
Path: C:\Program Files\McAfee\VirusScan\
Long name: scriptsn.dll
Short name:
Date (created): 8/7/2007 7:22:02 PM
Date (last access): 9/3/2007 12:02:26 AM Date (last write): 7/24/2007
Have you updated?
Please see:
Sun Microsystems~Java. Security vunerability in older versions left on system (http://forums.spybot.info/showpost.php?p=12880&postcount=2)
Regarding:
(Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_03
Sigma675 your post has been split off to here: http://forums.spybot.info/showthread.php?t=42564
1. Investigations of Spyhunter Version 3.9.25 of 18-03-2009 show,
that the software does not comply with the ASCs
(http://www.antispywarecoalition.org) definitions for
classification as malware or spyware.
2. Safer-Networking Ltd. will not give subsequent reviews of older
versions of Spyhunter.
3. Questions about data transfered to the web by Spyhunter should be
addressed to Enigma.
4. If you suspect Spyhunter (later than 3.9.25 of 18-03-2009) of
complying with ASCs definitons for classification as malware,
please send your information to detections@spybot.info