View Full Version : Malware could not be removed
Because of suspicious behavior on my computer, I suspected malware and ran Spybot. It reported 14 problems. When I clicked "remove malware" (see attached screenshot), it failed and I kept getting the message "Spybot – Search & Destroy could not clean these entries in <#> attempts", where #eventually got up to 5.
When I reread Spybot, it was able to successfully remove all malware.
However, I don't exactly have the warm fuzzies about the earlier failures to remove the malware.
Anyone have any ideas of what went wrong? Do you think my problem is actually fixed?
Note: for the life of me, I can't figure out how I could've gotten malware. I am incredibly careful: testing every link (on 3 security websites) and every download file (with Spybot, Malwarebytes, Super Anti-Spyware and Microsoft Defender), even from trusted resources. I also have several security add-ons to Firefox (Noscript, Ublock Origin, Adblock Plus, etc.) Go figure
I can't see all of them, but of the 14 items you said were found I can see eleven of them. Those eleven items just appear to be tracks type items:
https://www.safer-networking.org/faq/usage-tracks/
If you're uncertain if the other items may not be usage tracks, then you can post a logfile. To do so, you'd open Spybot-S&D Start Center, if it's in overview mode then click Show Details on the lower left corner. click System scan, over to the left click Show previous logs,open the Checks logfile with the date of when you did your scan(example:Checks.121221-1908),go to Edit,select all,then rightclick and copy,then paste the logfile here.
Or, due to feeling there is suspicious behaviour on your computer and if you feel it may be due to malware, you could ask for help in the malware removal forum. If you want to do that you'd read and follow the before you post sticky:
https://forums.spybot.info/showthread.php?288-quot-BEFORE-You-POST-quot-(Please-read-this-Procedure-Before-Requesting-Assistance)-Updated
Then post in the malware removal forum:
https://forums.spybot.info/forumdisplay.php?22-Malware-Removal
Zenobia ,
Thank you so very much for all this info!
Because I am very obsessed about cybersecurity, I have gladly accepted your kind offer to paste the results from the check file at the end of this post.
I am very uncertain about whether I really had malware. The program acting suspiciously – Dragon NaturallySpeaking – is the buggiest, most frustrating piece of software I have ever used. When ever I report problems to a user forum for Dragon, I'm often told I must have malware, even in cases where I can prove that it could not be malware.
In any case, whenever there is suspicious behavior, it is reasonable to check for malware, so I did.
Here is the check file Search results from Spybot - Search & Destroy
2/12/2021 10:31:02 PM
Scan took 00:32:13.
13 items found.
Log: [SBI $ASBRHIST] Install: setupact.log (File, nothing done)
C:\Windows\setupact.log
Category=Tracks
ThreatLevel=2
Weblink=http://forums.spybot.info/forumdisplay.php?54
Properties.size=5660
Properties.md5=9D40B241432C8B984F46AEF83EF45078
Properties.filedate=1613061120
Properties.filedatetext=2021-02-11 16:31:59
7-Zip: [SBI $12C3A52C] Folder history (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2319851285-2741104366-3891530980-1001\Software\7-ZIP\FM\FolderHistory
Category=Tracks
ThreatLevel=2
Weblink=http://forums.spybot.info/forumdisplay.php?54
7-Zip: [SBI $3D5692BD] Last used folder (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2319851285-2741104366-3891530980-1001\Software\7-ZIP\FM\PanelPath0
Category=Tracks
ThreatLevel=2
Weblink=http://forums.spybot.info/forumdisplay.php?54
MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2319851285-2741104366-3891530980-1001\Software\Microsoft\Microsoft Management Console\Recent File List
Category=Tracks
ThreatLevel=2
Weblink=http://forums.spybot.info/forumdisplay.php?54
MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2319851285-2741104366-3891530980-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
Category=Tracks
ThreatLevel=2
Weblink=http://forums.spybot.info/forumdisplay.php?54
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2319851285-2741104366-3891530980-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Category=Tracks
ThreatLevel=2
Weblink=http://forums.spybot.info/forumdisplay.php?54
Cookie: [SBI $BCOOKIES] Browser: Cookie (5) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54
Cache: [SBI $BCACHE00] Browser: Cache (45) (Browser: Cache, nothing done)
Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54
History: [SBI $BHISTORY] Browser: History (168) (Browser: History, nothing done)
Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54
Cookie: [SBI $BCOOKIES] Browser: Cookie (468) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54
Cookie: [SBI $BCOOKIES] Browser: Cookie (50) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54
Cache: [SBI $BCACHE00] Browser: Cache (3532) (Browser: Cache, nothing done)
Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54
History: [SBI $BHISTORY] Browser: History (10) (Browser: History, nothing done)
Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54
--- Spybot - Search & Destroy version: 2.8.68.132 DLL (build: 20200426) ---
2019-03-19 blindman.exe (2.8.67.152)
2018-01-05 enableKB4056892.exe (2.7.64.0)
2020-04-26 explorer.exe (2.8.68.193)
2019-03-19 SDBootCD.exe (2.8.67.109)
2019-03-19 SDCleaner.exe (2.8.67.110)
2019-03-19 SDDelFile.exe (2.8.67.94)
2020-04-26 SDFiles.exe (2.8.68.138)
2020-04-26 SDFileScanHelper.exe (2.8.68.8)
2020-04-26 SDFSSvc.exe (2.8.68.220)
2019-03-19 SDHelp.exe (2.8.67.1)
2020-12-22 SDHookHelper.exe (2.7.64.2)
2020-12-22 SDHookInst32.exe (2.7.64.2)
2020-12-22 SDHookInst64.exe (2.7.64.2)
2019-09-04 SDImmunize.exe (2.8.67.133)
2020-03-24 SDLicense.exe (2.8.67.3)
2019-03-19 SDLogReport.exe (2.8.67.107)
2017-11-28 SDOnAccess.exe (2.6.46.11)
2019-03-19 SDPESetup.exe (2.8.67.3)
2019-03-19 SDPEStart.exe (2.8.67.86)
2019-03-19 SDPhoneScan.exe (2.8.67.29)
2019-03-19 SDPRE.exe (2.8.67.22)
2019-03-19 SDPrepPos.exe (2.8.67.15)
2019-03-19 SDQuarantine.exe (2.8.67.103)
2019-03-19 SDRootAlyzer.exe (2.8.67.116)
2019-03-19 SDSBIEdit.exe (2.8.67.39)
2020-04-26 SDScan.exe (2.8.68.193)
2019-03-19 SDScript.exe (2.8.67.54)
2020-03-04 SDSettings.exe (2.8.67.140)
2019-03-19 SDShell.exe (2.8.67.2)
2019-03-19 SDShred.exe (2.8.67.108)
2020-04-26 SDSpybotLab.exe (2.8.68.0)
2019-03-19 SDSysRepair.exe (2.8.67.102)
2019-03-19 SDTools.exe (2.8.67.157)
2019-03-19 SDTray.exe (2.8.67.129)
2020-04-26 SDUpdate.exe (2.8.68.100)
2020-04-26 SDUpdSvc.exe (2.8.68.83)
2018-08-08 SDUpgrade.exe (2.7.65.0)
2020-04-26 SDWelcome.exe (2.8.67.138)
2019-09-04 SDWSCSvc.exe (2.8.66.0)
2018-09-03 Spybot3.LicenseInstaller.exe
2019-07-31 Spybot3ELAMSetupConsole.exe (3.4.0.0)
2020-12-22 SpybotLPTests.v2.exe (2.8.68.0)
2020-01-15 spybotsd2-install-bdcore-update-2020a.exe (2.8.67.0)
2020-12-16 unins000.exe (51.1052.0.0)
2017-11-28 xcacls.exe
2017-11-28 borlndmm.dll (10.0.2288.42451)
2018-01-29 DelZip190.dll (1.9.0.119)
2018-01-29 DelZip192.dll (1.9.2.136)
2018-01-29 libeay32.dll (1.0.2.14)
2017-11-28 libssl32.dll (1.0.0.4)
2019-03-19 NotificationSpreader.dll (2.8.67.4)
2019-03-19 SDAdvancedCheckLibrary.dll (2.8.67.98)
2020-04-26 SDAV.dll (2.4.40.7)
2019-03-19 SDECon32.dll (2.8.67.114)
2019-04-15 SDECon64.dll (2.8.67.113)
2019-03-19 SDEvents.dll (2.8.67.2)
2020-04-26 SDFileScanLibrary.dll (2.8.68.25)
2020-12-22 SDHook32.dll (2.7.64.2)
2020-12-22 SDHook64.dll (2.7.64.2)
2019-09-04 SDImmunizeLibrary.dll (2.8.67.5)
2019-03-19 SDLicense.dll (2.8.67.3)
2019-03-19 SDLists.dll (2.8.67.8)
2020-03-24 SDResources.dll (2.8.67.10)
2020-04-26 SDScanLibrary.dll (2.8.68.132)
2019-03-19 SDTasks.dll (2.8.67.15)
2019-03-19 SDWinLogon.dll (2.8.67.0)
2018-01-29 sqlite3.dll (3.22.0.0)
2018-01-29 ssleay32.dll (1.0.2.14)
2019-03-19 Tools.dll (2.8.67.36)
2019-07-03 Includes\Adware-000.sbi (*)
2018-09-24 Includes\Adware-001.sbi (*)
2018-09-24 Includes\Adware-002.sbi (*)
2018-09-24 Includes\Adware-003.sbi (*)
2021-02-10 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2018-06-20 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2017-01-30 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2016-07-06 Includes\Fraud-003.sbi (*)
2013-04-10 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2018-04-04 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2016-05-27 Includes\Keyloggers-000.sbi (*)
2020-04-01 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2019-08-30 Includes\Malware-000.sbi (*)
2019-05-08 Includes\Malware-001.sbi (*)
2018-04-12 Includes\Malware-002.sbi (*)
2019-11-20 Includes\Malware-003.sbi (*)
2018-04-13 Includes\Malware-004.sbi (*)
2018-08-16 Includes\Malware-005.sbi (*)
2018-09-04 Includes\Malware-006.sbi (*)
2018-12-10 Includes\Malware-007.sbi (*)
2021-02-03 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2014-01-13 Includes\MalwareC.sbi (*)
2018-05-02 Includes\PUPS-000.sbi (*)
2020-12-07 Includes\PUPS-001.sbi (*)
2018-05-02 Includes\PUPS-002.sbi (*)
2018-05-02 Includes\PUPS-003.sbi (*)
2018-05-02 Includes\PUPS-004.sbi (*)
2021-02-10 Includes\PUPS-C.sbi (*)
2014-01-13 Includes\PUPS.sbi (*)
2014-01-13 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2018-08-01 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2015-11-11 Includes\Spyware-000.sbi (*)
2015-05-06 Includes\Spyware-001.sbi (*)
2020-07-29 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2018-07-13 Includes\Trojans-000.sbi (*)
2018-07-03 Includes\Trojans-001.sbi (*)
2018-04-13 Includes\Trojans-002.sbi (*)
2018-09-21 Includes\Trojans-003.sbi (*)
2018-11-28 Includes\Trojans-004.sbi (*)
2018-11-19 Includes\Trojans-005.sbi (*)
2018-08-16 Includes\Trojans-006.sbi (*)
2018-11-06 Includes\Trojans-007.sbi (*)
2018-09-21 Includes\Trojans-008.sbi (*)
2018-11-28 Includes\Trojans-009.sbi (*)
2018-06-21 Includes\Trojans-010.sbi (*)
2021-02-10 Includes\Trojans-C.sbi (*)
2016-02-02 Includes\Trojans-OG-000.sbi (*)
2018-11-21 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2018-11-20 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2015-11-09 Includes\Trojans-ZB-000.sbi (*)
2018-04-06 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
You're welcome. :)
All items in your logfile are either in the Tracks category, or the Browser category. And they are in the threat category 1 o 2, which means they are classed as low threat items. For example:
Log: [SBI $ASBRHIST] Install: setupact.log (File, nothing done)
C:\Windows\setupact.log
Category=Tracks
ThreatLevel=2
And this is a browser category example from your logfile:
History: [SBI $BHISTORY] Browser: History (10) (Browser: History, nothing done)
Category=Browser
ThreatLevel=1
Weblink=http://forums.spybot.info/forumdisplay.php?54
After each system scan Spybot does, if you click Show Details in the lower right, then click on any of the items found, in the pane to the left under Details, it will show the product found, the category Spybot categorizes it as, and then the threat number, 1 and 2 would be low. 10 would be the highest threat level as I recall. And then below that it shows Estimated Danger. Tracks would show as Marginal.
All things in your logfile would be listed as Marginal, so that certainly looks to be good news. That being said, while most times antimalware products detect when something is up with malware, if there is suspicious activity on your computer or things just don't seem right, etc., then don't hesitate to go to the malware removal forum I linked to above. :)