PDA

View Full Version : Spybot won't clean/the files keeps showing up!


metaslob
2006-11-29, 05:39
This has been an on-going problem since august, whenever I do a Spybot search, these files always (more or less with some variation) shows up:
http://img.photobucket.com/albums/v712/reuptake/spybot005.png

That's todays first scan. Spybot tells me that 24 problems were fixed, ok! Reboot the computer, and let's have another go.

http://img.photobucket.com/albums/v712/reuptake/spybot006.png

Good, it took care of two problems, just 22 to go.

Lavasoft Ad-Aware SE finds nothing, but some html-trackers, AVG Free edition finds nothing, Kaspersky, pandasoftware and f-secure shows nothing. I've tried vundofix, VirtumundoBeGone, combofix - again, nothing.

I've blocked all third party cookies, running Firefox v 2.0, Windows XP NTFS - according to the guys over at geekstogo.com my HiJackThis logs looks clean as well, they had me do a GMER Rootkit scan - it didn't show anything.

So, we do another reboot - and... what?
http://img.photobucket.com/albums/v712/reuptake/spybot007.png
27 finds! hm...

So, after the guys over at geekstogo gave me up - any ideas what might be happening? Any help would be appreciated.
Yodama
2006-11-29, 09:52
hello Metaslob,

with your screenshots alone it is impossible to tell what exactly has been flagged by Spybot S&D. Most of the entries appear to be cookies.
But some like Win32.Small.ddx, HotsearchBar are definitely trojans/hijackers, ErrorSafe entries could be hijacker, malware and or cookies.
These may connect to the internet in background, thus leaving traces like new cookies.

It would be best if you submit a Spybot scanreport.
To get a Spybot scanreport you need to switch to "advanced mode".
Then go to "Tools", then "View Report"
Please do not post your report but attach it to your next post.
If the filesize is too large, then please zip the report file.
Unknown Source
2006-11-29, 16:48
It could be that the programs/executables that the spyware is associated with is already loaded up in your memory, try doing a scan before windows loads up if you havent already (it doesnt say that you have).

To do this open up advanced mode
->settings tab (bottom left)
->settings
find the system start header then click on
->run program once at next system start up

Then reboot and that should load up spybot which will do a scan before all of your user processes are loaded into the memory, that should hopefully solve your problem as not even the winsock protocols are loaded up when you do a scan this way, this way it cant be accessing the internet in the background so will not be in use.
spybotsandra
2006-11-30, 10:30
Hello,

Which version of Spybot Search and Destroy do you run?

Which browser do you use?

Best regards
Sandra
Team Spybot