Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: ABetterInternet false positive?

  1. #1
    Junior Member
    Join Date
    Jan 2007
    Posts
    3

    Default ABetterInternet false positive?

    Hi,

    I am using S&D ver 1.3 and I update my defs files and scan often. Yesterday, after updating all my defs to the latest, the scan found something called "ABetterInternet", which had 4 registry entries (sorry, I didn't save
    the exact details of those 4 entries).

    I proceeded to fix that issue, then I rebooted and rescanned. I was surprised to see "ABetterInternet" was back. The reistry value in question this time was:

    ========================
    ABetterInternet: Autorun settings (NvCplDaemon) (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon
    ========================

    I did more research into ABetterInternet, and found some sites that list what files/reg entries to remove in order to manually remove this spyware. I had none of the listed culprits.

    Although this does appear to be a valid autorun entry, I won't have peace of mind until I know if this is indeed a false positive.

    Thanks!
    Matt

  2. #2
    Member of Team Spybot Buster's Avatar
    Join Date
    Oct 2005
    Location
    Bochum/Germany
    Posts
    389

    Default

    Hello Matt,

    please take a look at Spybot´s logs folder to find out which entries have been deleted by Spybot. Usually the logs folder can be found at "C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs" or "C:\Documents and Settings\your user name\Application Data\Spybot - Search & Destroy\Logs".
    Which operating system do you run?
    "The advantage of wisdom is that you can always act the fool. The opposite is quite tough."

    K. Tucholsky

    _______________________________________________________________

    Please help us improve Spybot and download our distributed testing client.

  3. #3
    Junior Member
    Join Date
    Jan 2007
    Posts
    3

    Default Log info

    Hi,

    Here is the pertinent info from the log. Please let me know if you need more. I am running WinXP Pro SP2. Thanks!

    ABetterInternet: Autorun settings (NvMediaCenter) (Registry value, fixed)
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvMediaCenter

    ABetterInternet: Autorun settings (NvCplDaemon) (Registry value, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon

    ABetterInternet: Autorun settings (NvMediaCenter) (Registry value, fixing failed)
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvMediaCenter

    ABetterInternet: Autorun settings (NvMediaCenter) (Registry value, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvMediaCenter

  4. #4
    Junior Member
    Join Date
    Jan 2007
    Posts
    2

    Default Same problem with ABetterInternet

    Hi Forum!

    Ever since a recent download of definitions, etc..., when Spybot is run, it finds "ABetterInternet" cleans it, then after reboot finds it again. First time I ran Spybot after the download, there were two Reg entries:

    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvMediaCenter
    &
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon

    Now only the ...\Run\NvCplDaemon continues to reappear after reboot.

    Really tired of trying to fix this (Google search: ABetterInternet) brings up a lot of sites, many of which say they analyze and fix the problem, then after scan, they want money to buy their 'fixit' part. (Censored Scream!)

    How about the SpyBot gurus? Can you identify files or Reg values that initiate the replacement of the NvCplDaemon and associated files, in a soon to be released update, or at least help us identify files or Reg values to manually delete? tried several 'solutions' found on the search engine, but so far, nothing has worked. Even did a system restore from early December (hoping whatever got in here was before that), but after updates, the damn thing reappeared. I've spent over 20 hours going nowhere. Please advise?

    Win XP Pro SP2

    JP

  5. #5
    Junior Member
    Join Date
    Jan 2007
    Posts
    2

    Default Same here with version 1.3, but not 1.4 !

    Hi,
    I also had Spybot version 1.3 start detecting the following very recently:

    ABetterInternet: Autorun settings (NvCplDaemon) (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon

    Registry value is RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    I don't have the Nvidia media center installed, so no complaints about that registry setting.

    Nothing was detected by another scanner. I uninstalled Spybot version 1.3 and installed version 1.4 and updated it. I no longer get this detection.

    P.S. I should also note that I upgraded my Nvidia drivers to 93.71 recently.

  6. #6
    Junior Member
    Join Date
    Jan 2007
    Posts
    2

    Default Same here with version 1.3, but not 1.4 ! Additional Info

    Hi again,
    Oops, I forgot to mention that I believe NvCpl.dll is the NVIDIA Display Properties Extension (for the control panel).

  7. #7
    Junior Member
    Join Date
    Jan 2007
    Posts
    2

    Default No longer detecting ABetterInternet

    Thanks for the solution! Upgraded to 1.4 (was somewhat reluctant to do so as it seems there are less settings options as in 1.3) but SpyBot no longer detects "ABetterInternet". Checked Regedit and the NvCplDaemon still exists, with values RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup, but I do have NVIDIA GEForce4MX 440 with AGP8X graphics card, so I guess it's all good now. What an excellent product + an excellent forum for solving problems. Thanks to the SpyBot staff and forum contributors!

    Peace...

    JP

  8. #8
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,956

    Default

    Thank you for letting us know.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  9. #9
    Junior Member
    Join Date
    Jan 2007
    Posts
    1

    Question Is that official verification?

    Is that official verification that this is a false positive? I'd prefer not to go on someone's guess if someone on the spybot team could possibly verify.

  10. #10
    Member of Team Spybot Buster's Avatar
    Join Date
    Oct 2005
    Location
    Bochum/Germany
    Posts
    389

    Default

    @mattj: Do you use Spybot 1.4 or an older version? If you don´t use Spybot 1.4 ,please update.
    "The advantage of wisdom is that you can always act the fool. The opposite is quite tough."

    K. Tucholsky

    _______________________________________________________________

    Please help us improve Spybot and download our distributed testing client.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •