Mirar and Antivirus Override

[techpeasant]

Immunized and got latest updates.

Checked for problems with Spybot S&D in default mode.

2 problems found: Mirar
Antivirus Override

Clicked fix selected problems.

Spybot S&D could not fix problems because they were running.

Restarted computer.

Ran Spybot S&D on startup.

Same problems found.

[md usa spybot fan]

Please post a log of the actual detections you are getting. To do that:

• Run another scan.
• When the scan completes, right click on the results list, select "Copy results to clipboard".
• Then paste (Ctrl+V) those results to a new post in this thread.

[techpeasant]

Looks like there's more crap now!

Mirar: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\www\*!=W=4

Statcounter: Tracking cookie (Internet Explorer: Anthony) (Cookie, nothing done)


DoubleClick: Tracking cookie (Internet Explorer: Anthony) (Cookie, nothing done)


Advertising.com: Tracking cookie (Internet Explorer: Anthony) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-06-20 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-07-11 Includes\Cookies.sbi (*)
2007-05-30 Includes\Dialer.sbi (*)
2007-07-11 Includes\DialerC.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-07-11 Includes\HijackersC.sbi (*)
2007-07-11 Includes\Keyloggers.sbi (*)
2007-07-11 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-07-11 Includes\Malware.sbi (*)
2007-07-11 Includes\MalwareC.sbi (*)
2007-07-11 Includes\PUPS.sbi (*)
2007-07-11 Includes\PUPSC.sbi (*)
2007-07-11 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-07-11 Includes\SecurityC.sbi (*)
2007-07-11 Includes\Spybots.sbi (*)
2007-07-11 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-07-03 Includes\Trojans.sbi (*)
2007-07-11 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll

[md usa spybot fan]

techpeasant:

re: Mirar detection

The detection indicates that there is a registry entry in HKLM putting www.mirarsearch.com in an Internet Explorer zone other than the restricted zone.

If you are running Spybot from a computer administrator user account, I don't understand why that registry entry can not be fixed. I was able to create a registry entry to simulate the problem, run a Spybot "Check for problems" followed by a "Fix selected problems" and the problem was fixed.

While logged on to computer administrator user account, run another Spybot "Check for problems" followed by a "Fix selected problems". Then run another "Check for problems" and see if the problem is corrected. If not we'll try something else.

____________________________

re: Tracking cookies

Advertising.com, DoubleClick and Statcounter are Tracking Cookies. Tracking Cookies are cookies stored on your computer by a 3rd party not directly related to the web site you're currently viewing. The intention of this cookie is to track your movement as you surf between sites.

If you are running Internet Explorer the storing of these particular Tracking Cookies can be prevented by enabling Spybot's Browser Helper Object (BHO). To do this go into Spybot-S&D > Immunize. Look in the last section labeled "Permanently running bad download blocker for Internet Explorer". Check the following:

• "Enable permanent blocking of bad addresses in Internet Explorer"

In the pull-down below "Enable permanent blocking of bad addresses in Internet Explorer" there are three options:

• Block all pages silently
• Display dialog when blocking
• Ask for blocking confirmation

Many people find the messages that this facility can produce annoying. If you would like to keep the messages from popping and still block the tracking cookies, you can do that by selecting "Block all pages silently".

There is another way to prevent the downloading of Tracking Cookies in Internet Explorer (even those not blocked by Spybot's resident BHO) as well as the storing of Tracking Cookies in other WEB browsers. See:

• Why do other anti-spyware applications detect so many more tracking cookies?
  http://www.safer-networking.org/inde...=faq&detail=37

[techpeasant]

Every time I have ran a check for problems it was with the computer administrator user account. But, I ran it again. 1 entry found:Mirar. I Selected "fix Problems," and got this:

Some problems couldn't be fixed; the reason could be that the associated files are still in use (in memory).

This could be fixed after a restart. May Spybot S&D run on your next system startup?

yes no


and it's an endless cycle of restarting and checking and restarting and checking like malware purgatory.

I did copy results to clipboard again but I copied and pasted "computer administer user account" earlier and lost it because I had already closed Spybot S&D and I don't feel like waiting for another 1 1/2 hours for another scan result. uhg I'm gonna throw this thing out the window soon.

[md usa spybot fan]

Try running Spybot in Safe Mode and see if it will delete the entry.