Results 1 to 7 of 7

Thread: Malware removal problem

  1. #1
    Junior Member
    Join Date
    Sep 2008
    Posts
    3

    Unhappy Malware removal problem

    Can anyone help? The last few times I have run Spybot is has successfully identified several problems including Adrevolver, BurstMedia, CasaleMedia, DoubleClick, FastClick, Hitbox, MediaPlex, Statcounter, Webtrends live and Zedo. I have clicked “Fix selected problems” and got the message “32 problems fixed”. The problems remain in the "Scan for problems page” however and are still there when I re-scan.

    I have Spybot 1.6.0.30, running on XP SP3. I have updated Spybot twice, rebooted, rerun the scan, all the items in the list were checked but still they are there.

    I am considering un-installing and re-installing Spybot as my next step. Is this a known problem and or does anyone have any alternative suggestions?

  2. #2
    Senior Member 129260's Avatar
    Join Date
    Sep 2007
    Location
    Somewhere in the USA
    Posts
    1,139

    Lightbulb have you....

    tried scanning in safe mode and removing them there? If you need directions to do that let me know and i can help you.

    Also, if safe mode cannot get rid of them, let us know immediately.
    "I am learning just like everyone else"
    new members!
    Custom built PC. Windows 7 pro x64 16GB Ram
    AMD FX 8 core 8350 Black edition
    SABERTOOTH 990FX/GEN3 R2.0
    Asus HD 7870 2GB GDDR5

  3. #3
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    BaadB:

    All those problems sound like tracking cookies.

    Please post a log of the actual detections you are getting. To do that:
    • Run another scan.
    • When the scan completes, right click on the results list, select "Copy results to clipboard".
    • Then paste (Ctrl+V) those results to a new post in this thread.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  4. #4
    Junior Member
    Join Date
    Sep 2008
    Posts
    3

    Post Safe no difference and report as requested

    Hey thnx 129260 & mdusaspybotfan, I have tried running in safe and got same result, problems remain.

    Below is the result of the latest scan as requested, note I copied this report after running “fix selected problems” and all the problems were selected.

    I only copied the first section of the report as the whole report was too long to post, 224685 characters long...


    --- Search result list ---
    Hint of the Day: Click the bar at the right of this to see more information! ()


    AdRevolver: Tracking cookie (Flock: default) (Cookie, nothing done)


    AdRevolver: Tracking cookie (Flock: default) (Cookie, nothing done)


    MediaPlex: Tracking cookie (Flock: default) (Cookie, nothing done)


    BurstMedia: Tracking cookie (Flock: default) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Flock: default) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Flock: default) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Flock: default) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Flock: default) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Flock: default) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Flock: default) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Flock: default) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Flock: default) (Cookie, nothing done)


    DoubleClick: Tracking cookie (Flock: default) (Cookie, nothing done)


    AdRevolver: Tracking cookie (Flock: default) (Cookie, nothing done)


    HitBox: Tracking cookie (Flock: default) (Cookie, nothing done)


    HitBox: Tracking cookie (Flock: default) (Cookie, nothing done)


    FastClick: Tracking cookie (Flock: default) (Cookie, nothing done)


    FastClick: Tracking cookie (Flock: default) (Cookie, nothing done)


    FastClick: Tracking cookie (Flock: default) (Cookie, nothing done)


    FastClick: Tracking cookie (Flock: default) (Cookie, nothing done)


    HitBox: Tracking cookie (Flock: default) (Cookie, nothing done)


    MediaPlex: Tracking cookie (Flock: default) (Cookie, nothing done)


    MediaPlex: Tracking cookie (Flock: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Flock: default) (Cookie, nothing done)


    Zedo: Tracking cookie (Flock: default) (Cookie, nothing done)


    Zedo: Tracking cookie (Flock: default) (Cookie, nothing done)


    Zedo: Tracking cookie (Flock: default) (Cookie, nothing done)


    Zedo: Tracking cookie (Flock: default) (Cookie, nothing done)


    Zedo: Tracking cookie (Flock: default) (Cookie, nothing done)


    Zedo: Tracking cookie (Flock: default) (Cookie, nothing done)


    AdRevolver: Tracking cookie (Flock: default) (Cookie, nothing done)


    WebTrends live: Tracking cookie (Flock: default) (Cookie, nothing done)



    --- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

    2008-07-07 blindman.exe (1.0.0.8)
    2008-07-07 SDFiles.exe (1.6.0.4)
    2008-07-07 SDMain.exe (1.0.0.6)
    2008-07-07 SDShred.exe (1.0.2.3)
    2008-07-07 SDUpdate.exe (1.6.0.8)
    2008-07-07 SDWinSec.exe (1.0.0.12)
    2008-07-07 SpybotSD.exe (1.6.0.30)
    2008-08-18 TeaTimer.exe (1.6.2.23)
    2008-08-18 unins000.exe (51.49.0.0)
    2008-07-07 Update.exe (1.6.0.7)
    2008-07-07 advcheck.dll (1.6.1.12)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2008-07-07 SDHelper.dll (1.6.0.12)
    2008-06-19 sqlite3.dll
    2008-07-07 Tools.dll (2.1.5.7)
    2008-09-02 Includes\Adware.sbi (*)
    2008-09-09 Includes\AdwareC.sbi (*)
    2008-06-03 Includes\Cookies.sbi (*)
    2008-09-02 Includes\Dialer.sbi (*)
    2008-09-09 Includes\DialerC.sbi (*)
    2008-07-23 Includes\HeavyDuty.sbi (*)
    2008-09-02 Includes\Hijackers.sbi (*)
    2008-09-02 Includes\HijackersC.sbi (*)
    2008-09-09 Includes\Keyloggers.sbi (*)
    2008-09-23 Includes\KeyloggersC.sbi (*)
    2008-09-09 Includes\Malware.sbi (*)
    2008-09-23 Includes\MalwareC.sbi (*)
    2008-09-02 Includes\PUPS.sbi (*)
    2008-09-11 Includes\PUPSC.sbi (*)
    2007-11-07 Includes\Revision.sbi (*)
    2008-06-18 Includes\Security.sbi (*)
    2008-09-02 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2008-09-09 Includes\Spyware.sbi (*)
    2008-09-23 Includes\SpywareC.sbi (*)
    2008-06-03 Includes\Tracks.uti
    2008-09-16 Includes\Trojans.sbi (*)
    2008-09-23 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll



    --- System information ---
    Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
    / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    / Internet Explorer 6 / SP1: Windows XP Hotfix - KB916281
    / Internet Explorer 6 / SP1: Windows XP Hotfix - KB918439
    / MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
    / Outlook Express 6 / SP1: Windows XP Hotfix - KB911567
    / Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
    / Windows / SP1: Microsoft National Language Support Downlevel APIs
    / Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
    / Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
    / Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
    / Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
    / Windows Media Player 11: Security Update for Windows Media Player 11 (KB954154)
    / Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
    / Windows Media Player 8: Security Update for Windows Media Player 8 (KB917734)
    / Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734)
    / Windows XP: Security Update for Windows XP (KB923689)
    / Windows XP: Security Update for Windows XP (KB941569)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB928090)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB929969)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB931768)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB933566)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB937143)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB939653)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
    / Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB950759)
    / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB953838)
    / Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
    / Windows XP / SP2: Windows XP Service Pack 2
    / Windows XP / SP3: Windows XP Service Pack 3
    / Windows XP / SP4: Security Update for Windows XP (KB938464)
    / Windows XP / SP4: Security Update for Windows XP (KB946648)
    / Windows XP / SP4: Security Update for Windows XP (KB950760)
    / Windows XP / SP4: Security Update for Windows XP (KB950762)
    / Windows XP / SP4: Security Update for Windows XP (KB950974)
    / Windows XP / SP4: Security Update for Windows XP (KB951066)
    / Windows XP / SP4: Update for Windows XP (KB951072-v2)
    / Windows XP / SP4: Security Update for Windows XP (KB951376)
    / Windows XP / SP4: Security Update for Windows XP (KB951376-v2)
    / Windows XP / SP4: Security Update for Windows XP (KB951698)
    / Windows XP / SP4: Security Update for Windows XP (KB951748)
    / Windows XP / SP4: Update for Windows XP (KB951978)
    / Windows XP / SP4: Hotfix for Windows XP (KB952287)
    / Windows XP / SP4: Security Update for Windows XP (KB952954)
    / Windows XP / SP4: Security Update for Windows XP (KB953839)
    / Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)

  5. #5
    Senior Member
    Join Date
    Oct 2005
    Location
    Germany
    Posts
    5,263

    Default

    Hello,

    Doubleclick (and others like Advertising.com, Avenue A, Inc, CasaleMedia, Fastclick, Hitbox, Mediaplex etc.) are so-called tracking cookies. It is quite common for popular websites to employ such tracking cookies from third parties. They use them in order to track the users' surfing habits on their websites. As I said, these cookies are from third parties but they are employed by the site. There is a tool in Spybot-S&D: BrowserHelper, i.e. a bad download blocker for Internet Explorer. With this tool enabled such tracking cookies will be blocked. In order to activate this tool, please run Spybot-S&D and go to the "Tools"->"Resident" page. Checking the checkbox in front of SDHelper will enable the BrowserHelper.

    Now open the Tools menu in your Internet Explorer and choose 'Spybot - Search Destroy Configuration'.
    There you will find a drop down menu which will appear giving you some options.
    http://www.safer-networking.org/en/s...d15/index.html (3rd picture)
    You should select "Block all bad pages silently".
    With that option set the notifications will no longer come up, but you will still have the protection.
    Further choose "Spybot-S&D->Immunize" from the navigation bar on the left.
    Now the baddies are blocked.

    Best regards
    Sandra
    Team Spybot

  6. #6
    Junior Member
    Join Date
    Sep 2008
    Posts
    3

    Default Flock Browser

    Hi Sandra, thanks for your suggestions, I’m confused though.

    I went to Spybot-S&D, "Tools"->"Resident" page and SDHelper was already checked.

    I also went to Internet Explorer, and chose 'Spybot - Search Destroy Configuration' and "Block all bad pages silently" was already selected.

    I have also run "Spybot-S&D->Immunize" several times.

    I should point out that I do not generally use Internet Explorer, I use Firefox and Flock.

    BTW I went to Flock, Tools and there is no 'Spybot - Search Destroy Configuration' option, just in case that was what you really meant for me to do.

    Does this mean simply that the “Flock Browser” is not supported by Spybot and that’s the real problem?

    Any help is appreciated…

  7. #7
    Senior Member 129260's Avatar
    Join Date
    Sep 2007
    Location
    Somewhere in the USA
    Posts
    1,139

    Lightbulb maybe try.....

    unchecking them, wait a bit, then check them again, close spybot and restart? see if that helps
    "I am learning just like everyone else"
    new members!
    Custom built PC. Windows 7 pro x64 16GB Ram
    AMD FX 8 core 8350 Black edition
    SABERTOOTH 990FX/GEN3 R2.0
    Asus HD 7870 2GB GDDR5

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •