Results 1 to 2 of 2

Thread: SBUSA adware- how to get writ of it?

  1. #1
    Junior Member
    Join Date
    May 2010
    Posts
    6

    Angry SBUSA adware- how to get writ of it?

    Hello I search this forum for related thread and found: this one http://forums.spybot.info/showthread.php?t=39875

    but my case has completely different scenario:

    Before the log let me just say a few words.
    How I learned that i have something is that my websites got hacked and hosting company and google webmaster tools team both suggested that my ftp login info was hijacked and used- and i only use it from my laptop via cuteFTP.

    So I ran full Norton scan and it found the following adware and 3 cookies.
    (i ran it with internet unplugged) and after the removal and restart the same adware and cookies appeared again in norton scan).
    I also ran Spybot in advanced mode and it didn't find a single thing.
    Please if someone can provide me with step by step instructions on how to get writ it I would highly appreciate it.

    Here is my Norton 360 log:

    Resolved Threats:
    Adware.Hotbar
    Type: Anomaly
    Risk: Low (Low Stealth, Low Removal, Medium Performance, Low Privacy)
    Categories: Adware
    Status: Restart Required
    -----------
    13 Registry Entries
    HKEY_USERS\S-1-5-19\Software\sbusa - Restart Required
    HKEY_USERS\S-1-5-21-507921405-2077806209-1801674531-500\Software\sbusa - Restart Required
    HKEY_USERS\S-1-5-20\Software\sbusa - Restart Required
    HKEY_USERS\.DEFAULT\Software\sbusa - Restart Required
    HKEY_USERS\S-1-5-19\Software\ShoppingReport - Restart Required
    HKEY_USERS\S-1-5-21-507921405-2077806209-1801674531-500\Software\ShoppingReport - Restart Required
    HKEY_USERS\S-1-5-20\Software\ShoppingReport - Restart Required
    HKEY_USERS\.DEFAULT\Software\ShoppingReport - Restart Required
    HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3->1601:1 - Repaired
    HKEY_USERS\S-1-5-21-507921405-2077806209-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3->1601:1 - Repaired
    HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3->1601:1 - Repaired
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3->1601:1 - Repaired
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search->SearchAssistant:http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm - Repaired


    2 Tracking Cookies
    Type: Anomaly
    Risk: Low (Low Stealth, Low Removal, Low Performance, Low Privacy)
    Categories: Cookie
    Status: Fully Resolved
    -----------
    2 Tracking Cookies
    Cookie:administrator@atdmt.com/ - Deleted
    - Deleted
    -----

    thank you

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,668

    Default

    Hello infisoul,

    For someone to take a look at the laptop please see this forum's FAQ to post a preliminary DDS log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) and start a new topic.

    Quote Originally Posted by infisoul View Post
    How I learned that i have something is that my websites got hacked and hosting company and google webmaster tools team both suggested that my ftp login info was hijacked and used- and i only use it from my laptop via cuteFTP.
    Stopbadware.org
    Information for Website Owners
    Tips for Cleaning & Securing Your Website

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •