Results 1 to 7 of 7

Thread: ciaXPRegSvr20.dll ciaSCls20.dll ciaXPButton30.ocx

  1. #1
    Junior Member dpminusa's Avatar
    Join Date
    Aug 2010
    Location
    USA
    Posts
    3

    Default ciaXPRegSvr20.dll ciaSCls20.dll ciaXPButton30.ocx

    ciaXPRegSvr20.dll is flagged by the heuristic scan but ciaSCls20.dll and ciaXPButton30.ocx are not.

    Can some one explain this. I have quarantined the first one for now manually but am not sure how to deal with the total potential threat.

    Correct specification is 50% of the solution ...

  2. #2
    Senior Member Matt's Avatar
    Join Date
    Aug 2006
    Location
    Bavaria
    Posts
    1,169

    Default

    Hi dpminusa,



    if you aren't sure, whether this file is bad or not, you can upload the file(s) to VirusTotal.

    Moreover, if you think it's a false positive, you can post a new thread here. Make sure that you've read the sticky threads in this area first.
    Best regards - Beste Grüße,

    Matt

  3. #3
    Junior Member dpminusa's Avatar
    Join Date
    Aug 2010
    Location
    USA
    Posts
    3

    Default

    I know that ciaXPRegSvr20.dll is produced by http://www.ematrixsoft.com/icq-spy-monitor-software.htm {Edit http://www.mywot.com/en/scorecard/ematrixsoft.com } as a commercial product. It can be see as having some benefits to those that want to track what their children or a wandering spouse are doing. At least that is the sales pitch. So this seems to be somewhat of a philosophical debate type of product.

    My thought is, if I did not put the software on knowingly, it should not be there.

    So my question is really "are the latter two files part of the same product ICQ Spy and how do I completely remove it with the registry entries and any other parts of the system?"

    I am not sure that sending to the virus examination site is the way to get that information.

    Do you guys have information on ICQ Spy and how to completely remove it?

    Thanks for the quick reply Matt.
    Last edited by tashi; 2010-08-28 at 22:19. Reason: Disabled URL, added link
    Correct specification is 50% of the solution ...

  4. #4
    Senior Member Matt's Avatar
    Join Date
    Aug 2006
    Location
    Bavaria
    Posts
    1,169

    Default

    Quote Originally Posted by dpminusa View Post
    My thought is, if I did not put the software on knowingly, it should not be there.
    You're right. That sounds very suspicious.


    Quote Originally Posted by dpminusa View Post
    Do you guys have information on ICQ Spy and how to completely remove it?
    Me not, but as far as I know, Spybot has ICQ-SpyMonitor in it's database. Have you already updated Spybot and run a scan?
    Perhaps a member of Team Spybot will read through this thread and can give you an answer according to "information on ICQ Spy".

    I would like you to read through the thread "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance). After that, create your own thread in the Malware Removal Forum. Make sure that you add the DDS logfile. Moreover, describe your problem as good as you can. An analyst will help you as soon as possible.

    Quote Originally Posted by dpminusa View Post
    Thanks for the quick reply Matt.
    You're welcome.
    Last edited by Matt; 2010-08-28 at 21:09.
    Best regards - Beste Grüße,

    Matt

  5. #5
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello dpminusa,
    Quote Originally Posted by dpminusa View Post
    ciaXPRegSvr20.dll is flagged by the heuristic scan but ciaSCls20.dll and ciaXPButton30.ocx are not.
    To clarify, is this dll being flagged by Spybot-S&D?
    Quote Originally Posted by Matt View Post
    but as far as I know, Spybot has ICQ-SpyMonitor in it's database.
    Correct: http://www.safer-networking.org/en/threats/1916.html

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  6. #6
    Senior Member Matt's Avatar
    Join Date
    Aug 2006
    Location
    Bavaria
    Posts
    1,169

    Default

    Quote Originally Posted by dpminusa View Post
    ciaXPRegSvr20.dll is flagged by the heuristic scan but ciaSCls20.dll and ciaXPButton30.ocx are not.
    Quote Originally Posted by tashi View Post
    To clarify, is this dll being flagged by Spybot-S&D?
    Did you use Spybot's single file scanner? I suppose so.

    To both of you: Have a nice weekend.
    Best regards - Beste Grüße,

    Matt

  7. #7
    Junior Member dpminusa's Avatar
    Join Date
    Aug 2010
    Location
    USA
    Posts
    3

    Default

    To locate the suspicious files I used the following crude method:

    1. Used PC Wizard to scan the Files in C:/Windows/System32 folder looking for funky strings in the description field and/or suspicious file names.
    2. Any that caught my eye were scanned with Spybot single file scanner.
    3. Previously I had scanned my system with the latest S&D definitions.

    So why the system scan did not find anything and the single file scan did is not clear to me.

    I think I understand the purpose of Safer-Networks, Spybot, and your forum. I will reread your rules. I am just asking a simple question as I see it, though.

    Thanks for your help.
    Correct specification is 50% of the solution ...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •