-
Referred here from malware forum
Hi,
Ken545 recommended I post over here to get a recommendation due to better familiarity with Spybot. The thread is at http://forums.spybot.info/showthread.php?t=62518
I have a computer that SS&D has detections that the malware forum could not get rid of. The short log from Spybot is:
--- Search result list ---
Win32.Small.ddx: Bookmark (Firefox: Rex (default)) (Bookmark, nothing done)
Virtumonde: Bookmark (Firefox: Rex (default)) (Bookmark, nothing done)
Win32.Small.ddx: Bookmark (Firefox: Rex (default)) (Bookmark, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
If I tell Spybot to fix it then you get green checks but it does not go away.
Maybe a clue:These are NOT detected if the browser (Firefox) is open and are ONLY detected if the browser is closed.
Ken can't find any residual problem and I can't either. I probably should have mentioned that I have both a desktop AND a laptop that get the same detections.
So is this a false positive or something we just can't find?
Thanks,
Rex
-
Spybot Advisor Team
Those are in your Firefox bookmarks.They could be deleted manually from your Firefox browser,if need be.
If I'm remembering this right,a fuller Spybot logfile might show more info,which might make it easier finding the bookmarks,and possibly show if they could be a false positive.
Could you open Spybot ,then click Mode -> Advanced mode -> Tools > View Reports -> View Previous reports. Look for a Fixes.yymmdd-hhmm file where the bookmarks in question were fixed,and then copy and paste the logfile here?
-
Hi Zenobia,
Thanks very much for the reply.
There are some other items in this log as well but this is normal. Advertising cookies get installed just about everywhere you go in the browser.
-----Fixes.110519-0620.txt---------
--- Report generated: 2011-05-19 06:20 ---
Zedo: Tracking cookie (Firefox: Rex (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Rex (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Rex (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Rex (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Rex (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Rex (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Rex (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Rex (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Rex (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Rex (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Rex (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Rex (default)) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: Rex (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Rex (default)) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: Rex (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Rex (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Rex (default)) (Cookie, fixed)
CasaleMedia: Tracking cookie (Firefox: Rex (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Rex (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Rex (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Rex (default)) (Cookie, fixed)
Statcounter: Tracking cookie (Firefox: Rex (default)) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: Rex (default)) (Cookie, fixed)
Win32.Small.ddx: Bookmark (Firefox: Rex (default)) (Bookmark, fixed)
Virtumonde: Bookmark (Firefox: Rex (default)) (Bookmark, fixed)
Win32.Small.ddx: Bookmark (Firefox: Rex (default)) (Bookmark, fixed)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-05-03 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-05-17 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-05-17 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-05-10 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-05-17 Includes\Trojans.sbi (*)
2011-05-11 Includes\TrojansC-02.sbi (*)
2011-05-11 Includes\TrojansC-03.sbi (*)
2011-05-11 Includes\TrojansC-04.sbi (*)
2011-05-11 Includes\TrojansC-05.sbi (*)
2011-05-17 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
---------------
I am afraid it doesn't really show anything. I also opened up firefox "organize bookmarks" and searched for the win32 and virtumonde bookmarks. Neither are shown in the list of bookmarks.
Previously with Ken we looked for the occurance of Win32.Small.ddx on my machine in the registry or anywhere for that matter and did not find any occurrence of it.
I wonder why it shows Win32.Small.ddx twice?
Rex
-
Spybot Advisor Team
Guess it doesn't show the links.
I'll go see if I can get Spybot to detect a bookmark,so I can see if it shows the links at the end of the scan,if you click the plus sign.
-
Spybot Advisor Team
Okay,yes,it should show them.
Could you scan with Spybot,and after the two Win32.Small.ddx and the Virtumonde bookmark are detected,could you please click the plus sign next to them,and it should show you the bookmark,and also the link for it.
Could you copy those down somewhere and then post the bookmark titles and the links here,but change the http part of the link to hxxp,to make the links unclickable?
That will help to show whether it really is a bad bookmark or whether it might be a false positive.
-
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules