Results 1 to 2 of 2

Thread: Is Spybot detecting a new firewall rather than Fraud.InternetSecurity2011?

  1. #1
    Junior Member
    Join Date
    Jun 2011
    Posts
    2

    Default Is Spybot detecting a new firewall rather than Fraud.InternetSecurity2011?

    Immediately after installing PC Tools Free Firewall, I ran Spybot and it found several entries for Fraud.InternetSecurity2011. However, the entries aren't the same as the files and registry entries listed online for the virus. In addition, I checked for the virus files listed by http://www.wiki-security.com/wiki/Parasite/InternetSecurity2011, and none of them are on my computer.

    I'm guessing that Spybot falsely detected changes made by the PC Tools Firewall. I figure that I should exclude the detections from future scans (command available by right-clicking on the detection entries). Would you say that's correct?

    Or maybe 'exclude this product' from future scans (also in the right-click menu)?

    Thanks for your help.



    The files listed for InternetSecurity2001 by wiki-security.com are:
    Processes

    * c:\WINDOWS\system32\exefile.exe

    DLLs

    * c:\WINDOWS\system32\mswmqnei.dll
    * c:\windows\WinSxS\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\shsvcs.dll

    Other Files

    * c:\WINDOWS\system32\drivers\vbma22b4.sys
    * c:\WINDOWS\assembly\GAC\__AssemblyInfo__.ini
    * c:\Documents and Settings\All Users\Application Data\.wtav
    * c:\WINDOWS\WinSxS\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\

    Registry Keys

    * HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\userinit
    * HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vbma22b4
    * HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9CB00F85-D96F-1C82-F5A4-A31D57D6528D}
    * HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiSpywareOverride" = '1'







    The files and settings on my computer flagged by Spybot are:

    Fraud.InternetSecurity2011: [SBI $2A617167] Settings (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\=..."C:\Documents and Settings\Taeji\Local Settings\Application Data\idi.exe" -a...

    Fraud.InternetSecurity2011: [SBI $E9E3260B] User settings (Registry value, nothing done)
    HKEY_CLASSES_ROOT\.exe\shell\open\command\=..."C:\Documents and Settings\Taeji\Local Settings\Application Data\idi.exe" -a "%1" %*...

    Fraud.InternetSecurity2011: [SBI $E57DC831] User settings (Registry value, nothing done)
    HKEY_USERS\S-1-5-21-776561741-308236825-1801674531-1003\Software\Classes\.exe\shell\open\command\=..."C:\Documents and Settings\Taeji\Local Settings\Application Data\idi.exe" -a "%1" %*...

    Fraud.InternetSecurity2011: [SBI $9CCE589D] User settings (Registry change, nothing done)
    HKEY_USERS\S-1-5-21-776561741-308236825-1801674531-1003\Software\Classes\.exe\shell\open\command\

    Fraud.InternetSecurity2011: [SBI $159933E4] User settings (Registry change, nothing done)
    HKEY_CLASSES_ROOT\.exe\shell\open\command\

    Fraud.InternetSecurity2011: [SBI $5AEDDF0A] Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DisableNotifications

    Fraud.InternetSecurity2011: [SBI $758FB1E3] Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DoNotAllowExceptions

    Fraud.InternetSecurity2011: [SBI $CDC1B6A2] Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall

    Fraud.InternetSecurity2011: [SBI $76913945] Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications

    Fraud.InternetSecurity2011: [SBI $5814B995] Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DisableNotifications

    Fraud.InternetSecurity2011: [SBI $7776D77C] Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DoNotAllowExceptions

    Fraud.InternetSecurity2011: [SBI $D802F795] Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall

    Fraud.InternetSecurity2011: [SBI $24996904] Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications

    Fraud.InternetSecurity2011: [SBI $F16F6CE5] Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DisableNotifications

    Fraud.InternetSecurity2011: [SBI $DE0D020C] Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DoNotAllowExceptions

    Fraud.InternetSecurity2011: [SBI $6D4031BB] Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall

    Fraud.InternetSecurity2011: [SBI $FD1F9FD2] Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications

    Fraud.InternetSecurity2011: [SBI $378CD8D9] Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify

    Fraud.InternetSecurity2011: [SBI $BF76AFF0] Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify

    Fraud.InternetSecurity2011: [SBI $7D8AC3AB] Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify

    Fraud.InternetSecurity2011: [SBI $07CC9A4D] Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Start

    Fraud.InternetSecurity2011: [SBI $953CC77A] Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall

    Fraud.InternetSecurity2011: [SBI $61C84F7D] Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Start

    Fraud.InternetSecurity2011: [SBI $04E0038B] Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall

    Fraud.InternetSecurity2011: [SBI $F5EC9C27] Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start

    Fraud.InternetSecurity2011: [SBI $7DE0D860] Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall


    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2010-08-21 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2011-03-18 Includes\Adware.sbi (*)
    2011-06-28 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-12-14 Includes\Dialer.sbi (*)
    2011-03-08 Includes\DialerC.sbi (*)
    2011-02-24 Includes\HeavyDuty.sbi (*)
    2011-03-29 Includes\Hijackers.sbi (*)
    2011-05-16 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2010-12-14 Includes\Keyloggers.sbi (*)
    2011-03-08 Includes\KeyloggersC.sbi (*)
    2011-04-05 Includes\Malware.sbi (*)
    2011-06-28 Includes\MalwareC.sbi (*)
    2011-02-24 Includes\PUPS.sbi (*)
    2011-05-24 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2011-02-24 Includes\Security.sbi (*)
    2011-05-03 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2011-02-24 Includes\Spyware.sbi (*)
    2011-06-14 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti
    2011-06-20 Includes\Trojans.sbi (*)
    2011-06-28 Includes\TrojansC-02.sbi (*)
    2011-05-11 Includes\TrojansC-03.sbi (*)
    2011-06-20 Includes\TrojansC-04.sbi (*)
    2011-06-28 Includes\TrojansC-05.sbi (*)
    2011-06-27 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll
    Last edited by tashi; 2011-06-29 at 20:54.

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,707

    Default

    Hello Botter,

    There are suspicious entries, please see the FAQ which includes guidelines for this forum and also instructions in post #2 on how to provide preliminary "DDS" logs which are used for analysis. "BEFORE You POST"(Please read this Procedure Before Requesting Assistance)

    Then start a new topic providing the DDS logs as shown in that sticky with a link back to this thread and a volunteer analyst will advise you when available.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •