Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: Infected by HKU\S-1-5-21

  1. #11
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    The following objects were not removed for your own safety. Removing these items bears an unusually high risk of crashing your operating system during automatic cleaning, as these threats are embedded deeply."
    Failed to delete:
    What this means, the application/s associated with what was found would no longer continue to work as expected if those files/folders were removed.

    Since you need these and I think they are related to online shopping?, then I would leave them alone.

    I think it's time to remove tools and quarantine folders.

    DelFix

    • Please download DelFix or from Here and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Click the Run button.
    • -- This will remove the specialized tools we used to disinfect your system.
      Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete
      ).

    ************************************
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  2. #12
    Junior Member
    Join Date
    Sep 2017
    Posts
    10

    Default

    Hi, I have done what you instructed.

    After that, I ran spybot again and the scan log is as follows:

    Search results from Spybot - Search & Destroy

    22/9/2017 11:27:24
    Scan took 00:26:01.
    27 items found.

    MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: user (default)) (Browser: Cookie, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: user (default)) (Browser: Cookie, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: user (default)) (Browser: Cookie, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: user (default)) (Browser: Cookie, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: user (default)) (Browser: Cookie, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: user (default)) (Browser: Cookie, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: user (default)) (Browser: Cookie, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: user (default)) (Browser: Cookie, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: user (default)) (Browser: Cookie, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: user (default)) (Browser: Cookie, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: user (default)) (Browser: Cookie, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: user (default)) (Browser: Cookie, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: user (default)) (Browser: Cookie, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    FastClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: user (default)) (Browser: Cookie, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    FastClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: user (default)) (Browser: Cookie, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: user (default)) (Browser: Cookie, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: user (default)) (Browser: Cookie, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: user (default)) (Browser: Cookie, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: user (default)) (Browser: Cookie, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: user (default)) (Browser: Cookie, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: user (default)) (Browser: Cookie, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: user (default)) (Browser: Cookie, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-3992126083-2723911071-3783806095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
    Category=Tracks
    ThreatLevel=2
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    Cache: [SBI $49804B54] Browser: Cache (69) (Browser: Cache, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    History: [SBI $49804B54] Browser: History (58) (Browser: History, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    Cookie: [SBI $49804B54] Browser: Cookie (1343) (Browser: Cookie, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54


    --- Spybot - Search & Destroy version: 2.6.44.134 DLL (build: 20160321) ---

    2014-06-24 blindman.exe (2.4.40.151)
    2014-06-24 explorer.exe (2.4.40.181)
    2014-06-24 SDBootCD.exe (2.4.40.109)
    2016-03-21 SDCleaner.exe (2.6.44.110)
    2014-06-24 SDDelFile.exe (2.4.40.94)
    2013-06-18 SDDisableProxy.exe
    2014-06-24 SDFiles.exe (2.4.40.135)
    2014-06-24 SDFileScanHelper.exe (2.4.40.1)
    2014-06-24 SDFSSvc.exe (2.4.40.217)
    2014-06-24 SDHelp.exe (2.4.40.1)
    2014-04-25 SDHookHelper.exe (2.3.39.2)
    2014-04-25 SDHookInst32.exe (2.3.39.2)
    2014-04-25 SDHookInst64.exe (2.3.39.2)
    2016-03-21 SDImmunize.exe (2.6.44.130)
    2014-06-24 SDLogReport.exe (2.4.40.107)
    2014-06-24 SDOnAccess.exe (2.4.40.11)
    2014-06-24 SDPESetup.exe (2.4.40.3)
    2014-06-24 SDPEStart.exe (2.4.40.86)
    2014-06-24 SDPhoneScan.exe (2.4.40.28)
    2014-06-24 SDPRE.exe (2.4.40.22)
    2014-06-24 SDPrepPos.exe (2.4.40.15)
    2014-06-24 SDQuarantine.exe (2.4.40.103)
    2014-06-24 SDRootAlyzer.exe (2.4.40.116)
    2014-06-24 SDSBIEdit.exe (2.4.40.39)
    2016-03-21 SDScan.exe (2.6.44.181)
    2014-06-24 SDScript.exe (2.4.40.54)
    2016-03-21 SDSettings.exe (2.6.44.141)
    2014-06-24 SDShell.exe (2.4.40.2)
    2014-06-24 SDShred.exe (2.4.40.108)
    2014-06-24 SDSysRepair.exe (2.4.40.102)
    2014-06-24 SDTools.exe (2.4.40.157)
    2014-06-24 SDTray.exe (2.4.40.129)
    2014-06-27 SDUpdate.exe (2.4.40.94)
    2016-09-21 SDUpdSvc.exe (2.5.44.79)
    2014-06-24 SDWelcome.exe (2.4.40.130)
    2016-11-24 SDWSCSvc.exe (2.5.55.3)
    2017-02-15 spybotsd2-install-bdupd-2017a.exe (2.6.52.0)
    2016-05-02 spybotsd2-install-iefreezefix.exe (2.4.40.0)
    2016-11-30 spybotsd2-install-wsc-update-a.exe (2.6.52.0)
    2014-07-31 spybotsd2-translation-esx.exe
    2013-06-19 spybotsd2-translation-frx.exe
    2015-03-25 spybotsd2-translation-hrx.exe
    2014-08-25 spybotsd2-translation-hux2.exe
    2014-10-01 spybotsd2-translation-nlx2.exe
    2014-11-05 spybotsd2-translation-ukx.exe
    2016-09-21 spybotsd2-updater-update.exe (2.6.52.0)
    2015-07-28 spybotsd2-windows-upgrade-installer.exe (1.4.0.0)
    2017-05-23 unins000.exe (51.1052.0.0)
    1999-12-02 xcacls.exe
    2012-08-23 borlndmm.dll (10.0.2288.42451)
    2012-09-05 DelZip190.dll (1.9.0.107)
    2016-03-21 DelZip192.dll (1.9.2.132)
    2012-09-10 libeay32.dll (1.0.0.4)
    2012-09-10 libssl32.dll (1.0.0.4)
    2014-04-25 NotificationSpreader.dll
    2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)
    2014-04-25 SDAV.dll
    2014-06-24 SDECon32.dll (2.4.40.114)
    2014-06-24 SDECon64.dll (2.3.39.113)
    2014-06-24 SDEvents.dll (2.4.40.2)
    2014-06-24 SDFileScanLibrary.dll (2.4.40.14)
    2014-04-25 SDHook32.dll (2.3.39.2)
    2014-04-25 SDHook64.dll (2.3.39.2)
    2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
    2014-06-24 SDLicense.dll (2.4.40.0)
    2014-06-24 SDLists.dll (2.4.40.4)
    2014-06-24 SDResources.dll (2.4.40.7)
    2016-03-21 SDScanLibrary.dll (2.6.44.134)
    2014-06-24 SDTasks.dll (2.4.40.15)
    2014-06-24 SDWinLogon.dll (2.4.40.0)
    2012-08-23 sqlite3.dll
    2012-09-10 ssleay32.dll (1.0.0.4)
    2014-06-24 Tools.dll (2.4.40.36)
    2017-04-18 Includes\Adware-000.sbi (*)
    2015-08-05 Includes\Adware-001.sbi (*)
    2017-05-16 Includes\Adware-C.sbi (*)
    2014-01-13 Includes\Adware.sbi (*)
    2014-01-13 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2014-11-14 Includes\Dialer-000.sbi (*)
    2014-11-14 Includes\Dialer-001.sbi (*)
    2016-11-16 Includes\Dialer-C.sbi (*)
    2014-01-13 Includes\Dialer.sbi (*)
    2014-01-13 Includes\DialerC.sbi (*)
    2014-01-09 Includes\Fraud-000.sbi (*)
    2017-01-30 Includes\Fraud-001.sbi (*)
    2014-03-31 Includes\Fraud-002.sbi (*)
    2016-07-06 Includes\Fraud-003.sbi (*)
    2013-04-11 Includes\HeavyDuty.sbi (*)
    2014-11-14 Includes\Hijackers-000.sbi (*)
    2014-11-14 Includes\Hijackers-001.sbi (*)
    2016-11-09 Includes\Hijackers-C.sbi (*)
    2014-01-13 Includes\Hijackers.sbi (*)
    2014-01-13 Includes\HijackersC.sbi (*)
    2014-01-08 Includes\iPhone-000.sbi (*)
    2014-01-08 Includes\iPhone.sbi (*)
    2016-05-27 Includes\Keyloggers-000.sbi (*)
    2017-05-03 Includes\Keyloggers-C.sbi (*)
    2014-01-13 Includes\Keyloggers.sbi (*)
    2014-01-13 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2015-06-25 Includes\Malware-000.sbi (*)
    2016-06-22 Includes\Malware-001.sbi (*)
    2016-06-15 Includes\Malware-002.sbi (*)
    2016-11-07 Includes\Malware-003.sbi (*)
    2016-06-15 Includes\Malware-004.sbi (*)
    2016-06-22 Includes\Malware-005.sbi (*)
    2016-01-18 Includes\Malware-006.sbi (*)
    2015-10-29 Includes\Malware-007.sbi (*)
    2017-05-10 Includes\Malware-C.sbi (*)
    2014-01-13 Includes\Malware.sbi (*)
    2014-01-13 Includes\MalwareC.sbi (*)
    2014-11-14 Includes\PUPS-000.sbi (*)
    2014-01-15 Includes\PUPS-001.sbi (*)
    2017-05-03 Includes\PUPS-002.sbi (*)
    2017-05-16 Includes\PUPS-C.sbi (*)
    2014-01-13 Includes\PUPS.sbi (*)
    2014-01-13 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2014-01-08 Includes\Security-000.sbi (*)
    2017-05-16 Includes\Security-C.sbi (*)
    2014-01-21 Includes\Security.sbi (*)
    2014-01-21 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2015-11-11 Includes\Spyware-000.sbi (*)
    2015-05-06 Includes\Spyware-001.sbi (*)
    2016-08-10 Includes\Spyware-C.sbi (*)
    2014-01-21 Includes\Spyware.sbi (*)
    2014-01-21 Includes\SpywareC.sbi (*)
    2011-06-07 Includes\Tracks.sbi (*)
    2012-11-19 Includes\Tracks.uti (*)
    2015-11-17 Includes\Trojans-000.sbi (*)
    2015-11-19 Includes\Trojans-001.sbi (*)
    2015-11-25 Includes\Trojans-002.sbi (*)
    2016-01-20 Includes\Trojans-003.sbi (*)
    2016-01-22 Includes\Trojans-004.sbi (*)
    2015-11-25 Includes\Trojans-005.sbi (*)
    2015-11-30 Includes\Trojans-006.sbi (*)
    2016-01-27 Includes\Trojans-007.sbi (*)
    2015-11-16 Includes\Trojans-008.sbi (*)
    2015-04-21 Includes\Trojans-009.sbi (*)
    2017-05-16 Includes\Trojans-C.sbi (*)
    2016-02-02 Includes\Trojans-OG-000.sbi (*)
    2014-01-15 Includes\Trojans-TD-000.sbi (*)
    2014-01-15 Includes\Trojans-VM-000.sbi (*)
    2014-01-15 Includes\Trojans-VM-001.sbi (*)
    2014-01-15 Includes\Trojans-VM-002.sbi (*)
    2014-01-15 Includes\Trojans-VM-003.sbi (*)
    2014-01-15 Includes\Trojans-VM-004.sbi (*)
    2014-01-15 Includes\Trojans-VM-005.sbi (*)
    2014-01-15 Includes\Trojans-VM-006.sbi (*)
    2014-01-15 Includes\Trojans-VM-007.sbi (*)
    2014-01-15 Includes\Trojans-VM-008.sbi (*)
    2014-01-15 Includes\Trojans-VM-009.sbi (*)
    2014-01-15 Includes\Trojans-VM-010.sbi (*)
    2014-01-15 Includes\Trojans-VM-011.sbi (*)
    2014-01-15 Includes\Trojans-VM-012.sbi (*)
    2014-01-15 Includes\Trojans-VM-013.sbi (*)
    2014-01-15 Includes\Trojans-VM-014.sbi (*)
    2014-01-15 Includes\Trojans-VM-015.sbi (*)
    2014-01-15 Includes\Trojans-VM-016.sbi (*)
    2014-01-15 Includes\Trojans-VM-017.sbi (*)
    2014-01-15 Includes\Trojans-VM-018.sbi (*)
    2014-01-15 Includes\Trojans-VM-019.sbi (*)
    2014-01-15 Includes\Trojans-VM-020.sbi (*)
    2014-01-15 Includes\Trojans-VM-021.sbi (*)
    2014-01-15 Includes\Trojans-VM-022.sbi (*)
    2014-01-15 Includes\Trojans-VM-023.sbi (*)
    2014-01-15 Includes\Trojans-VM-024.sbi (*)
    2015-11-09 Includes\Trojans-ZB-000.sbi (*)
    2016-02-03 Includes\Trojans-ZL-000.sbi (*)
    2014-01-09 Includes\Trojans.sbi (*)
    2014-01-16 Includes\TrojansC-01.sbi (*)
    2014-01-16 Includes\TrojansC-02.sbi (*)
    2014-01-16 Includes\TrojansC-03.sbi (*)
    2014-01-16 Includes\TrojansC-04.sbi (*)
    2014-01-16 Includes\TrojansC-05.sbi (*)
    2014-01-09 Includes\TrojansC.sbi (*)

    Is the scan result OK? Should I select to fix these objects detected?

  3. #13
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Is the scan result OK? Should I select to fix these objects detected?
    You can or you can do it manually.

    What it showed was just Tracking cookies and Browser: History, nothing malicious.

    Delete cookies to remove the information websites have stored on your computer
    https://support.mozilla.org/en-US/kb...ebsites-stored

    How to clear the Firefox cache
    https://support.mozilla.org/en-US/kb...-firefox-cache
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  4. #14
    Junior Member
    Join Date
    Sep 2017
    Posts
    10

    Default

    Thank you for your reply. So does it mean that HKU\S-1-5-21 has been cleared already?

  5. #15
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    What tool or application found the infection originally?

    There are very many items on your computer that have the beginning
    HKU\S-1-5-21 and they are legitimate.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #16
    Junior Member
    Join Date
    Sep 2017
    Posts
    10

    Default

    Quote Originally Posted by Juliet View Post
    What tool or application found the infection originally?

    There are very many items on your computer that have the beginning
    HKU\S-1-5-21 and they are legitimate.
    Hi, it was originally detected by Spybot.

  7. #17
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    I think your good to go.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #18
    Junior Member
    Join Date
    Sep 2017
    Posts
    10

    Default

    OK, thank you very much!

  9. #19
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Glad we could help.
    Since this issue appears resolved ... this Topic is closed.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •