Results 1 to 4 of 4

Thread: Malware could not be removed

  1. #1
    Junior Member
    Join Date
    Jan 2020
    Posts
    7

    Question Malware could not be removed

    Because of suspicious behavior on my computer, I suspected malware and ran Spybot. It reported 14 problems. When I clicked "remove malware" (see attached screenshot), it failed and I kept getting the message "Spybot – Search & Destroy could not clean these entries in <#> attempts", where #eventually got up to 5.

    When I reread Spybot, it was able to successfully remove all malware.

    However, I don't exactly have the warm fuzzies about the earlier failures to remove the malware.

    Anyone have any ideas of what went wrong? Do you think my problem is actually fixed?

    Note: for the life of me, I can't figure out how I could've gotten malware. I am incredibly careful: testing every link (on 3 security websites) and every download file (with Spybot, Malwarebytes, Super Anti-Spyware and Microsoft Defender), even from trusted resources. I also have several security add-ons to Firefox (Noscript, Ublock Origin, Adblock Plus, etc.) Go figure
    Attached Images Attached Images

  2. #2
    Spybot Advisor Team Zenobia's Avatar
    Join Date
    Oct 2005
    Posts
    5,478

    Default

    I can't see all of them, but of the 14 items you said were found I can see eleven of them. Those eleven items just appear to be tracks type items:
    https://www.safer-networking.org/faq/usage-tracks/

    If you're uncertain if the other items may not be usage tracks, then you can post a logfile. To do so, you'd open Spybot-S&D Start Center, if it's in overview mode then click Show Details on the lower left corner. click System scan, over to the left click Show previous logs,open the Checks logfile with the date of when you did your scan(example:Checks.121221-1908),go to Edit,select all,then rightclick and copy,then paste the logfile here.

    Or, due to feeling there is suspicious behaviour on your computer and if you feel it may be due to malware, you could ask for help in the malware removal forum. If you want to do that you'd read and follow the before you post sticky:
    https://forums.spybot.info/showthrea...tance)-Updated

    Then post in the malware removal forum:
    https://forums.spybot.info/forumdisp...alware-Removal

  3. #3
    Junior Member
    Join Date
    Jan 2020
    Posts
    7

    Default Check file

    Zenobia ,

    Thank you so very much for all this info!

    Because I am very obsessed about cybersecurity, I have gladly accepted your kind offer to paste the results from the check file at the end of this post.

    I am very uncertain about whether I really had malware. The program acting suspiciously – Dragon NaturallySpeaking – is the buggiest, most frustrating piece of software I have ever used. When ever I report problems to a user forum for Dragon, I'm often told I must have malware, even in cases where I can prove that it could not be malware.

    In any case, whenever there is suspicious behavior, it is reasonable to check for malware, so I did.

    Here is the check file Search results from Spybot - Search & Destroy

    2/12/2021 10:31:02 PM
    Scan took 00:32:13.
    13 items found.

    Log: [SBI $ASBRHIST] Install: setupact.log (File, nothing done)
    C:\Windows\setupact.log
    Category=Tracks
    ThreatLevel=2
    Weblink=http://forums.spybot.info/forumdisplay.php?54
    Properties.size=5660
    Properties.md5=9D40B241432C8B984F46AEF83EF45078
    Properties.filedate=1613061120
    Properties.filedatetext=2021-02-11 16:31:59

    7-Zip: [SBI $12C3A52C] Folder history (Registry Value, nothing done)
    HKEY_USERS\S-1-5-21-2319851285-2741104366-3891530980-1001\Software\7-ZIP\FM\FolderHistory
    Category=Tracks
    ThreatLevel=2
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    7-Zip: [SBI $3D5692BD] Last used folder (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-2319851285-2741104366-3891530980-1001\Software\7-ZIP\FM\PanelPath0
    Category=Tracks
    ThreatLevel=2
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-2319851285-2741104366-3891530980-1001\Software\Microsoft\Microsoft Management Console\Recent File List
    Category=Tracks
    ThreatLevel=2
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-2319851285-2741104366-3891530980-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
    Category=Tracks
    ThreatLevel=2
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-2319851285-2741104366-3891530980-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
    Category=Tracks
    ThreatLevel=2
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    Cookie: [SBI $BCOOKIES] Browser: Cookie (5) (Browser: Cookie, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    Cache: [SBI $BCACHE00] Browser: Cache (45) (Browser: Cache, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    History: [SBI $BHISTORY] Browser: History (168) (Browser: History, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    Cookie: [SBI $BCOOKIES] Browser: Cookie (468) (Browser: Cookie, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    Cookie: [SBI $BCOOKIES] Browser: Cookie (50) (Browser: Cookie, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    Cache: [SBI $BCACHE00] Browser: Cache (3532) (Browser: Cache, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54

    History: [SBI $BHISTORY] Browser: History (10) (Browser: History, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54


    --- Spybot - Search & Destroy version: 2.8.68.132 DLL (build: 20200426) ---

    2019-03-19 blindman.exe (2.8.67.152)
    2018-01-05 enableKB4056892.exe (2.7.64.0)
    2020-04-26 explorer.exe (2.8.68.193)
    2019-03-19 SDBootCD.exe (2.8.67.109)
    2019-03-19 SDCleaner.exe (2.8.67.110)
    2019-03-19 SDDelFile.exe (2.8.67.94)
    2020-04-26 SDFiles.exe (2.8.68.138)
    2020-04-26 SDFileScanHelper.exe (2.8.68.8)
    2020-04-26 SDFSSvc.exe (2.8.68.220)
    2019-03-19 SDHelp.exe (2.8.67.1)
    2020-12-22 SDHookHelper.exe (2.7.64.2)
    2020-12-22 SDHookInst32.exe (2.7.64.2)
    2020-12-22 SDHookInst64.exe (2.7.64.2)
    2019-09-04 SDImmunize.exe (2.8.67.133)
    2020-03-24 SDLicense.exe (2.8.67.3)
    2019-03-19 SDLogReport.exe (2.8.67.107)
    2017-11-28 SDOnAccess.exe (2.6.46.11)
    2019-03-19 SDPESetup.exe (2.8.67.3)
    2019-03-19 SDPEStart.exe (2.8.67.86)
    2019-03-19 SDPhoneScan.exe (2.8.67.29)
    2019-03-19 SDPRE.exe (2.8.67.22)
    2019-03-19 SDPrepPos.exe (2.8.67.15)
    2019-03-19 SDQuarantine.exe (2.8.67.103)
    2019-03-19 SDRootAlyzer.exe (2.8.67.116)
    2019-03-19 SDSBIEdit.exe (2.8.67.39)
    2020-04-26 SDScan.exe (2.8.68.193)
    2019-03-19 SDScript.exe (2.8.67.54)
    2020-03-04 SDSettings.exe (2.8.67.140)
    2019-03-19 SDShell.exe (2.8.67.2)
    2019-03-19 SDShred.exe (2.8.67.108)
    2020-04-26 SDSpybotLab.exe (2.8.68.0)
    2019-03-19 SDSysRepair.exe (2.8.67.102)
    2019-03-19 SDTools.exe (2.8.67.157)
    2019-03-19 SDTray.exe (2.8.67.129)
    2020-04-26 SDUpdate.exe (2.8.68.100)
    2020-04-26 SDUpdSvc.exe (2.8.68.83)
    2018-08-08 SDUpgrade.exe (2.7.65.0)
    2020-04-26 SDWelcome.exe (2.8.67.138)
    2019-09-04 SDWSCSvc.exe (2.8.66.0)
    2018-09-03 Spybot3.LicenseInstaller.exe
    2019-07-31 Spybot3ELAMSetupConsole.exe (3.4.0.0)
    2020-12-22 SpybotLPTests.v2.exe (2.8.68.0)
    2020-01-15 spybotsd2-install-bdcore-update-2020a.exe (2.8.67.0)
    2020-12-16 unins000.exe (51.1052.0.0)
    2017-11-28 xcacls.exe
    2017-11-28 borlndmm.dll (10.0.2288.42451)
    2018-01-29 DelZip190.dll (1.9.0.119)
    2018-01-29 DelZip192.dll (1.9.2.136)
    2018-01-29 libeay32.dll (1.0.2.14)
    2017-11-28 libssl32.dll (1.0.0.4)
    2019-03-19 NotificationSpreader.dll (2.8.67.4)
    2019-03-19 SDAdvancedCheckLibrary.dll (2.8.67.98)
    2020-04-26 SDAV.dll (2.4.40.7)
    2019-03-19 SDECon32.dll (2.8.67.114)
    2019-04-15 SDECon64.dll (2.8.67.113)
    2019-03-19 SDEvents.dll (2.8.67.2)
    2020-04-26 SDFileScanLibrary.dll (2.8.68.25)
    2020-12-22 SDHook32.dll (2.7.64.2)
    2020-12-22 SDHook64.dll (2.7.64.2)
    2019-09-04 SDImmunizeLibrary.dll (2.8.67.5)
    2019-03-19 SDLicense.dll (2.8.67.3)
    2019-03-19 SDLists.dll (2.8.67.8)
    2020-03-24 SDResources.dll (2.8.67.10)
    2020-04-26 SDScanLibrary.dll (2.8.68.132)
    2019-03-19 SDTasks.dll (2.8.67.15)
    2019-03-19 SDWinLogon.dll (2.8.67.0)
    2018-01-29 sqlite3.dll (3.22.0.0)
    2018-01-29 ssleay32.dll (1.0.2.14)
    2019-03-19 Tools.dll (2.8.67.36)
    2019-07-03 Includes\Adware-000.sbi (*)
    2018-09-24 Includes\Adware-001.sbi (*)
    2018-09-24 Includes\Adware-002.sbi (*)
    2018-09-24 Includes\Adware-003.sbi (*)
    2021-02-10 Includes\Adware-C.sbi (*)
    2014-01-13 Includes\Adware.sbi (*)
    2014-01-13 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2014-11-14 Includes\Dialer-000.sbi (*)
    2014-11-14 Includes\Dialer-001.sbi (*)
    2018-06-20 Includes\Dialer-C.sbi (*)
    2014-01-13 Includes\Dialer.sbi (*)
    2014-01-13 Includes\DialerC.sbi (*)
    2014-01-09 Includes\Fraud-000.sbi (*)
    2017-01-30 Includes\Fraud-001.sbi (*)
    2014-03-31 Includes\Fraud-002.sbi (*)
    2016-07-06 Includes\Fraud-003.sbi (*)
    2013-04-10 Includes\HeavyDuty.sbi (*)
    2014-11-14 Includes\Hijackers-000.sbi (*)
    2014-11-14 Includes\Hijackers-001.sbi (*)
    2018-04-04 Includes\Hijackers-C.sbi (*)
    2014-01-13 Includes\Hijackers.sbi (*)
    2014-01-13 Includes\HijackersC.sbi (*)
    2014-01-08 Includes\iPhone-000.sbi (*)
    2014-01-08 Includes\iPhone.sbi (*)
    2016-05-27 Includes\Keyloggers-000.sbi (*)
    2020-04-01 Includes\Keyloggers-C.sbi (*)
    2014-01-13 Includes\Keyloggers.sbi (*)
    2014-01-13 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2019-08-30 Includes\Malware-000.sbi (*)
    2019-05-08 Includes\Malware-001.sbi (*)
    2018-04-12 Includes\Malware-002.sbi (*)
    2019-11-20 Includes\Malware-003.sbi (*)
    2018-04-13 Includes\Malware-004.sbi (*)
    2018-08-16 Includes\Malware-005.sbi (*)
    2018-09-04 Includes\Malware-006.sbi (*)
    2018-12-10 Includes\Malware-007.sbi (*)
    2021-02-03 Includes\Malware-C.sbi (*)
    2014-01-13 Includes\Malware.sbi (*)
    2014-01-13 Includes\MalwareC.sbi (*)
    2018-05-02 Includes\PUPS-000.sbi (*)
    2020-12-07 Includes\PUPS-001.sbi (*)
    2018-05-02 Includes\PUPS-002.sbi (*)
    2018-05-02 Includes\PUPS-003.sbi (*)
    2018-05-02 Includes\PUPS-004.sbi (*)
    2021-02-10 Includes\PUPS-C.sbi (*)
    2014-01-13 Includes\PUPS.sbi (*)
    2014-01-13 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2014-01-08 Includes\Security-000.sbi (*)
    2018-08-01 Includes\Security-C.sbi (*)
    2014-01-21 Includes\Security.sbi (*)
    2014-01-21 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2015-11-11 Includes\Spyware-000.sbi (*)
    2015-05-06 Includes\Spyware-001.sbi (*)
    2020-07-29 Includes\Spyware-C.sbi (*)
    2014-01-21 Includes\Spyware.sbi (*)
    2014-01-21 Includes\SpywareC.sbi (*)
    2011-06-07 Includes\Tracks.sbi (*)
    2012-11-19 Includes\Tracks.uti (*)
    2018-07-13 Includes\Trojans-000.sbi (*)
    2018-07-03 Includes\Trojans-001.sbi (*)
    2018-04-13 Includes\Trojans-002.sbi (*)
    2018-09-21 Includes\Trojans-003.sbi (*)
    2018-11-28 Includes\Trojans-004.sbi (*)
    2018-11-19 Includes\Trojans-005.sbi (*)
    2018-08-16 Includes\Trojans-006.sbi (*)
    2018-11-06 Includes\Trojans-007.sbi (*)
    2018-09-21 Includes\Trojans-008.sbi (*)
    2018-11-28 Includes\Trojans-009.sbi (*)
    2018-06-21 Includes\Trojans-010.sbi (*)
    2021-02-10 Includes\Trojans-C.sbi (*)
    2016-02-02 Includes\Trojans-OG-000.sbi (*)
    2018-11-21 Includes\Trojans-TD-000.sbi (*)
    2014-01-15 Includes\Trojans-VM-000.sbi (*)
    2014-01-15 Includes\Trojans-VM-001.sbi (*)
    2014-01-15 Includes\Trojans-VM-002.sbi (*)
    2014-01-15 Includes\Trojans-VM-003.sbi (*)
    2014-01-15 Includes\Trojans-VM-004.sbi (*)
    2014-01-15 Includes\Trojans-VM-005.sbi (*)
    2014-01-15 Includes\Trojans-VM-006.sbi (*)
    2014-01-15 Includes\Trojans-VM-007.sbi (*)
    2014-01-15 Includes\Trojans-VM-008.sbi (*)
    2018-11-20 Includes\Trojans-VM-009.sbi (*)
    2014-01-15 Includes\Trojans-VM-010.sbi (*)
    2014-01-15 Includes\Trojans-VM-011.sbi (*)
    2014-01-15 Includes\Trojans-VM-012.sbi (*)
    2014-01-15 Includes\Trojans-VM-013.sbi (*)
    2014-01-15 Includes\Trojans-VM-014.sbi (*)
    2014-01-15 Includes\Trojans-VM-015.sbi (*)
    2014-01-15 Includes\Trojans-VM-016.sbi (*)
    2014-01-15 Includes\Trojans-VM-017.sbi (*)
    2014-01-15 Includes\Trojans-VM-018.sbi (*)
    2014-01-15 Includes\Trojans-VM-019.sbi (*)
    2014-01-15 Includes\Trojans-VM-020.sbi (*)
    2014-01-15 Includes\Trojans-VM-021.sbi (*)
    2014-01-15 Includes\Trojans-VM-022.sbi (*)
    2014-01-15 Includes\Trojans-VM-023.sbi (*)
    2014-01-15 Includes\Trojans-VM-024.sbi (*)
    2015-11-09 Includes\Trojans-ZB-000.sbi (*)
    2018-04-06 Includes\Trojans-ZL-000.sbi (*)
    2014-01-09 Includes\Trojans.sbi (*)
    2014-01-16 Includes\TrojansC-01.sbi (*)
    2014-01-16 Includes\TrojansC-02.sbi (*)
    2014-01-16 Includes\TrojansC-03.sbi (*)
    2014-01-16 Includes\TrojansC-04.sbi (*)
    2014-01-16 Includes\TrojansC-05.sbi (*)
    2014-01-09 Includes\TrojansC.sbi (*)

  4. #4
    Spybot Advisor Team Zenobia's Avatar
    Join Date
    Oct 2005
    Posts
    5,478

    Default

    You're welcome.
    All items in your logfile are either in the Tracks category, or the Browser category. And they are in the threat category 1 o 2, which means they are classed as low threat items. For example:
    Log: [SBI $ASBRHIST] Install: setupact.log (File, nothing done)
    C:\Windows\setupact.log
    Category=Tracks
    ThreatLevel=2
    And this is a browser category example from your logfile:
    History: [SBI $BHISTORY] Browser: History (10) (Browser: History, nothing done)

    Category=Browser
    ThreatLevel=1
    Weblink=http://forums.spybot.info/forumdisplay.php?54
    After each system scan Spybot does, if you click Show Details in the lower right, then click on any of the items found, in the pane to the left under Details, it will show the product found, the category Spybot categorizes it as, and then the threat number, 1 and 2 would be low. 10 would be the highest threat level as I recall. And then below that it shows Estimated Danger. Tracks would show as Marginal.

    All things in your logfile would be listed as Marginal, so that certainly looks to be good news. That being said, while most times antimalware products detect when something is up with malware, if there is suspicious activity on your computer or things just don't seem right, etc., then don't hesitate to go to the malware removal forum I linked to above.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •