Win32.Small.ddx

[Old_Crow]

There are definitely false positives around - in my case the detection was triggered by very old IE shortcut. I checked it out to confirm that that's really what it was, and the detection seemed to have triggered on:

[InternetShortcut]
URL=http://www.sysenhance.com/html/d_l_links.html

I've also duly forwarded the diagnostics to the address given by Yodama, before deleting the offending shortcut.

Old_Crow

[mrmalibu]

Now i am having trouble getting rid of this win32.small.ddx ..........my earlier way did not work.........it keeps comming back HELP HELP PLEASE.......mrmalibu

[tashi]

Hello mrmalibu.

This is the procedure for posting in the Malware Removal Forum

1) "BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D


Thanks

[doug1026]

I am running WIN 98SE. I downloaded the latest updates from Spybot and found Win32.Small.ddx. I selected 'Fix the Problem', it did. I clicked 'Recovery' and no files were shown. I ran Spybot again, as many had said they did, and no more Win32.Small.ddx. Remember, if you ME or later (XP), you have to disable Restore or disk monitoring BEFORE running Spybot or you will likely never get rid of the problem...much like many viruses.

Good Luck.

[Volodya]

i was getting this tracking cookie repeatedly. I kept scanning but it kept appearing. I just finished a scan and it did not appear. What I did was manually blocked the cookie websites

emjcd.com
c.cenhance.com
apmebf.com

i'll keep doing the spybot scans for a while though..

[pogue]

I received a response from my email of the log I sent to detections.

Win32.Small.ddx is a tracking cookie.

We are sorry, but the Immunization does not work for Firefox, it is only for the Internet Explorer. ActiveX isn´t supported by Firefox, so there is no need for protection there.
Maybe in one of the coming versions there will be a bad download blocker for Firefox, but not at the moment.

Once in a while Spybot has trouble removing those.
Here is a thread in our forum that deals with the same problem:
http://forums.spybot.info/showthread.php?t=3008

If you don't have any other cookies you want to save in Firefox,you could click the Remove All Cookies button. This would be easiest, but don't do it if you have any cookies you want to keep.

If you do have other cookies in Firefox you want to keep, could remove the cookies manually from within Firefox. To do so go to Tools->Options->click the Cookies tab, then click the View Cookies button.
Looking off the Spybot report, scroll through the list to find the tracking cookie(s), then click on the tracking cookie with your mouse, and then click on the remove cookie(s) button.

Or you could try doing another scan with Spybot and see if it removes the tracking cookies this time (though it might not work, but you could try and see).

There's an article here, showing how to block third party cookies.
http://www.spybot.info/en/faq/37.html

It is also recommendable to use SpywareBlaster also, which has an option to Prevent ad/tracking cookies in firefox.
http://www.javacoolsoftware.com/spywareblaster.html

Best regards
Sandra
Team Spybot

That seems to be contradictory to the information I've seen about this particular bit of malware though. But, if it's only a tracking cookie I am not that concerned about it, as cookies are really non-intrusive.

If you continue to receive this result each time you scan with Spybot, don't be concerned. All it means is that you are visiting a website that uses Commission Junction as an affiliate (which many sites do) and it has stored itself as a cookie in your browser. I disagree with the assessment of the Spybot team of this cookie being particularly malicious.

[belgofac]

The same problem here. This trojan infected 3 of my pc's connected via a router. Cannot get rid of it with Spybot. Tried with system restore disabled. Nope.

Doug: you better scan again because it regenerates itself after a defined period of time.

[belgofac]

Trojan or not?

I cannot work it out anymore. I scanned with several other anti-spyware scanners like Ad-Aware, Spyware Doctor, AVG Anti Spyware etc... and they cannot discover this win32.small.ddx trojan. Spybot keeps on bringing it up do but cannot remove it?

[Dakota]

I got rid of all of those by deleting all my cookies in FireFox.