Results 1 to 8 of 8

Thread: Mirar and Antivirus Override

  1. #1
    Junior Member
    Join Date
    Jul 2007
    Posts
    17

    Unhappy Mirar and Antivirus Override

    Immunized and got latest updates.

    Checked for problems with Spybot S&D in default mode.

    2 problems found: Mirar
    Antivirus Override

    Clicked fix selected problems.

    Spybot S&D could not fix problems because they were running.

    Restarted computer.

    Ran Spybot S&D on startup.

    Same problems found.

  2. #2
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    Please post a log of the actual detections you are getting. To do that:
    • Run another scan.
    • When the scan completes, right click on the results list, select "Copy results to clipboard".
    • Then paste (Ctrl+V) those results to a new post in this thread.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  3. #3
    Junior Member
    Join Date
    Jul 2007
    Posts
    17

    Default

    Looks like there's more crap now!

    Mirar: Settings (Registry change, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\www\*!=W=4

    Statcounter: Tracking cookie (Internet Explorer: Anthony) (Cookie, nothing done)


    DoubleClick: Tracking cookie (Internet Explorer: Anthony) (Cookie, nothing done)


    Advertising.com: Tracking cookie (Internet Explorer: Anthony) (Cookie, nothing done)



    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2007-06-20 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2007-05-23 advcheck.dll (1.5.3.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2007-01-02 Tools.dll (2.0.1.0)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2007-07-11 Includes\Cookies.sbi (*)
    2007-05-30 Includes\Dialer.sbi (*)
    2007-07-11 Includes\DialerC.sbi (*)
    2007-07-11 Includes\Hijackers.sbi (*)
    2007-07-11 Includes\HijackersC.sbi (*)
    2007-07-11 Includes\Keyloggers.sbi (*)
    2007-07-11 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2007-07-11 Includes\Malware.sbi (*)
    2007-07-11 Includes\MalwareC.sbi (*)
    2007-07-11 Includes\PUPS.sbi (*)
    2007-07-11 Includes\PUPSC.sbi (*)
    2007-07-11 Includes\Revision.sbi (*)
    2007-05-30 Includes\Security.sbi (*)
    2007-07-11 Includes\SecurityC.sbi (*)
    2007-07-11 Includes\Spybots.sbi (*)
    2007-07-11 Includes\SpybotsC.sbi (*)
    2005-02-17 Includes\Tracks.uti
    2007-07-03 Includes\Trojans.sbi (*)
    2007-07-11 Includes\TrojansC.sbi (*)
    2007-06-06 Plugins\TCPIPAddress.dll

  4. #4
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    techpeasant:

    re: Mirar detection

    The detection indicates that there is a registry entry in HKLM putting www.mirarsearch.com in an Internet Explorer zone other than the restricted zone.

    If you are running Spybot from a computer administrator user account, I don't understand why that registry entry can not be fixed. I was able to create a registry entry to simulate the problem, run a Spybot "Check for problems" followed by a "Fix selected problems" and the problem was fixed.

    While logged on to computer administrator user account, run another Spybot "Check for problems" followed by a "Fix selected problems". Then run another "Check for problems" and see if the problem is corrected. If not we'll try something else.

    ____________________________

    re: Tracking cookies

    Advertising.com, DoubleClick and Statcounter are Tracking Cookies. Tracking Cookies are cookies stored on your computer by a 3rd party not directly related to the web site you're currently viewing. The intention of this cookie is to track your movement as you surf between sites.

    If you are running Internet Explorer the storing of these particular Tracking Cookies can be prevented by enabling Spybot's Browser Helper Object (BHO). To do this go into Spybot-S&D > Immunize. Look in the last section labeled "Permanently running bad download blocker for Internet Explorer". Check the following:
    • "Enable permanent blocking of bad addresses in Internet Explorer"

    In the pull-down below "Enable permanent blocking of bad addresses in Internet Explorer" there are three options:
    • Block all pages silently
    • Display dialog when blocking
    • Ask for blocking confirmation
    Many people find the messages that this facility can produce annoying. If you would like to keep the messages from popping and still block the tracking cookies, you can do that by selecting "Block all pages silently".

    There is another way to prevent the downloading of Tracking Cookies in Internet Explorer (even those not blocked by Spybot's resident BHO) as well as the storing of Tracking Cookies in other WEB browsers. See:

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  5. #5
    Junior Member
    Join Date
    Jul 2007
    Posts
    17

    Default

    Every time I have ran a check for problems it was with the computer administrator user account. But, I ran it again. 1 entry found:Mirar. I Selected "fix Problems," and got this:

    Some problems couldn't be fixed; the reason could be that the associated files are still in use (in memory).

    This could be fixed after a restart. May Spybot S&D run on your next system startup?

    yes no


    and it's an endless cycle of restarting and checking and restarting and checking like malware purgatory.

    I did copy results to clipboard again but I copied and pasted "computer administer user account" earlier and lost it because I had already closed Spybot S&D and I don't feel like waiting for another 1 1/2 hours for another scan result. uhg I'm gonna throw this thing out the window soon.

  6. #6
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    Try running Spybot in Safe Mode and see if it will delete the entry.
    Last edited by md usa spybot fan; 2007-07-18 at 07:45.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  7. #7
    Junior Member
    Join Date
    Nov 2005
    Posts
    21

    Default

    Quote Originally Posted by md usa spybot fan View Post
    Try running Spybot in Safe Mode and see if it will delete the entry.
    My Symantec is doing the same thing. But Spybot will not find it. Very strange! May try safe mode next. Symantec says to close windows EX before the scan as it is resident in explorer.


    http://www.symantec.com/security_res...091714-4329-99

    Type: Adware
    Risk Impact: Low
    File Names: MirarSetup.exe,WinDmy.dll,NN_Bar21.dll,installer.cab,WinNB[xx].dll ([xx] = Version Number)
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

    Behavior
    Adware.Mirar attempts to find Web pages that are related to the Web page currently being viewed. It also displays advertisements based on the URLs and search terms used while navigating the Internet. It will also attempt to download and install the Mirar toolbar from a predetermined Web site. This toolbar is also detected as Adware.Mirar.
    Symptoms
    The files are detected as Adware.Mirar.

  8. #8
    Junior Member
    Join Date
    Nov 2005
    Posts
    21

    Default

    Clearing out all restore points and clean disk finally got rid of this for me. I also deleted all yahoo stuff just in case. Supposedly this was an authorized install, so it must be part of another program or I hit the accept button one too many times. LOL
    Side note, since all these updates (1.5/symantec/ scans and deletes) none of my links to GOTAPEX.com for DELL sales work. I am starting to wonder if gotapex.com has some special installs for the Dell sales.
    Last edited by ETPETP; 2007-09-30 at 14:05.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •