Some undetected threats?

[naide]

Hello:

SpyHunter allegedly detected several spywares and trojans in my comp that SpyBot didn't, although SpyBot is supposed to detect at least one of them! (namely Zlob, could it be a newer version of it?). A quick web search revealed that SpyHunter doesn't seem to report false threats, so I will post the malware Registry links here, just in case they could be useful (they are actually registered on my Windows):

All of them are in the path

HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONE MAP\DOMAINS\

Dialer.Faretoraci:

ARCHIVIOSEX.NET, OTHERCHANCE.COM, REDFUNNY.COM

Toolbar.Mirar:

GETMIRAR.COM, MIRARSEARCH.COM

Toolbar.NetNucleus:

NET-NUCLEUS.COM

Trojan.Zlob:

ADULTAN.COM, ADULTFILMSITE.COM, ADULTMOVIEPLUS.COM, ADULTSPER.COM, ADULTZONEWORLD.COM, CLUBXXXVIDEO.COM, CUTADULT.COM, GALLERYCLICK.NET, GALLERYPICTURES.NET, GREATADULTVIDEO.COM, HARDCOREVIDEOSITE.COM, LOWERADULT.COM, MEGA-ADULT.COM, PORNISSEX.COM, PORNXXXFILM.COM, SITETICKET.NET, SUPERADULTFRIEND.COM, SUPERPORNCITY.COM, SUREADULT.COM, THEADULTEYE.COM, WORLDBESTADULT.COM, XXXALLVIDEO.COM, XXXMOVIETOUR.COM, XXXTEENFILM.COM, XXXZONEVIDEO.COM, ACCESSVID.NET, PLAYERSCODEC.COM, SITE-ENTRANCE.NET, SITEENTRANCES.COM, SITESENTRANCE.COM, SITES-ENTRANCE.COM, SITES-ENTRANCE.NET, VIDACCESS.NET, VIDS-ACCESS.COM, MOVIECODEC.NET, TVCODEC.COM, VIDEOSACCESS.NET, DVDACCESS.NET, PLAYERCODEC.NET, ZCODEC.COM

 

[md usa spybot fan]

Do you use Spybot's immunization facility? If so, I think your theory "…that SpyHunter doesn't seem to report false threats …" may be in jeopardy.

Six out of six of the first sites that you listed (archiviosex.net, otherchance.com, redfunny.com, getmirar.com, mirarsearch.com and net-nucleus.com) are placed in Internet Explorer's restricted zone by Spybot's immunization with the following registry entries:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\archiviosex.net]
*=dword:00000004
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\otherchance.com]
*=dword:00000004
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\redfunny.com]
*=dword:00000004
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com]
*=dword:00000004
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com]
*=dword:00000004
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com]
*=dword:00000004

Although I can not be 100% sure because the listing that you provided does not list the actual registry, I assume that SpyHunter is falsely identifying the restricted zone entries as threats. If that is case, not only should Spybot not identify this type of entry as a problem but it appears that SpyHunter should not either.

ps: I did not check the other 40 sites you listed.

 

[md usa spybot fan]

After thought:

To prove/disprove if these are SpyHunter false positives caused by Spybot's immunization facility:

• Go into Spybot > Immunize
  • Click the "Undo" button (at the top of the right hand pane).
• Run SpyHunter again.

 

[naide]

Alas, you were totally right!

Once deactivated the immunization process, SpyHunter no longer detected the "threats". So, in fact, it DOES make "dumb" false positives!

Btw, I recently got some random-named executable files on my root C:\. No antivirus I tried found them to be a threat (Ad-Aware, Spybot, Panda Online, AVG, McAffee Viruscan, SpyHunter) and a Google search returned nothing. Moreover, they have 0 bytes and whenever renamed to .txt and opened return no information, so I think they really are empty files... but I want to know why are them there! The list of them is:

dwdahdq.exe, bemederb.exe, jgemr.exe, pyjwypsc.exe, uausar.exe, hvokeik.exe, ridxqwsa.exe, xlkwetqy.exe, 1690976342 (without extension).

I'd remove them by hand but I want to know first if they are just the tip of a bigger threat. Any ideas on this?

Thx for the help!