Spybot 1.6.2 will not run to completion, crashes. DDS.txt File

Status
Not open for further replies.
ESet Issues - but trying

Tried to run eset in IE no joy , keeps looping on Start screen where you tick yes to EULA and hit start . Only once got message to Allow activeX and then page closed by IE . REset security and cleared all cookies cache etc , still no joy. One thing I have noticed in SpyBot I dont get the tool to see BHO , and I wonder why, can see any way to enable that .....

Anyway after all this waffle , you can run eset from other browsers using a download so running that ........
 
Update ...

Forget the Spybot comment it was a Doh moment , click on Tools and there is option to show Activex and BHO etc ....
 
Esent results

C:\WINDOWS\FixCamera.exe a variant of Win32/KillProc.A application
F:\$Downloads\HTC TouchPro2\Rhodium-HardSPL_V2_00R3_185HSPL.zip a variant of Win32/HackTool.PDAunlock.A application
F:\Android Software Collection 7-24-10\The Apps\PdaNet (2.41)\PdaNet4Android.v2.41.patch.exe.zip probably a variant of Win32/HackTool.Patcher.A application
F:\RSS Downloads\February\0201-0201ppc\0205ppc\phoneAlarm.v1.65.1.PPC.incl.keygen.zip probably a variant of Win32/Agent.IFCISBY trojan
F:\RSS Downloads\February\0201-0201ppc\0208ppc\Pocket_Hack_Master_UniPatch_LXP.zip a variant of Win32/HackTool.Patcher.A application
F:\RSS Downloads\February\0201-0201ppc\0212ppc\phoneAlarm.v1.66.PPC.incl.keygen.zip probably a variant of Win32/Agent.IFCISBY trojan
F:\RSS Downloads\February\0213-0221ppc\0217ppc\AraPoKey.zip probably a variant of Win32/Keylogger.Ardamax.LPNIKSW application
F:\RSS Downloads\February\0213-0221ppc\0217ppc\Aya.Blackberry.3GP.Mobile.Video.Converter.v1.0.3.Patch-AHCU.zip Win32/HackTool.Patcher.A application
F:\RSS Downloads\February\0213-0221ppc\0218ppc\SpaceTime.v3.0.Update.7-1.PPC.zip probably a variant of Win32/Agent.EGHVKHS trojan
F:\RSS Downloads\February\0213-0221ppc\0219ppc\CloneDVD.mobile.1.1.6.1_CRK-FFF.zip a variant of Win32/HackTool.Patcher.A application
F:\RSS Downloads\February\0222-0225ppc\0222ppc\CompeGPS.Pocket.Air.v2.71.XScale.WM2003.WM5.Incl.Keymaker-COREPDA.zip probably a variant of Win32/PSW.OnLineGames.BBIOTXT trojan
F:\RSS Downloads\February\0222-0225ppc\0222ppc\CompeGPS.Pocket.PRO.v2.71.XScale.WM2003.WM5.Incl.Keymaker-COREPDA.zip probably a variant of Win32/PSW.OnLineGames.MCLBPLA trojan
F:\RSS Downloads\February\0222-0225ppc\0223ppc\Track.This.Out.TrackyPro.v3.3.XScale.WM2003.WM5.Incl.Keymaker-COREPDA.zip probably a variant of Win32/PSW.OnLineGames.IVVXYEP trojan
F:\RSS Downloads\February\0222-0225ppc\0224ppc\phoneAlarm.v1.66.1.PPC.incl.keygen.zip probably a variant of Win32/Agent.IFCISBY trojan
F:\RSS Downloads\February\0226-0229ppc\0227ppc\PathAway.PRO.v4.00.79.WM2003.WM5.KeyMaker.Only-carpi.DVTPDA.zip probably a variant of Win32/Agent.JVVSIWU trojan
F:\RSS Downloads\February\0226-0229ppc\0228ppc\ChessGenius.v2.0.Beta.PPC.incl.keygen.zip probably a variant of Win32/Agent.BKODANA trojan
F:\RSS Downloads\February\0226-0229ppc\0228ppc\PSH.Formula1.2008.v2.1.PPC.incl.keygen.zip probably a variant of Win32/Agent.KUDCDDH trojan
F:\RSS Downloads\PerfectDisk 11 + Keygen\PerfectDisk 11 - Keygen.exe a variant of Win32/Keygen.AK application
F:\RSS Downloads\Pocket PC Essentials - Feb 2010\Pocket PC Essentials\Opera Mobile 8.65 Pro.rar probably a variant of Win32/Agent.KTFGXVW trojan
F:\RSS Downloads\Pocket PC Essentials - Feb 2010\Pocket PC Essentials\SOTI Pocket Controller Pro. v6.01.rar a variant of Win32/HackTool.Patcher.A application
F:\RSS Downloads\Pocket PC Essentials - Feb 2010\Pocket PC Essentials\Spb.Keyboard.v4.1.0.Build.2612.rar probably a variant of Win32/TrojanDownloader.Agent.JMVOTGA trojan
F:\Videos\Office2003.iso probably a variant of Win32/Agent.CNVAOQK trojan
F:\Videos\Google SketchUp Pro 7.1.4871 + Patch-ISMAIL\Google SketchUp Pro 7.1.4871 + Patch-ISMAIL.rar probably a variant of Win32/HackTool.Patcher.A application
F:\Videos\Google SketchUp Pro 7.1.4871 + Patch-ISMAIL\Patch-ismail\google.sketchup.pro.7.1.4871.0-ismail.exe probably a variant of Win32/HackTool.Patcher.A application
F:\Videos\IDM UltraEdit 15.00.0.1033\IDM UltraEdit 15.00.0.1033\CORE\keygen.exe a variant of Win32/Keygen.AG application
 
Hi

View Hidden Files & Folders Windows XP
To view Hidden Files & Folders do the following:
Click Start
Open My Computer
Select the Tools menu and click Folder Options
Select the View Tab
Under the Hidden files and folders heading select Show hidden files and folders
Uncheck the Hide protected operating system files (recommended) option
Click Yes to confirm
Click OK

Upload Files for Scanning
Go to VirusTotal & upload the following File/s for scanning.
  • Click Browse
  • Copy & paste the following File & Path in the text box next to File name: then click Open
    Code:
    C:\WINDOWS\FixCamera.exe
  • Click Send File
  • If confronted with two options, choose Reanalyse file now
  • Wait for scans to finish then copy & paste the URL from your browser address bar in your next reply
 
Hi

A couple of hits. Could be just heuristics. Is that process something you use?

How's the computer running now?
 
Fixcamera

Dont really use it , if I remember it was installed with a USB Microsocope. I can delete it np.

Spybot still wont run.

Im just running Kaspersky on Critical areas and its found some stuff , just waiting for it to finish.
 
Kaspersky , bother accidentally stopped it

Well running Kaspersky again as I accidentally stopped it at 51% this was the story so far

KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, September 26, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, September 26, 2010 07:39:16
Records in database: 4240748
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - Critical areas:
C:\Documents and Settings\Administrator\Desktop\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Objects scanned: 80457
Threats found: 3
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 01:52:02


File name / Threat / Threats count
C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 1
C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 1
C:\Program Files\Remote Desktop Control\apc_Admin.exe Infected: not-a-virus:RemoteAdmin.Win32.RemoteDesktopControl.a 1
C:\Program Files\SystemScheduler\WSProc.dll Infected: not-a-virus:Monitor.Win32.Hooker.at 1

Scanning stopped by the user.
 
They appear to be false positives - flagged due to the nature of the programs.

So the only problem you're experiencing is that Spybot won't run. Have you tried an uninstall/reinstall?
 
Update

First thing I did was remove Spybot and reinstall. Is there more to do to makse sure its really gone .

btw I got Kaspersky to run on all of C Drive and here it is :

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, September 27, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, September 26, 2010 11:11:47
Records in database: 4242833
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - Folder:
C:\

Scan statistics:
Objects scanned: 232949
Threats found: 7
Infected objects found: 11
Suspicious objects found: 0
Scan duration: 05:29:09


File name / Threat / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\19E00004.VBN Infected: Trojan.Win32.Genome.aeeu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\19E0000A.VBN Infected: Trojan.Win32.Genome.aeeu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\19E00010.VBN Infected: Trojan-GameThief.Win32.OnLineGames.umal 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\19E00012.VBN Infected: Trojan-GameThief.Win32.OnLineGames.umal 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\19E00014.VBN Infected: Trojan-GameThief.Win32.OnLineGames.uowc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\19E00015.VBN Infected: Trojan.Win32.Genome.aeeu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\19E00025.VBN Infected: Trojan-Downloader.Win32.Agent.csiz 1
C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 1
C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 1
C:\Program Files\Remote Desktop Control\apc_Admin.exe Infected: not-a-virus:RemoteAdmin.Win32.RemoteDesktopControl.a 1
C:\Program Files\SystemScheduler\WSProc.dll Infected: not-a-virus:Monitor.Win32.Hooker.at 1

Selected area has been scanned.
 
What about trying to run Spybot with all other Security programs disabled? What happens if you try to run it from Safe Mode?

Download Security Check by screen317 from one of the following links & save it to your desktop:
Link 1
Link 2
  • Double click SecurityCheck.exe to run it then press any key at the prompt to continue
  • Once the tool has finished a Notepad document should open named checkup.txt
  • Copy/paste the contents of checkup.txt & post in your next reply
 
Security Check

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
IBM 32-bit Runtime Environment for Java 2, v5.0
Java(TM) 6 Update 21
IBM 32-bit Runtime Environment for Java 2, v5.0
Adobe Flash Player 10.1.82.76
Adobe Reader 9.3.4
````````````````````````````````
Process Check:
objlist.exe by Laurent

Symantec Client Security Symantec AntiVirus DefWatch.exe
Symantec Client Security Symantec AntiVirus SavRoam.exe
Symantec Client Security Symantec AntiVirus Rtvscan.exe
Symantec Client Security Symantec Client Firewall ISSVC.exe
Symantec Client Security Symantec Client Firewall SymSPort.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
 
Hi

Is there a way to fuind out why Spybot is crashing ? Wouldnt that give a clue ?
Possibly. I'll get back to you that.

There's something else I want to check out.

Can you just confirm it is only Spybot that won't run. Your other security programs - Symantec AV & Firewall are fine. And that there are no other problems.
 
Its fixed ........

I cant thank you enough for all your time and effort.

I reinstalled Spybot again, but this time to a different directory than the default, just in case it was referenced anywhere. I also enabled TeaTimer which I dont normally run. First I ran with no update and YEAH it ran . Found 45 errors. Then updated and ran again . Again ran fine. Turned off TeaTimer and is running fine. It always failed when it jumps from out 9K 10k entry to 24k entry.

So something you took me through must have fixed it.

All the very best .
 
Good stuff :bigthumb:

Clean Up
Now we need to clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.
Remove ComboFix
The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run then copy/paste the following coded text into the Run box and click OK:
Code:
ComboFix /Uninstall
OTC
Download OTC by Old Timer here & save it to your desktop.
Double click on OTC.exe. Click on CleanUp!.
You will receive a prompt that it needs to restart the computer to remove the files. Click Yes.
It will restart your computer automatically. If it doesn't, please restart your computer manually.
You can delete the following from your desktop:
TFC.exe
RKUnhookerLE.exe
The Gmer.exe file (it will be randomly named .exe file)
MBRCheck.exe
SecurityCheck.exe
Any logs that may have been saved to your desktop

You can remove the Kaspersky & Eset Online Scanners if present. This can be done via Add or Remove Programs

All Clean
Now that your system is safe we would like you to keep it that way.
Take the time to follow these recommendations & it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

Create a Clean System Restore Point
Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and click OK
Ensure the boxes for Temporary Files & Temporary Internet Files are checked. You can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore click Clean up... and click Yes to the prompt
Click OK and Yes to confirm.

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update
To update Office
Open up any Office program.
Go to Help > Check for Updates

Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
You can find a tutorial here. Keep it updated & run it regularly.

SpywareBlaster
Download and install Javacools SpywareBlaster from here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.
Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Install WinPatrol
Download it here
You can find information about how WinPatrol works here

Read some information here on how to prevent Malware.

Hopefully these steps will help keep your computer clean.
 
Since this issue appears to be resolved ... this Topic has been closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include fresh DDS & Attach logs and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or Moderator a private message (pm). A valid, working link to the closed topic is also required.
 
Status
Not open for further replies.
Back
Top