Weird Problem

H

Hidden

New member
Last night, my computer appeared to contract something that made the spyboy resident alarm go off. I ran spybot search and destroy and it found one item, and easily fixed it.

No weird processes were running, computer wasn't slow or lagged, everything seemed to be fine. However, the resident alarm continually keeps going off.

I did a search for any .exe's created yesterday and found this weird file in my My Documents folder. Had to go into safe mode to delete it, but it is gone now.

Booted up again and the resident alarm still goes off.

It has found two registry changes. Both considered Browder Helper Objects. Registries are:

5CA3D70E-1895-11CF-8E15-001234567890

4D25F921-B9FE-4682-BF72-8AB8210D6D75

The "Deny changes" object also is not highlighted, so I can't continually block this threat. I also ran hijack this, and it found no errors.

Any idea what this problem is? Thanks
 
Just ran pandascan....apparently it is coming up with some spyware and two viruses.

It deleted the viruses but the spyware/dialers are still there.
 
Hidden said:
The "Deny changes" object also is not highlighted, so I can't continually block this threat. I also ran hijack this, and it found no errors.

Any idea what this problem is?
Click to expand...
If the TeaTimer pup-up dialog was for the deletion of those BHOs then the "Deny change" would be grayed out and not be an option.

Go into Spybot > Mode > Advanced Mode > Tools > Resident. If the log shows "deleted in Browser Helper Object!" for those CLSIDs than the objects were being deleted.

Note: From CastleCops CLSID BHO List those BHOs are:
  • Object Name: DriveLetterAccess
    GUID: {5CA3D70E-1895-11CF-8E15-001234567890}
    Status: Legitimate
    Filename: tfswshx.dll, dlashx_w.dll
    Description: "Direct Media Access" module belonging to Sonic or Hewlett-Packard/Veritas DLA (Disk Letter Assignment ) packet writing software
  • Object Name: (no name)
    GUID: {4D25F921-B9FE-4682-BF72-8AB8210D6D75}
    Status: Open to debate
    Filename: deSrcAs.dll
    Description: MyWebSearch/MySearch - now owned by Ask Jeeves Inc - see note
 
Ah yes, it does show the "deleted in browser helper object!"

Another problem...I tried running Pandascan a few more times. Either the scanner is really fast and it takes 5-10 seconds to scan the entire C drive, or something is wrong. It either does that, or closes internet explorer entirely.

Hijackthis still finds no errors...spybot finds no errors...and adaware finds no errors.

Any recommendations?
 
You must log in or register to reply here.
Back
Top