Spybot Registry Update

Chip Fossa · From: Monson, MA, USA (deceased)

Well, after going thru a lengthy malware procedure within CASTLECOPS and submitting the findings to their forum, it appears that my PC is clean now of any worms and trojans.

HOWEVER, and Wiz you might want to file this,
here is the response from CastleCops. The 1st paragraph is me stating what I found after the malware procedure.

------------------------------------------------------------------------
They are: CTHELPER: rbot-xb worm QUICKTIMETASK: coolwebsearch parasite
variant & netvision dialer SUNJAVAUPDATESCHED: agobot-ow worm/sdbot-aux
worm/sdbot-wi worm 1025UDP: netspy/maverick's matrix/remote storm and
finally CSRSS.EXE: %winpath% & sober.z worm

"Those are not worms. The problem with a2highjackfree is that it only
looks at file names and identifies anything that ever had that file name
as a threat. All of the above files get flagged on mine as well. But,
there are legit files and by looking at your hijackthis log they are in
the correct place so they are OK.

That is one reason I do not recommend using a2highjack free. Way too many
false positivies."
_________________
Yellowhammer
MS-MVP Security 2005
How to prevent Reinfection

[This message was edited by CHIP FOSSA on 19 June 2006 at 08:56 AM.]

Wiz Feinberg · From: Mid-Michigan, USA

Chip;
I'm glad to hear that you were able to rid your computer of the spyware infections that plagued it. Thanks for posting that information about a-squared giving false positives. I will either remove my links to it, or add a warning, until I learn that the problems have been resolved.

It should be noted that there are trojans and other nasties in the wild that use file names associated with Quicktime and SoundBlaster files. If one knows where the real files are supposed to reside they can tell if the threat is real or false-positive. If you search CastleCops for Qttask.exe and Quicktime you will see that they represent real threats, if they are in the system directory, not Program Files. This is where the real Hijack This program is unsurpassed.

------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices

Chip Fossa · From: Monson, MA, USA (deceased)

Thanks Wiz...you're 2nd paragraph left me in the dust. I'm just a hack. I'm beginning to understand some of this, but it's a struggle.
Now I'm getting into the nitty gritty.

LIKE: "If one knows where the real files are supposed to reside, they can tell if the threat is real or false-positive" - if I did locate such files, what kind of test could/should I do to determine if they're cool or not?

This is where the wizzes enter. I don't have a clue.

Wiz Feinberg · From: Mid-Michigan, USA

Chip Fossa · From: Monson, MA, USA (deceased)

Wiz, I understand what you just said.

But how do you know this is going down and where do you get a clue?

All these anti-spy programs seem to have a fallibility. So how would I know where to look?
How would I have a clue that something is a-miss?

What you said about these files being or not being in Windows\System 32 - how do you check this? And how do you know what files to check.

I'm naive my friend about this, but I am begining to get it a bit.

Don't feel obligated to get right back. You've been more than helpful with me and my problems. I appreciate it. And you've got to be a very busy dude.

Thanks Wiz

[This message was edited by CHIP FOSSA on 19 June 2006 at 07:56 PM.]

Forum Index > Computers		Next oldest topic :: Next newest topic

All times are GMT - 8 Hours	Jump to: