17 replies to this topic

[figaro]

Hi, I just downloaded Malwarebytes, great program. It removed this Rogue anti-spyware program for me. But before that I downloaded this other program called Spyware Doctor and it wanted me to pay to clean my computer; that's when I seeked out for malwarebytes. Anyway so this program, Spyware Doctor, still says I have some things on my computer that need cleaning while when I scan with malwarebytes it doesn't mention anything.

So what I was wondering is if there are something that malwarebytes doesn't get rid of or is Spyware Doctor another Rogue software?

Here's what Spyware Doctor is saying I have:

• Spyware.Known_Bad_Sites (1 infectoins)
  
  • Registry Value
    HKEY_USERS\...etc. (Ask for a full name.)
  
  
• Adware.Advertising (12 infections)
  
  • Browser Cookie
    (12 different items. Ask for full detail.)
  
  
• Application.TrackingCookes (17 infections)
  
  • Browser Cookies
    (17 different items. Ask...)
  
  
• RogueAntiSpyware.VirusProtect_Pro (1 infections)
  
  • File
    C:\DOCUMENTS AND SETTINGS\... (Ask)
  
  
• Spyware.Seekmo_Search_Assistant (6 infections)
  
  • Registry Value
    (4 items)
    
  • Registry Key
    (2 items)
  
  
• Application.PopCap (7 infections)
  
  • Registry Value
    (5)
    
  • Registry Key
    (2)

Do you recognize any of these? Are any of them worth caring? Are they easy to remove?

Any information on this is appreciated. Thanks for reading.

[MysteryFCM]

Can you post a HiJack This log please? to do so, please follow the instructions at;

http://www.malwareby...?showtopic=2936

You can post a link to this thread to provide a reference for the helper.

[RubbeR DuckY]

Those are probably leftovers. Tracking cookies we do not detect because it is pointless.

[figaro]

#3 are tracking cookies which I can clean with ad-aware, so no worries with that. And #6 is apart of PopCap.com; a gaming website.

#1 looks like just a registry value and was just thinking of deleting it myself, or would that harm my computer?

[RubbeR DuckY]

Post the full path and we can let you know .

[figaro]

HKEY_USERS\S-1-5-21-2748865452-3915145760-3167227467-1005\Software\Microsoft\Internet Explorer\New Windows\Allow, www.rubberfaces.com

That's the path.

[GT500]

http://siteadvisor.p...rubberfaces.com

Not that I'm a fan of McAfee, but they went through the trouble of visiting the site, and found it contained malware. The key should probably be deleted, but wait until someone else confirms that.

[AdvancedSetup]

GT500, on Apr 4 2008, 07:54 PM, said:

http://siteadvisor.p...rubberfaces.com

Not that I'm a fan of McAfee, but they went through the trouble of visiting the site, and found it contained malware. The key should probably be deleted, but wait until someone else confirms that.

They do funny picture manipulation stuff

The Company appears to have been around for a long time. They do have a bit of popups and in general unwanted links (in my own opinion). This key is safe to delete though as it basically just says that your popup blocker will allow this site to run popups when you visit them

If you don't visit them or don't want them to use popups then it's okay to remove this key.


DNS lookup for them shows this information.

Galt Technology, Inc.,
info@GALTTECH.COM
100 POWDERMILL RD # 237
ACTON, MA 01720-5932
US
Phone: 800-580-0742
Fax: 413-581-6864

Record expires on 16-Jan-2010
Record created on 16-Jan-2001
Database last updated on 25-Jun-2007

[figaro]

So is it a yes? Is it safe to directly delete this key?

[RubbeR DuckY]

It will not be detrimental to your system. So, yes, it is safe to delete.

[figaro]

I deleted the key.

I also ran Panda Antivirus and it found a Trojan.

Here's the ActiveScan results:

 Activescan.txt   9.78K   186 downloads

The rest is just cookies but it appears that one file of the two files apart of the trojan was not disinfected.

So have a look and let me know what all you think. I appreciate it.

[RubbeR DuckY]

Those two found files are safe to delete. They are only temporary files and are of very low risk.

[figaro]

Hey, I'm back on the forums. I was away for a while. I thought I might solve one more thing on my computer.

I re-ran the Spyware Doctor to get an update on what's on my machine.

• Application.TrackingCookies (105 infectoins)
  
  • Browser Cookie
    ...
  
  
• Adware.Advertising (63 infections)
  
  • Browser Cookie
    ...
  
  
• Spyware.Known_Bad_Sites (3 infections)
  
  • Browser Cookies
    ...
  
  
• RogueAntiSpyware.VirusProtect_Pro (1 infections)
  
  • File
    ...
  
  
• Trojan-PWS.Sinowal (27 infections)
  
  • Registry Value
    ...
    
  • Registry Key
    ...
  
  
• RogueAntiSpyware.SpywareNo (7 infections)
  
  • Registry Value
    ...
    
  • Registry Key
    ...
  
  
• Spyware.Seekmo_Search_Assistant (6 infections)
  
  • Registry Value
    ...
    
  • Registry Key
    ...
  
  
• Application.PopCap (7 infections)
  
  • Registry Value
    ...
    
  • Registry Key
    ...

So yes this is the latest scan. I would like some help on how to remove some of these (Not all of them are a big deal, like cookies).

The first three I'm not worried about.

I'm not worried about the last one. Because this is PopCap and is not a threat to me.

The others though I am concerned about. I do I clean these off my computer?

Thanks for reading. All help is appreciated.

[nosirrah]

Trojan-PWS.Sinowal (27 infections) <- this one has the potential of being very bad but only if the files these keys point to are hidden or you have the MBR rooter version of this malware .

Did you remove any file listed as Sinowal recently ?

[YoKenny1]

Quote

I re-ran the Spyware Doctor to get an update on what's on my machine.

Application.TrackingCookies (105 infectoins)

The use of a HOSTS file will stop those tracking cookies plus known malware sites:
http://www.mvps.org/...p2002/hosts.htm
http://www.hosts-file.net/?s=Download

To manage the HOST file I use HostsMan and its companion HostsServer:
http://www.abelhadigital.com

[JeanInMontana]

Hi figaro, you should follow the directions here http://www.malwareby...?showtopic=2936 and start a new topic in that forum so someone can help you.

[figaro]

Do I have to post MBAM scan, Panda Active scan and HiJack This scan? Or can I just post the HiJack This log?

Also where do I post it to? There're three sub-categories in the Computer Help forum. I'm assuming it's Malware Removal - HijackThis Logs.

Thanks for your replies. I appreciate your precipitation in solving this.

[Hardhead]

figaro, on Apr 22 2008, 02:34 AM, said:

Do I have to post MBAM scan, Panda Active scan and HiJack This scan? Or can I just post the HiJack This log?

Also where do I post it to? There're three sub-categories in the Computer Help forum. I'm assuming it's Malware Removal - HijackThis Logs.

Thanks for your replies. I appreciate your precipitation in solving this.

Hello figaro,

Post your logs here.
Follow the directions here and here. You will also need to post a HiJack This! log.

If you don't have a copy of HiJack This! you can get one here.