Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Wget and Swearware


  • Please log in to reply
4 replies to this topic

#1 Guest_penguinguy_*

Guest_penguinguy_*

  • Guests
  • OFFLINE
  •  

Posted 27 June 2009 - 02:46 PM

First let me say that I'm not even sure what these are. They first appeared on my regcleaner software list.

I use regcleaner 4.3 . I know this is an old app, but it still seems to work, and did bring these two entries to my attention.

The weird thing is that I haven't really done anything lately. I've been preparing my computer to be wiped and transfering files (music, movies, pictures, docs, excel files, etc.) and deleting them.

I don't really have an issue with the way my computer has been running, but I just like to make sure everything is in order. I run an AVG scan nearly every night. I have hijack this installed, and I previously used combofix (without supervision) to get rid of a couple of viruses... successfully I might add (it has been over a month since).

Regcleaner pretty much tends to consider any piece of software that was installed before opening regcleaner to be new, and anything that was around during an open session of regcleaner to be old (since it is running on auto).

I tried to delete wget, but it came back. Same with swearware. I did a registry search using regedit and came up with this keys

My Computer\HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603
Name: 000
Data: wget.exe

Name: 001
Data: wget

My Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit
Name: LastKey
Data: My Computer\HKEY_USERS\S-1-5-21-1085031214-1078145449-725345543-1003\Software\Wget

My Computer\HKEY_CURRENT_USER\Software\Wget
Name: (Default)
Data: (value not set)

My Computer\HKEY_USERS\S-1-5-21-1085031214-1078145449-725345543-1003\Software\Microsoft\Search Assistant\ACMru\5603
Name: 000
Data: wget.exe

Name: 001
Data: wget

My Computer\HKEY_USERS\S-1-5-21-1085031214-1078145449-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit
Name: LastKey
Data: My Computer\HKEY_USERS\S-1-5-21-1085031214-1078145449-725345543-1003\Software\Wget

My Computer\HKEY_USERS\S-1-5-21-1085031214-1078145449-725345543-1003\Software\Wget
Name: (default)
Data: (value not set)

My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\swearware
(this one includes a number of entries and subfolders)
including one called combofix_wow

I just want to make sure i don't have any problems

New issue

I just double checked the registry keys, and the keys associated with Swearware seem to have expanded.

Wget hasn't seemed to now, but where there were a few now Swearware has key associations in the HKEY_CLASSES_ROOTS section now

Edited by penguinguy, 27 June 2009 - 03:02 PM.


BC AdBot (Login to Remove)

 


#2 Guest_penguinguy_*

Guest_penguinguy_*

  • Guests
  • OFFLINE
  •  

Posted 27 June 2009 - 06:52 PM

Okay, another update:

And I just wanted to note that my question is whether this is anything to worry about. I would like to know. I can always run combofix if I need.

In RegCleaner the file is this:

Author: swearware
Software: Backup

And there is another Author when I sort by "software"

I get AOL

And then I looked at the registry entries recognized by RegCleaner and they are similar

HKEY_LOCAL_MACHINE\Software\America Online\Backup\ACS
HKEY_LOCAL_MACHINE\Software\America Online\Backup
HKEY_CLASSES_ROOT\.bkf
HKEY_CLASSES_ROOT\.nbi
HKEY_CLASSES_ROOT\.wbk
HKEY_CLASSES_ROOT\.xlk
HKEY_CLASSES_ROOT\Excel.Backup
HKEY_CLASSES_ROOT\msbackupfile
HKEY_CLASSES_ROOT\NBBACKUPType
HKEY_CLASSES_ROOT\NeroHDBackupType
HKEY_CLASSES_ROOT\NeroShowTime.Files.bup
HKEY_CLASSES_ROOT\PSWFile
HKEY_CLASSES_ROOT\Word.Backup.8

AND

HKEY_LOCAL_MACHINE\Software\Swearware\Backup\winsock2
HKEY_LOCAL_MACHINE\Software\Swearware\Backup
HKEY_CLASSES_ROOT\.bkf
HKEY_CLASSES_ROOT\.nbi
HKEY_CLASSES_ROOT\.wbk
HKEY_CLASSES_ROOT\.xlk
HKEY_CLASSES_ROOT\Excel.Backup
HKEY_CLASSES_ROOT\msbackupfile
HKEY_CLASSES_ROOT\NBBACKUPType
HKEY_CLASSES_ROOT\NeroHDBackupType
HKEY_CLASSES_ROOT\NeroShowTime.Files.bup
HKEY_CLASSES_ROOT\PSWFile
HKEY_CLASSES_ROOT\Word.Backup.8

Edited by penguinguy, 27 June 2009 - 06:53 PM.


#3 Guest_penguinguy_*

Guest_penguinguy_*

  • Guests
  • OFFLINE
  •  

Posted 28 June 2009 - 06:43 PM

I just want to know whether this is something i should worry about (and so not do things like downloads, installs, uninstalls)

If I should try to do something like use Malwarebytes

Or if I should ignore it cause it is nothing

#4 Zllio

Zllio

  • Members
  • 1,107 posts
  • OFFLINE
  •  

Posted 02 July 2009 - 01:46 AM

Hi penquinguy,

Sorry your thread drifted back. When you multi-post, it leaves the impression that someone has already posted to you, so it looks like you're taken care of.

The files you mentioned are from the tools you are using. They are not malware. Don't delete anything.

Thanks.
Zllio

#5 Guest_penguinguy_*

Guest_penguinguy_*

  • Guests
  • OFFLINE
  •  

Posted 02 July 2009 - 07:03 PM

Thanks, that is exactly what I needed to know.

And I'll take that note for the future.

I got concerned when I couldn't find swearware on any file database.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users