Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What Is Trace.directory.i-spy?


  • Please log in to reply
7 replies to this topic

#1 lliztiz

lliztiz

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:10:47 AM

Posted 19 September 2007 - 02:04 AM

A-square anti-malware detected the above attached to the program that is most important to my work. It was described as low risk in and of itself, but often attached to other problemmatic things. So, I decided to quarantine it. I immediately noticed that the desktop icon for this very important program changed into a box outlined in blue. I clicked on it, and the program would not launch. So, I looked for the folder containing this program, and it had been removed. The file to execute the program was in the download folder, but when I tried to execute it, I got the message that H32ver.dll couldn't be found.

I did a search, and it was nowhere on the computer. I downloaded the program from the website, re-installed it, and it ran. Out of curiousity, I did a search for the H32ver.dll file-- a very thorough search, and it was not found. So, my theory that malware had attached to a file necessary to run the program seems to not hold up.

When I googled Trace.Directory.I-Spy, sites came up suggesting that this file may be part of the patriot act's spying endeavors. I can't imagine why what I do on the computer would be of interest to anyone, never mind the government. What do you all know about this? I am really curious now. Thanks. :thumbsup:

Edited by lliztiz, 19 September 2007 - 02:06 AM.


BC AdBot (Login to Remove)

 


#2 lliztiz

lliztiz
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:10:47 AM

Posted 21 September 2007 - 07:44 PM

No one has replied. Forget the government stuff-- that was just idle curiousity. I'd really like some guidance about how to treat this thing-- it keeps being identified as a type of malware, but it also seems to be embedded into a program that I use extensively for work. Should I just ignore it? Does the fact that it has the word "trace" included mean that it is just a trace-- not a big deal?? Any advice would be most welcome. Now I just ignore it when it is identified.

Edited by lliztiz, 21 September 2007 - 07:45 PM.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:47 PM

Posted 22 September 2007 - 09:09 AM

It would be helpful if you could provide the exact name and location of the file found by a-square.

I'm not find any information on H32ver.dll. Are you still getting a message that it could not be found? If so, when are you getting that message.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 lliztiz

lliztiz
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:10:47 AM

Posted 22 September 2007 - 11:44 PM

I just uninstalled a-square from my computer, so I won't be able to answer your question. I found the pop-up that told me how many days I had until I had to buy it very annoying. You have to press "continue" for windows to be able to continue loading. Since quarenteening it made my program inoperable, I assume it must be attached to the program execution file-- but, what do I know. I decided to live with it being present because I can't do my work if I remove it.

I have been having an awful time trying to prepare my computer for Hijack This. I ran a couple of on-line scans that took forever and revealed some malware, but while I was thinking about how to handle the problems, the screen listing them disappeared. Frustrating. I am not sure at what point it is OK to post to Hijack This. At this rate, I will never get the computer clean enough to do so. :thumbsup:

#5 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:10:47 AM

Posted 23 September 2007 - 12:21 AM

Hi lliztiz,

Just skip the scans that you are unable to complete and go onto the next step in the Preparation Guide.

Once you have completed all the steps that you are able, then post your HJT log in the HijackThis Logs and Malware Removal forum.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner

#6 lliztiz

lliztiz
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:10:47 AM

Posted 23 September 2007 - 01:03 AM

Thanks. It's a relief to know that I can post before every scan is run and I have been able to resolve every issue revealed. I will run another on-line scan tonight, then proceed to Avert Stinger, and then post to Hijack This. It would be so nice to get all the bad stuff off-- assuming it's still there.... :thumbsup:

#7 baker1

baker1

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 23 September 2007 - 06:21 AM

The anti-malware application from a-squared is excellent and over time I have been using it even running its deep scan mode often enough to say something.I think you have either got something that very nearly that does'nt exist or perhaps you got rid of it without knowing.I grappled with Spyware Quake a detection like yours catagorized as a trace and it is in fact nowhere to be found and like your contention I have done some serious searching even twice though for different reasons successfully editing the registry.I dont beleive its there,Spyware Quake that is and even perhaps more so I think there maybe a false positive in its detection ability however I wont ignore the find as I want to suggest.The find as it was noted has been in quarantine and that is as safe as any location including even unto a deletion.I would like to ask a question What else have you found recently and not necessarrily by a-squared anything interesting? Like a Key log? I Did!

#8 lliztiz

lliztiz
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:10:47 AM

Posted 25 September 2007 - 08:39 PM

Thanks for answering my query. You are lucky that you were able to quarantine your possibly phantom bug; when I did that, I couldn't use software that is essential to my work. I have found too many problematic things by running numerous scans from different sources. Most troublesome were the two Trojans: one the downloader:ruins, and the other the Trojan dns-changer. A version of Spyware Doctor that I downloaded (4.1) from the web and could use on a trial basis identified the downloader. I decided to purchase the latest version (PC World rated it #1 in spy and malware detection and removal), and got rid of the ruins one. SpySweeper identified the DNS changer-- I quarantined it and then decided to delete it-- I wanted all the Trojans off of my computer.

I now have all kinds of spyware prevention and detection programs, so hopefully that will be the end of that. Trend micro on-line found some grayware. For some reason, it wasn't able to get rid of them-- they being:
Adwware_BHOT_IEHELPER, MEMWATCHER, and TSPY_SMALL. I will now focus on getting rid of them and hopefully all will be well. I envy Mac owners!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users