Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mate Watcher detected!


  • Please log in to reply
1 reply to this topic

#1 missfuzzy7096

missfuzzy7096

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 29 November 2008 - 01:42 PM

After my husband logged into my laptop and went through all my things, I downloaded and ran A squared and found this report:

a-squared Free - Version 3.5
Last update: 11/29/2008 9:22:17 AM

Scan settings:

Objects: Memory, Traces, Cookies, C:\
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 11/29/2008 9:50:52 AM

c:\workssetup detected: Trace.Directory.SpyWare.MateWatcher!A2
c:\program files\viewpoint\viewpoint toolbar detected: Trace.Directory.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\.DEFAULT\Software\Viewpoint\Content Debugger --> SearchBar detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3413844826-3836157543-2182971952-1005\Software\Viewpoint\Content Debugger --> SearchBar detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-18\Software\Viewpoint\Content Debugger --> SearchBar detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\.DEFAULT\Software\Viewpoint\Content Debugger --> Viewbar Installer detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3413844826-3836157543-2182971952-1005\Software\Viewpoint\Content Debugger --> Viewbar Installer detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-18\Software\Viewpoint\Content Debugger --> Viewbar Installer detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\.DEFAULT\Software\Viewpoint\Content Debugger --> Viewpoint Manager detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3413844826-3836157543-2182971952-1005\Software\Viewpoint\Content Debugger --> Viewpoint Manager detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-18\Software\Viewpoint\Content Debugger --> Viewpoint Manager detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\.DEFAULT\Software\Viewpoint\Content Debugger --> Viewpoint Manager Installer detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3413844826-3836157543-2182971952-1005\Software\Viewpoint\Content Debugger --> Viewpoint Manager Installer detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-18\Software\Viewpoint\Content Debugger --> Viewpoint Manager Installer detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\.DEFAULT\Software\Viewpoint\Viewpoint Toolbar --> ToolbarSelectedInBrowser detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-18\Software\Viewpoint\Viewpoint Toolbar --> ToolbarSelectedInBrowser detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3413844826-3836157543-2182971952-1005\Software\NirSoft\MessenPass --> Columns detected: Trace.Registry.MessenPass!A2
Value: HKEY_USERS\S-1-5-21-3413844826-3836157543-2182971952-1005\Software\NirSoft\MessenPass --> SaveFilterIndex detected: Trace.Registry.MessenPass!A2
Value: HKEY_USERS\S-1-5-21-3413844826-3836157543-2182971952-1005\Software\NirSoft\MessenPass --> ShowGridLines detected: Trace.Registry.MessenPass!A2
Value: HKEY_USERS\S-1-5-21-3413844826-3836157543-2182971952-1005\Software\NirSoft\MessenPass --> Sort detected: Trace.Registry.MessenPass!A2
Value: HKEY_USERS\S-1-5-21-3413844826-3836157543-2182971952-1005\Software\NirSoft\MessenPass --> WinPos detected: Trace.Registry.MessenPass!A2
C:\Documents and Settings\Meg\Cookies\meg@advertising[2].txt detected: Trace.TrackingCookie.advertising!A2
C:\Documents and Settings\Meg\Cookies\meg@advertising[3].txt detected: Trace.TrackingCookie.advertising!A2
C:\Documents and Settings\Meg\Cookies\meg@atdmt[2].txt detected: Trace.TrackingCookie.atdmt!A2
C:\Documents and Settings\Meg\Cookies\meg@bs.serving-sys[2].txt detected: Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\Meg\Cookies\meg@bs.serving-sys[3].txt detected: Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\Meg\Cookies\meg@burstnet[1].txt detected: Trace.TrackingCookie.burstnet!A2
C:\Documents and Settings\Meg\Cookies\meg@casalemedia[2].txt detected: Trace.TrackingCookie.casalemedia!A2
C:\Documents and Settings\Meg\Cookies\meg@cgi-bin[1].txt detected: Trace.TrackingCookie.cgi-bin[1].txt!A2
C:\Documents and Settings\Meg\Cookies\meg@doubleclick[2].txt detected: Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\Meg\Cookies\meg@media.adrevolver[1].txt detected: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Meg\Cookies\meg@mediaplex[2].txt detected: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Meg\Cookies\meg@mediaplex[2].txt detected: Trace.TrackingCookie.mediaplex!A2
C:\Documents and Settings\Meg\Cookies\meg@serving-sys[2].txt detected: Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\Meg\Cookies\meg@specificclick[2].txt detected: Trace.TrackingCookie.specificclick!A2
C:\Documents and Settings\Meg\Cookies\meg@tribalfusion[1].txt detected: Trace.TrackingCookie.tribalfusion!A2
C:\Program Files\Toshiba Games\Mah Jong Quest\mahjong.exe detected: Trojan-Spy.Win32.Pophot.aww!A2
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll detected: Adware.WildTangent.b!A2
C:\WINDOWS\wt\wtvh.dll detected: Adware.WildTangent.b!A2

Scanned

Files: 116753
Traces: 577648
Cookies: 96
Processes: 45

Found

Files: 3
Traces: 21

When I click on the one I bolded, the A2 site says this:

Name: Trace.Directory.SpyWare.MateWatcher!A2
Risklevel: Elevated Risk

Company: EffeTech

Description:

EffeTech is a leading network security provider, who is dedicated to explore and implement a variety of network security and network management techniques. EffeTech is the abbreviation for Effective Technologies, which is also its goal. The Company's products are currently licensed in more than 100 countries. EffeTech's clientele includes large corporations, government education entities and individual users worldwide. Its expertise is focused on developing network management solutions for web surfing auditing, network administration, TCP/IP applications for LANs and intranets, tools for instant messengers and http server development. EffeTech develops a series of award winning, powerful network sniffer and network security software for parents, network administrators, managers, and network program developers. The purpose of this groundbreaking software is to analyze and report network traffic as well as advanced information inside packets, such as url of http, password, chat conversations, and etc. All EffeTech sniffer software is compatible with Win9x, ME, NT4, 2000 and XP.

Characteristics:

Can see the passwords as soon as it appeared on LAN
Support Various Protocols
Support HTTP Protocol
Verify whether the captured passwords are valid
Stealth-monitoring
Installation: Installed through EXE

Process: APS.exe


Used folders:

C:\Program Files\Ace Password Sniffer
C:\Documents and Settings\All Users\Start Menu\Programs\Ace Password Sniffer
Used files:

C:\Program Files\Ace Password Sniffer\APS.exe
[434176 Bytes] Application
C:\Program Files\Ace Password Sniffer\eula.txt
[1822 Bytes] Text Document
C:\Program Files\Ace Password Sniffer\INSTALL.LOG
[2926 Bytes] Text Document
C:\Program Files\Ace Password Sniffer\readme.txt
[1733 Bytes] Text Document
C:\Program Files\Ace Password Sniffer\UNWISE.EXE
[165376 Bytes] Application
C:\Documents and Settings\All Users\Start Menu\Programs\Ace Password Sniffer\Ace Password Sniffer.lnk
[1421 Bytes] Shortcut
C:\Documents and Settings\All Users\Start Menu\Programs\Ace Password Sniffer\UNWISE.EXE.lnk
[1558 Bytes] Shortcut
C:\Documents and Settings\All Users\Desktop\Ace Password Sniffer.lnk
[1409 Bytes] Shortcut
Cookies: 15
Processes: 0
Registry keys: 0

Scan end: 11/29/2008 10:56:49 AM
Scan time: 1:05:57


I don't know if those C:\programfiles and all are specific to me or just generic info they give in that link.

I have been searching my computer for the last 3 hours to find some file that will let me know when Mate Watcher was installed and if it is running now. Do you all have any suggestions?

Thank you!

Edited by missfuzzy7096, 29 November 2008 - 01:44 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,900 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:46 PM

Posted 30 November 2008 - 08:46 AM

You have malware on your computer. Suggest you run a scan with SAS using the instructions below.

The keylogger/spy program is manually installed. See what Symantec says about the program.
http://www.symantec.com/security_response/...-99&tabid=2


http://www.superantispyware.com/
Download and install SUPERAntiSpyware Free from the link above.

* Double-click SUPERAntiSypware.exe and use the default settings for installation. (OR the Renamed .EXE)
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the
definitions before scanning by selecting "Check for Updates". (If you encounter
any problems while downloading the updates, manually download them from
here and
unzip into the program's folder.)
* Under the "Configuration and Preferences", click the Preferences... button.
* Click the "General and Startup" tab, and under
Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
* Click the "Scanning Control" tab, and under Scanner
Options, make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen and exit the program.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

* Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes" and reboot normally.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users