Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SUPERAntiSpyware keeps finding spyware


  • Please log in to reply
5 replies to this topic

#1 btbraun

btbraun

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brentwood, TN
  • Local time:03:37 AM

Posted 14 August 2012 - 07:49 AM

Over the last few weeks I've had issues with system performance and recurring spyware. I posted a request for help under the heading of "Catroot". I was led through a series of actions and at first the problem didn't seem fixed but after 5 minutes of tweaks it seemed to return to normal.

Yesterday some of the problems that I originally had returned; most notable are mouse skips, slow keyboard response and repetitive SUPERAntiSpyware scans reveal new spyware. The scan finds any ware from 2 to 3 hits to as many as 20+. I remove, reboot, and rescan and I'll get a clean report. If I scan an hour later it will return new hits if I've returned to the net but won't find anything if I've remained off the net.

I've run misc tools I've found in the download section of this website but I guess I don't know as much about their use as I thought, because I still have the problem.

Could someone please take me through some basic steps to help identify my problem?

Thank you!
-Beans

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:37 AM

Posted 14 August 2012 - 11:19 AM

Can you post Super log so we can see what's there?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 btbraun

btbraun
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brentwood, TN
  • Local time:03:37 AM

Posted 16 August 2012 - 08:07 AM

I'm not sure what a Super log is but my guess is that itís the log from the SUPERAntiSpyware scan so I posted it below.
I have an update from the time between my original post and this post. I downloaded Spybot Search and Destroy and it found Ad.FLVPlayer and W3i.IQ5.fraud.

After Spybot found those I went into the registry and found quite a few hundred items in the registry tree under the HKEY User tree zone; domain's and P3P - too many to remove manually unless I had a few hours to spare and could endure the finger cramps that would surely result.

Please advise:

Thanks Broni -

SUPERAntiSpyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/15/2012 at 03:14 PM

Application Version : 5.5.1012

Core Rules Database Version : 9063
Trace Rules Database Version: 6875

Scan type : Complete Scan
Total Scan Time : 00:29:14

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned : 733
Memory threats detected : 0
Registry items scanned : 68457
Registry threats detected : 0
File items scanned : 53637
File threats detected : 6

Adware.Tracking Cookie
C:\USERS\BTBRAUN_RSMC\AppData\Roaming\Microsoft\Windows\Cookies\Low\VULNI9VE.txt [ Cookie:btbraun_rsmc@adsonar.com/adserving ]
C:\USERS\BTBRAUN_RSMC\AppData\Roaming\Microsoft\Windows\Cookies\Low\KTQ03MKX.txt [ Cookie:btbraun_rsmc@socialstreamingplayer.crystalmedianetworks.com/ ]
C:\USERS\BTBRAUN_RSMC\AppData\Roaming\Microsoft\Windows\Cookies\Low\ODZBWHN0.txt [ Cookie:btbraun_rsmc@ru4.com/ ]
C:\USERS\BTBRAUN_RSMC\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z8STMGJB.txt [ Cookie:btbraun_rsmc@imrworldwide.com/cgi-bin ]
C:\USERS\BTBRAUN_RSMC\AppData\Roaming\Microsoft\Windows\Cookies\Low\4UPUSV93.txt [ Cookie:btbraun_rsmc@invitemedia.com/ ]
socialstreamingplayer.crystalmedianetworks.com [ C:\USERS\BTBRAUN_RSMC\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5F8AKRRP ]

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:37 AM

Posted 16 August 2012 - 10:31 AM

Those are tracking cookies only.
Most security programs don't even bother with them since they're more of privacy issue than security issue.
Nothing to worry about.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 btbraun

btbraun
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brentwood, TN
  • Local time:03:37 AM

Posted 16 August 2012 - 11:06 PM

True, and I understand that. But I've run that scan on startup for ages and very rarely has it ever come up with anything, and suddenly it's happening all the time so it seemed odd expecially given the other issues.

Can the "domain" be deleted to delete everything in the tree or do I have to remove each individually? There are hundreds of them and they aren't your normal websites. I'm the only one who has the password to this computer and I know I haven't been to "bedtime-heros.com" or a hundred different casino websites

...although "bedbettyandme.com' sounds interesting - yet somehow I suspect it might not be smart to go there. Just a hunch.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:37 AM

Posted 16 August 2012 - 11:49 PM

I'm not really aware of any way to block tracking cookies.
You could disable cookies altogether but then your browser won't remember any passwords, usernames etc.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users