Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Xoftspyse Says A Problem. I'm Not Sure

  • Please log in to reply
2 replies to this topic

#1 JeanRich


  • Members
  • 12 posts
  • Local time:03:11 PM

Posted 29 September 2006 - 10:51 PM

I have had installed (and updated) for quite a while: Spyware Dr , Spybot Search & Destroy, CWShredder, SpywareBlaster, Ad-AwareSE, Zone Alarm and AVG. A few days ago I installed SpywareTerminator, SpywareGuard, XoftSpySE and HijackThis.

I'm scared of IE and only use it when absolutely necessary - I use FireFox. Before I added the new software, only a couple things showed up and were immediately taken care of, except, Spybot keeps coming up with 5 DSO Exploits that are related to IE and a 'security hole' which I 'fix' and it says it's fixed, but it appears everytime I run it. Each of them says 'registry change, nothing done'.......Otherwise nothing else appears even now. I have no pop-ups or any problems so I thought I was clean. I ran the VX2 Cleaner tool (add-on to Ad-Aware) and it says the system is clean.

But XoftSpySE comes up with a whole list of things related to Viewpoint, and an item that it says is a severe risk named... 'CWS Homepage.' ...(I thought CWShredder is supposed to take care of that) Of course in order for Xoft to fix anything, I have to buy some software.

Why didn't any of the other software find anything?

BC AdBot (Login to Remove)


#2 TMacK


  • Members
  • 4,672 posts
  • Gender:Male
  • Location:B.C. Canada
  • Local time:12:11 PM

Posted 30 September 2006 - 12:38 AM

Welcome to Bleeping Computer JeanRich.
I suggest you post a HijackThis log for examination.
CWS is a real nasty.
The HJT team will be able to help you remove it.
Read the pinned post in the HijackThis forum, here
Please read, and follow, all directions carefully.
Then, run a log, and post it in the HJT forum,at this link.A member, of the HJT Team, will help you out.It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,769 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:11 PM

Posted 30 September 2006 - 06:46 AM

Spybot...everytime I run it. Each of them says 'registry change, nothing done'....

Are you using IE-SPYAD? There have been reported conflicts between Spybot S&D and IE-SPYAD that show in a Spybot log like this example:

Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1220945662-1383384898-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cc20foreva.com\*!=W=4

Lunch Spybot, go to File Menu > Mode and select Advanced mode.
Then go to Tools > View Report > View Previous Report. A box should open with selections of .log and .txt files. Select the latest .txt file (Checks.050726-XXXX). The X's will be numbers. Just select the .txt that has the highest number. If the report looks similar to the above, then check your restricted zones list and see if those entries are there.

Depending on what Spybot's identifying, the DSO exploit(s) may be false-positive(s) that were commonly reported when running v1.3. See the explanation here and here. (Please note that some of the net-integration links no longer work since Spybot moved to safer-networking.org). Also see Why does DSO Exploit return?. Ensure you are using the current version which is Spybot S&D 1.4.

CWShredder is now owned by TrendMicro and has not neen as effective as prior versions released by its original author (Merijn). There have been reports of it giving false positives. You can download an archive of CWShredder 1.59.1 (last version by Merijn) which will take care of all the classic CWS versions. For newer ones you should download and use About:Buster.

I installed...XoftSpySE and HijackThis

XoftSpy is not a program that I would place it lot of trust in. It previously was listed as on the Rogue/Suspect Anti-Spyware Products list because of false positives and other concerns. Read the note:

XoftSpy was listed on this page because of concerns with false positives (1, 2, 3, 4), questionable license terms, and the use of aggressive, deceptive advertising (1, 2), including exploitation of the name "spybot" by affiliates. Earlier versions of XoftSpy were also Ad-aware knockoffs. (There was clone of XoftSpy named SpyBurn, but that application is no longer available.)
Over the past few months, XoftSpy has taken aggressive steps to reign in its affiliates (who were primarily responsible for the unsavory advertising), revised its license text, and released a new version of XoftSpy (version 4.0) that addresses our concerns with false positves. Given these changes we can no longer regard XoftSpy as "rogue/suspect" anti-spyware.

That may explain why your other scans are not finding anything.

HijackThis is an advanced tool that requires advanced knowledge about the Windows Operating System. Most of the log entries are required to run a computer and removing essential ones can potentially cause serious damage such as your Internet no longer working or problems with running Windows itself.

HijackThis is an enumerator and similar in some respects to a registry editor program which displays areas of the Windows registry where the majority of Viruses, Trojans, Spyware, Adware, and Malware reside. HJT will scan certain areas of your system and then create a log to help diagnose the presence of undetected malware in these known hiding places. It then relies on experts to interpret the log entries and determine what needs to be fixed. If you do not have advanced knowledge about computers you should NOT fix anything using HijackThis without consulting a expert as to what to fix. If you choose to fix anything by yourself, you do so at your own risk.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users