Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spywareguard Browser Protection Alert


  • Please log in to reply
9 replies to this topic

#1 Wendy K. Walker

Wendy K. Walker

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:09:34 AM

Posted 26 November 2006 - 07:50 PM

Hello Everybody,

I've started getting an alert message from SpyWareGuard, every time that I restart my PC, about a BHO being added.

The BHO is {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}, and is called MoneySide.BrowserHelperObject.10. The file that it wants to instal into is located at;
C:\Program Files\Microsoft MoneySystem\mnyviewer.dll

By question is; is this something evil? I have never used MS Money, and I find it curious that all of a sudden a BHO starts wanting to add its self to a program that I never use.

I'm running Windows XP SP2, and using IE 6

Thanks for any help,
Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:05:34 AM

Posted 26 November 2006 - 08:39 PM

Block it!!! You don't want it and you didn't ask for it - that's enough reason to block it's silly a**!
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:09:34 AM

Posted 26 November 2006 - 08:48 PM

Hi usasma,

Thanks, not to worry I don't intend to let it stay, however, I would like to know what the heck its supposed to be for, and why it has started popping up like that.

I mean if its a trojan/virus/adware/spyware type thingy I want to know how to get whatever it is that keeps throwing it up like that plumb off of my PC.

So you have any idea what it is? Or what its supposed to do? Or why it wants to get its self attached to a program that I never use?

How did it get into my system?

Thanks,
Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:05:34 AM

Posted 26 November 2006 - 09:03 PM

Just FYI - SpywareBlaster has a facility where you can look up the CLSID (that long number with the dashes surrounded by the {}'s)

A google for the CLSID and for the dll say that it's most likely a BHO from Microsoft Money. It is very curious that you've never used Money yet it wants to startup on it's own. I'd be very cautious and continue to do scans to see if any updates are able to pin it down further. Could be a new "baddie" that hasn't been added to the detection routines yet.

I wouldn't get rid of it yet - but would leave it for a while to see if any new detection updates can assess it. Then, you can start by uninstalling Money from your system (even if it's only a trial version). If that don't stop it - then we can try other things.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#5 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:09:34 AM

Posted 26 November 2006 - 09:21 PM

Hi usasma.

Hey, I have SpyWareBlaster installed on my PC but I can't find what you're talking about where I can look up those CLSID thingys, do I have to like go to their home page or something?

I'm not going to get rid of it yet, I'll just deny it access for now. I think that the MS Money thing is whatever came preloaded in the PC. I don't think I've even ever opened it to look at it.

Thanks for your advice, if you come up with anything else please pass it on to me OK?

Thanks,
Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#6 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:05:34 AM

Posted 26 November 2006 - 09:22 PM

I'm installing SpywareBlaster now - back in a sec.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#7 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:05:34 AM

Posted 26 November 2006 - 09:28 PM

In SpywareBlaster, click on the Internet Explorer tab. Then right click on the list below it, select "Find" and then enter the CLSID in the popup window. In this case, SpywareBlaster doesn't recognize it as a threat.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#8 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:04:34 AM

Posted 26 November 2006 - 09:36 PM

Well, this is the third thread for problems I think are related.

http://www.bleepingcomputer.com/forums/t/73380/spybot-alert/

Pick one and I will try to merge them and then lets continue.

What I think you need to do is temporarilly shut down Spybot and Spywareguard and run a Windows One Care Free Scan

Go to Windows Live Onecare Free Scan (using Windows Explorer only)
It will say "Get a free PC safety scan"
http://safety.live.com/site/en-us/default.htm

Make sure you click "Full Service Scan" in the middle of the page and
not the "Try It Now Free" on the right side.

Allow it to download the Active X components.
Choose "Complete Scan" in the window that opens
Click "Next"
Do not click on anything else that offers you a free trial or to sign up if you live in the US.

Allow it to scan - it may take quite, maybe two hours or so depending on how big your hard drive is and how fragmented your registry and drive are.


I think we have a situation where you have an infection of some type (the BHO and ?) and the Aps are making things confusing by issuing alerts although not necessarilly for the same things.

So shut down the anti-malware aps (leave the anti-virus ap ON) you have running and run the Windows scan.

#9 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:09:34 AM

Posted 26 November 2006 - 11:02 PM

Hi Enthusiast,

Sorry about opening so many threads but I thought that was the way that it was supposed to have done it. OK, I closed SpyBot S&D, but SpywareGuard kept asking for a password so I had to get into safe mode and delete everything from within its folder.

Shoot, I don't remember ever having set a password for it either. I'm running that scanner thing right now. Am I supposed to post some results here when it finishes?

I hope that that BHO thing wasn't able to attatch its self anywhere because I had deleted SpywareGuard.

Hi usasma,

Thanks for the tip. I did what you said to see how it worked, so now I know how to do it in the future should I need to.

Thanks Guys,
Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#10 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:09:34 AM

Posted 27 November 2006 - 03:44 PM

Hi Enthusiast,

OK I followed that link, ran the program, and let it do its thing all the way through including defraging my hard drive. Then I went to the malware forum, and started following their instructions.

After updating adaware-se, and SpyBot S&D I went into safe mode, and ran both of those things. adaware only found one nasty data mining tracking cookie, SpyBot found nothing. I also ran stng260.exe, and it didn't find anything either.

Now I'm afraid that that BHO thing might have been allowed to attach its self to the MS money thing because after I turned spywareguard off and restarted my PC I haven't gotten that notice again.

I have now downloaded, and reinstalled spywareguard, and turned tea timer back on. I've also downloaded, and installed the Google toolbar five or six more times only to have it delete its self just as fast as I started IE.

Now it doesn't even show up on the IE when I start a fresh one. I dug through SpyBot but didn't find anything that had to do with Google at all.

What the heck to do next?

Thanks,
Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users