Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Scanned An Infected Harddrive With Four Different Anti-spyware Products.


  • Please log in to reply
8 replies to this topic

#1 simALITY

simALITY

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:15 PM

Posted 24 June 2007 - 07:28 PM

This past weekend I took a harddrive that I knew was infected with several serious pieces of spyware and scanned it with Adaware, PestPatrol, Spybot Search and Destroy, and SUPERAntiSpyware. I did not (and for that matter have not) allowed any of the scanners to clean any of their findings because I wanted to see which one was the most effected. The results were somewhat surprising.
The HDD involved has 20GBs. It had been partitioned into three FAT32 drives. On my computer, these drives were labeled F; G; and H. Where possible, I instructed the scanners to run complete scans on those three drives only. Spybot was the only that did not allow me that option.

Below is an abridged version of their logs:

Ad-Aware
References detected during the scan:

180Solutions(TAC index:4):2 total references
BargainBuddy(TAC index:8):10 total references
Coulomb Dialer(TAC index:5):1 total references
ExactSearchBar(TAC index:5):1 total references
EzuLa(TAC index:6):1 total references
IPInsight(TAC index:7):2 total references
MRU List(TAC index:0):32 total references
NetPal(TAC index:9):1 total references
SecondThought(TAC index:4):1 total references
Tracking Cookie(TAC index:3):254 total references
VX2(TAC index:10):1 total references


Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file






Pest Patrol


6/23/2007-9:35:32 PM Detected BargainBuddy Adware File "F:\Program Files\Bargain Buddy\bin2\bargains.exe" 771389979
6/23/2007-9:35:32 PM Detected BargainBuddy Adware File "F:\Program Files\Bargain Buddy\bin2\apuc.dll" 1056439035
6/23/2007-9:35:32 PM Detected BargainBuddy Adware File "F:\Program Files\Bargain Buddy\bin2\cb.exe" 1769989599
6/23/2007-9:35:32 PM Detected BargainBuddy Adware File "F:\Program Files\Bargain Buddy\uninst.exe" -967435724
6/23/2007-9:28:20 PM Detected CBrowser DLL Trojan File "F:\WINDOWS\SYSTEM\Cbrowser.dll" -1333446962
6/23/2007-9:28:08 PM Detected Cydoor Adware File "F:\WINDOWS\SYSTEM\netpal.dll" -1611908437
6/23/2007-9:28:25 PM Detected Cydoor Adware File "F:\WINDOWS\SYSTEM\kernellos.dll" -433817717
6/23/2007-9:27:35 PM Detected LowerMyBills.com Tracking Cookie Cookie "owner@www.lowermybills[2].txt" File "C:\Documents and Settings\Owner\Cookies\owner@www.lowermybills[2].txt" 1437546603
6/23/2007-9:29:24 PM Detected Morpheus 2.0 P2P File "F:\WINDOWS\TEMP\Sentry.exe" 847640671
6/23/2007-9:33:44 PM Detected Morpheus 2.0 P2P File "F:\WINDOWS\SENTRY.EXE" 847640671
6/23/2007-9:35:12 PM Detected MySearch Toolbar File "F:\Program Files\MySearch\bar\1.bin\MYSEARCHPLUGINPROXY.CLASS" 628762657
6/23/2007-9:29:24 PM Detected NCase Hijacker File "F:\WINDOWS\TEMP\Del9070.TMP" 1307101416
6/23/2007-9:29:24 PM Detected PeopleOnPage.AproposMedia Hijacker File "F:\WINDOWS\TEMP\acsdir.dll" -90770945
6/23/2007-9:29:24 PM Detected PeopleOnPage.AproposMedia Hijacker File "F:\WINDOWS\TEMP\write_ph.dll" -1967467259
6/23/2007-9:33:41 PM Detected Respondmiter Adware File "F:\WINDOWS\VX2.dll" -754079132
6/23/2007-9:27:33 PM Detected Tools.Nirsoft Misc Tool Key "hkey_current_user \software\nirsoft\produkey" -1
***End Report***
eTrust PestPatrol Log Report
This report was generated on: 6/24/2007-7:20:26 PM



SUPERAntiSpyware
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/24/2007 at 06:56 PM

Application Version : 3.8.1002

Core Rules Database Version : 3260
Trace Rules Database Version: 1271

Scan type : Quick Scan
Total Scan Time : 00:18:34

Memory items scanned : 433
Memory threats detected : 0
Registry items scanned : 656
Registry threats detected : 0
File items scanned : 13208
File threats detected : 284

Adware.Tracking Cookie
[270 cookies]

Adware.Netpal
F:\WINDOWS\SYSTEM\NETPAL.DLL

Adware.MyWay
F:\WINDOWS\SYSTEM\XCITE.DLL

Adware.180solutions/Search Assistant
F:\WINDOWS\TEMP\DEL9070.TMP

Adware.BargainBuddy
F:\PROGRAM FILES\BARGAIN BUDDY\BIN\BARGAINS.EXE
F:\PROGRAM FILES\BARGAIN BUDDY\BIN2\BARGAINS.EXE

Adware.eXact Advertising
F:\PROGRAM FILES\BARGAIN BUDDY\BIN2\CB.EXE


SpyBot Search and Destroy


--- Search result list ---
Common Dialogs: History (143 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log

Log: Activity: ntbtlog.txt (Backup file, nothing done)
C:\WINDOWS\ntbtlog.txt

Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log

Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log

Log: Install: setupact.log (Backup file, nothing done)
C:\WINDOWS\setupact.log

Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log

Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\mofcomp.log

Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log

Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiadap.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

Cookie: Cookie (249) (Cookie, nothing done)
Cache: Cache (364) (Cache, nothing done)
Cookie: Cookie (42) (Cookie, nothing done)
Congratulations!: No immediate threats were found. ()



Please note that I'm not asking for with cleaning this drive up. But I am wondering why Spybot didn't pick anything up where all the other scanners did.

BC AdBot (Login to Remove)

 


m

#2 pip22

pip22

  • Banned
  • 341 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:15 PM

Posted 25 June 2007 - 10:13 AM

PestPatrol and SuperAntiSpyware both found most if not all of your malware on drive F:
Perhaps Spybot checked only drive C: That alone would account for the different results.

#3 ItWouldRuin

ItWouldRuin

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 25 June 2007 - 01:36 PM

Maybe Spybot isn't as good as Petrol and SuperAntispyware ...

#4 simALITY

simALITY
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:15 PM

Posted 25 June 2007 - 09:49 PM

Maybe Spybot isn't as good as Petrol and SuperAntispyware ...


That's what I figure. Thing is, Spybot is supposed to be one of the best out there. It is, afterall, one of the scans we are supposed to run before we post a log onto the HJT forum.

#5 simALITY

simALITY
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:15 PM

Posted 25 June 2007 - 09:56 PM

PestPatrol and SuperAntiSpyware both found most if not all of your malware on drive F:

Pest Patrol missed most of the cookies and a lot of the pests. Where Adaware found 10 instances of Bargain Buddy, Pest Patrol only found four. Pest Patrol also missed the dialer and VX10.

All of the scanners missed Bonzi Buddy.


Perhaps Spybot checked only drive C: That alone would account for the different results.


True enough, but I'm surprised that Spybot would do that.

I thought a lot more highly of Spybot before this.

#6 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:05:15 PM

Posted 26 June 2007 - 07:29 AM

This reinforces the need for more than one antispyware program.
Each will pick up things another one did not.

#7 ItWouldRuin

ItWouldRuin

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 26 June 2007 - 10:43 AM

I think that Spybot is a weak program against spyware, not that good but pretty good ...

Queen Evie, I'm pretty sure it exist malware that may hide from all Antimalware tools.
I mean, look at Blue Pill ...

#8 SpySentinel

SpySentinel

  • Staff Emeritus
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:05:15 PM

Posted 26 June 2007 - 02:52 PM

Even Paid for AntiSpyware Programs that are really good can't catch everything.
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.

#9 ItWouldRuin

ItWouldRuin

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 27 June 2007 - 09:07 AM

Even Paid for AntiSpyware Programs that are really good can't catch everything.


Yeah, but Spyware Doctor does come pretty close! :thumbsup:
I guess it's better to have three free antispyware tools than one antispyware tool you've got to pay for?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users