Spybot has met his match.

View previous topic View next topic Go down

Spybot has met his match.

Post by robear91 on 30th October 2013, 5:08 am




<--- Apparently, I'm a fetus.

Hello, GeekPolice <33 I'm having some computer trouble, and I think it's piece of stubborn malware. You guys are the best, so I am requesting your assistance.

I am running Windows Vista on a Dell destop. I have this bug that disabled AVG and is giving Spybot - Search and Destroy a hard time scanning for malware. I did a complete reformat of my computer and AVG is working fine. I did a full scan and it reported that there were no infections.

The problems with Spybot are still persisting. I've ran Spybot in safemode after the reformat, and it's still doing the same thing. A prompt pops up 36 times, all saying the same thing:


You have tried to delete or modify C:\Program Files\Spybot - Search & Destroy 2

\blindman.exe
\borlndmm.dll
\DEC150.bpl
\explorer.exe
\Jcl150
\JSDialogPack150.bpl
\libeay32.dll
\libssl32.dll
\LSFZOWFYUJ.scr
\MSDULUAYGER.scr
\rtl150.bpl
\SDAdvancedCheckLibrary.dll
\SDAV.dll
\SDBootCD.exe
\SDCleaner.exe
\SDDelFile.exe
\SDECon.dll
\SDEvents.dll
\SDFiles.exe
\SDFileScanHelper.exe
\SDFileScanLibrary.dll
\SDFSSvc.exe
\SDHook32.dll
\SDHookHelper.exe
\SDHooklnst32.exe
\SDImmunize.exe
\SDImmunizeLibrary.dll
\SDLicense.dll
\SDLists.dll
\SDLogReport.exe
\SDOnAccess.exe
\SDPESetup.exe
\SDPEStart.exe
\SDPhoneScan.exe

This file was signed by Safer-Networking Ltd...To avoid manipulation of Spybot - Search and Destroy through malware, we block access to these files in modules that are capable of deleting them.


A Windows prompt pops up shortly after:

Spybot-S&D 2 SCanner Service stopped working and was closed

A problem cause the application to stop working correctly. Windows will notify you if a solution is available.


Here is my log for AdwCleaner:

# AdwCleaner v3.010 - Report created 30/10/2013 at 00:28:25
# Updated 20/10/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Robin - ROBIN-PC
# Running from : C:\Users\Robin\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater17.0.12

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKLM\Software\AVG Security Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6002.18005


-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\9h401940.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [4053 octets] - [30/10/2013 00:26:51]
AdwCleaner[S0].txt - [4054 octets] - [30/10/2013 00:28:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4114 octets] ##########


The logs for Security Check:


Results of screen317's Security Check version 0.99.75  
Windows Vista Service Pack 2 x86 (UAC is enabled)  
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!  
AVG AntiVirus 2014  
Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300  
Java 7 Update 45  
Mozilla Firefox (25.0)
````````Process Check: objlist.exe by Laurent````````  
Malwarebytes Anti-Malware mbamservice.exe  
Malwarebytes Anti-Malware mbamgui.exe  
Malwarebytes Anti-Malware mbam.exe  
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


Malware Bytes is currently running as we speak. Any of your input would be highly appreciated.

robear91
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2013-10-30
Gender Gender : Female
OS OS : Windows Vista
Points Points : 11394
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Spybot has met his match.

Post by robear91 on 30th October 2013, 5:25 am

Malwarebytes has completed scanning, with one infected file found and removed.

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
[You must be registered and logged in to see this link.]

Database version: v2013.10.30.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Robin :: ROBIN-PC [administrator]

Protection: Enabled

10/30/2013 12:35:10 AM
mbam-log-2013-10-30 (00-35-10).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 354007
Time elapsed: 50 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Offercast2802_PCD_.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.

(end)

robear91
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2013-10-30
Gender Gender : Female
OS OS : Windows Vista
Points Points : 11394
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Spybot has met his match.

Post by Superdave on 30th October 2013, 7:09 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
I did a complete reformat of my computer and AVG is working fine. I did a full scan and it reported that there were no infections.
If you actually did a compete re-format, your computer should be clean. Spybot is an old scanner and doesn't protect against modern-day infections. I removed it from my computer about one year ago. You would be better off running MBAM and AdwCleaner once a week.
Total Fragmentation on Drive C: 5 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
Please defrag your harddrive soon. (SSD means Solid State Drive) If you need help with this, please let me know.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Spybot has met his match.

Post by robear91 on 31st October 2013, 6:58 am

I was starting to suspect a software issue. It just looked like Spybot was being attacked that made me jump to the reformat. My computer is set up to defrag on a schedule, but I might have to reset that since the computer was reformatted. Thanks for your time, even though I feel like I wasted it lol...

robear91
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2013-10-30
Gender Gender : Female
OS OS : Windows Vista
Points Points : 11394
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Spybot has met his match.

Post by Superdave on 31st October 2013, 6:47 pm

[You must be registered and logged in to see this link.] wrote:I was starting to suspect a software issue. It just looked like Spybot was being attacked that made me jump to the reformat. My computer is set up to defrag on a schedule, but I might have to reset that since the computer was reformatted. Thanks for your time, even though I feel like I wasted it lol...
Not a problem.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83211
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum