Main Page 
PC Review
Forums
Newsgroups
Microsoft AntiSpyware
Spyware Discussion
Spyware missed by Microsoft found by SpySweeper
Forums
Newsgroups
Microsoft AntiSpyware
Spyware Discussion
Spyware missed by Microsoft found by SpySweeper
 |
Spyware missed by Microsoft found by SpySweeper |
|
|
Thread Tools | Rate Thread |
11-01-2005, 11:32 PM
|
#1 |
|
Guest
Posts: n/a
|
Spyware missed by Microsoft found by SpySweeper
FYI, this is a log from SpySweeper for spyware after a
full clean by Microsoft Antispy. 12:16 PM: Spy Sweeper 3.5.0 (Build 189) started 12:20 PM: Sweep initiated using definitions version 440 12:20 PM: Sweeping memory for threats. 12:20 PM: Memory sweep has completed. Elapsed time 00:00:15 12:20 PM: Registry sweep initiated. 12:20 PM: Found: 6 Attempted BHO registry traces. 12:21 PM: Found: 4 Popnav Hijacker registry traces. 12:21 PM: Found: 1 SideSearch registry traces. 12:21 PM: Found: 4 WebSearch Toolbar registry traces. 12:21 PM: Registry sweep completed. Elapsed time 00:00:38 12:21 PM: Full sweep on all local drives initiated. 12:21 PM: Now sweeping drive C: 12:21 PM: Found: SideSearch, version 1 12:21 PM: Found Trojan Horse: 2nd-thought, version 1, c:\documents and settings\ron\favorites\shopping\ebay.url 12:21 PM: Found Trojan Horse: 2nd-thought, version 1, c:\documents and settings\ron\favorites\shopping\walmart.url 12:21 PM: Found Trojan Horse: 2nd-thought, version 1, c:\documents and settings\tasha\favorites\shopping\ebay.url 12:21 PM: Found Cookie: Kount Cookie, version 1, c:\documents and settings\tasha\cookies\tasha@kount[1].txt 12:21 PM: Found Cookie: Adminder Cookie, version 1, c:\documents and settings\tasha\cookies\tasha@www.adminder [1].txt 12:21 PM: Found Cookie: fe.lea.lycos.com Cookie, version 1, c:\documents and settings\tasha\cookies\tasha@fe.lea.lycos[1].txt 12:21 PM: Found Cookie: Ask Cookie, version 1, c:\documents and settings\tasha\cookies\tasha@ask[1].txt 12:21 PM: Found Cookie: Callwave Cookie, version 1, c:\documents and settings\tasha\cookies\tasha@callwave [1].txt 12:21 PM: Found Trojan Horse: 2nd-thought, version 1, c:\documents and settings\tasha\favorites\shopping\walmart.url 12:22 PM: Found Trojan Horse: Internet Optimizer, version 1, c:\documents and settings\ron\local settings\temp\del24.tmp 12:26 PM: Found Trojan Horse: 2nd-thought, version 1, c:\program files\yahoo!\ypsr\quarantine\ppq21.tmp 12:26 PM: Found Trojan Horse: 2nd-thought, version 1, c:\program files\yahoo!\ypsr\quarantine\ppqa.tmp 12:26 PM: Found Trojan Horse: 2nd-thought, version 1, c:\program files\yahoo!\ypsr\quarantine\ppqba.tmp 12:26 PM: Found Adware: FunWebProducts, version 1, c:\windows\downloaded program files\f3initialsetup1.0.0.6.inf 12:26 PM: Found Adware: SearchAssistant nCase, version 1, c:\windows\180solutions\saap.log 12:27 PM: Found Adware: SearchAssistant nCase, version 1, c:\windows\aurl.dat 12:28 PM: Found: SearchAssistant nCase, version 1 12:28 PM: Found Adware: vx2 (Transponder), version 1, c:\windows\inf\polmx2.inf 12:28 PM: Found Adware: vx2 (Transponder), version 1, c:\windows\inf\biini.inf 12:28 PM: Found Adware: vx2 (Transponder), version 1, c:\windows\inf\belt.inf 12:30 PM: Found Adware: SearchAssistant nCase, version 1, c:\windows\system32\msbb\kyf.dat.old 12:30 PM: Found Adware: PortalSearching, version 1, c:\windows\system32\vbshell.tlb 12:31 PM: Found: 68 file traces. 12:31 PM: Full Sweep has completed. Elapsed time 00:10:32 56,130 files swept 83 item traces located 12:43 PM: Removal process initiated 12:43 PM: Quarantining: Adminder Cookie 12:43 PM: Cookie: c:\documents and settings\tasha\cookies\tasha@www.adminder[1].txt 12:43 PM: Quarantining: Ask Cookie 12:43 PM: Cookie: c:\documents and settings\tasha\cookies\tasha@ask[1].txt 12:43 PM: Quarantining: Callwave Cookie 12:43 PM: Cookie: c:\documents and settings\tasha\cookies\tasha@callwave[1].txt 12:43 PM: Quarantining: fe.lea.lycos.com Cookie 12:43 PM: Cookie: c:\documents and settings\tasha\cookies\tasha@fe.lea.lycos[1].txt 12:43 PM: Quarantining: Kount Cookie 12:43 PM: Cookie: c:\documents and settings\tasha\cookies\tasha@kount[1].txt 12:43 PM: Cleaning Traces 12:43 PM: Removing file: c:\documents and settings\tasha\cookies\tasha@kount[1].txt 12:43 PM: Removing file: c:\documents and settings\tasha\cookies\tasha@fe.lea.lycos[1].txt 12:43 PM: Removing file: c:\documents and settings\tasha\cookies\tasha@callwave[1].txt 12:43 PM: Removing file: c:\documents and settings\tasha\cookies\tasha@ask[1].txt 12:43 PM: Removing file: c:\documents and settings\tasha\cookies\tasha@www.adminder[1].txt 12:43 PM: Removal process completed. Elapsed time 00:00:01 5 items (5 traces) quarantined. 12:43 PM: Sweep initiated using definitions version 440 12:43 PM: Sweeping memory for threats. 12:44 PM: Memory sweep has completed. Elapsed time 00:00:13 12:44 PM: Registry sweep initiated. 12:44 PM: Found: 6 Attempted BHO registry traces. 12:44 PM: Found: 4 Popnav Hijacker registry traces. 12:44 PM: Found: 1 SideSearch registry traces. 12:44 PM: Found: 4 WebSearch Toolbar registry traces. 12:44 PM: Registry sweep completed. Elapsed time 00:00:33 12:44 PM: Full sweep on all local drives initiated. 12:44 PM: Now sweeping drive C: 12:44 PM: Found: SideSearch, version 1 12:44 PM: Found Trojan Horse: 2nd-thought, version 1, c:\documents and settings\ron\favorites\shopping\ebay.url 12:44 PM: Found Trojan Horse: 2nd-thought, version 1, c:\documents and settings\ron\favorites\shopping\walmart.url 12:44 PM: Found Trojan Horse: 2nd-thought, version 1, c:\documents and settings\tasha\favorites\shopping\walmart.url 12:44 PM: Found Trojan Horse: 2nd-thought, version 1, c:\documents and settings\tasha\favorites\shopping\ebay.url 12:44 PM: Found Trojan Horse: Internet Optimizer, version 1, c:\documents and settings\ron\local settings\temp\del24.tmp 12:48 PM: Found Trojan Horse: 2nd-thought, version 1, c:\program files\yahoo!\ypsr\quarantine\ppqa.tmp 12:48 PM: Found Trojan Horse: 2nd-thought, version 1, c:\program files\yahoo!\ypsr\quarantine\ppqba.tmp 12:48 PM: Found Trojan Horse: 2nd-thought, version 1, c:\program files\yahoo!\ypsr\quarantine\ppq21.tmp 12:48 PM: Found Adware: FunWebProducts, version 1, c:\windows\downloaded program files\f3initialsetup1.0.0.6.inf 12:48 PM: Found Adware: SearchAssistant nCase, version 1, c:\windows\180solutions\saap.log 12:48 PM: Found Adware: SearchAssistant nCase, version 1, c:\windows\aurl.dat 12:49 PM: Found: SearchAssistant nCase, version 1 12:49 PM: Found Adware: vx2 (Transponder), version 1, c:\windows\inf\polmx2.inf 12:49 PM: Found Adware: vx2 (Transponder), version 1, c:\windows\inf\biini.inf 12:49 PM: Found Adware: vx2 (Transponder), version 1, c:\windows\inf\belt.inf 12:49 PM: Found Adware: SearchAssistant nCase, version 1, c:\windows\system32\msbb\kyf.dat.old 12:50 PM: Found Adware: PortalSearching, version 1, c:\windows\system32\vbshell.tlb 12:50 PM: Found: 63 file traces. 12:50 PM: Full Sweep has completed. Elapsed time 00:06:42 56,128 files swept 78 item traces located |
|
|
12-01-2005, 04:07 AM
|
#2 |
|
Guest
Posts: n/a
|
Re: Spyware missed by Microsoft found by SpySweeper
Doug,
Nice report. Thanks. Meanwhile, let's consider that the current Beta1 does NOT go into the cookie jar. Ron Chamberlin MS-MVP "Doug" <anonymous@discussions.microsoft.com> wrote in message news:1d0f01c4f835$c086ee80$a501280a@phx.gbl... > FYI, this is a log from SpySweeper for spyware after a > full clean by Microsoft Antispy. > > 12:16 PM: Spy Sweeper 3.5.0 (Build 189) started > 12:20 PM: Sweep initiated using definitions version 440 > 12:20 PM: Sweeping memory for threats. > 12:20 PM: Memory sweep has completed. Elapsed time > 00:00:15 > 12:20 PM: Registry sweep initiated. > 12:20 PM: Found: 6 Attempted BHO registry traces. > 12:21 PM: Found: 4 Popnav Hijacker registry traces. > 12:21 PM: Found: 1 SideSearch registry traces. > 12:21 PM: Found: 4 WebSearch Toolbar registry traces. > 12:21 PM: Registry sweep completed. Elapsed time > 00:00:38 > 12:21 PM: Full sweep on all local drives initiated. > 12:21 PM: Now sweeping drive C: > 12:21 PM: Found: SideSearch, version 1 > 12:21 PM: Found Trojan Horse: 2nd-thought, version > 1, c:\documents and > settings\ron\favorites\shopping\ebay.url > 12:21 PM: Found Trojan Horse: 2nd-thought, version > 1, c:\documents and > settings\ron\favorites\shopping\walmart.url > 12:21 PM: Found Trojan Horse: 2nd-thought, version > 1, c:\documents and > settings\tasha\favorites\shopping\ebay.url > 12:21 PM: Found Cookie: Kount Cookie, version 1, > c:\documents and settings\tasha\cookies\tasha@kount[1].txt > 12:21 PM: Found Cookie: Adminder Cookie, version 1, > c:\documents and settings\tasha\cookies\tasha@www.adminder > [1].txt > 12:21 PM: Found Cookie: fe.lea.lycos.com Cookie, > version 1, c:\documents and > settings\tasha\cookies\tasha@fe.lea.lycos[1].txt > 12:21 PM: Found Cookie: Ask Cookie, version 1, > c:\documents and settings\tasha\cookies\tasha@ask[1].txt > 12:21 PM: Found Cookie: Callwave Cookie, version 1, > c:\documents and settings\tasha\cookies\tasha@callwave > [1].txt > 12:21 PM: Found Trojan Horse: 2nd-thought, version > 1, c:\documents and > settings\tasha\favorites\shopping\walmart.url > 12:22 PM: Found Trojan Horse: Internet Optimizer, > version 1, c:\documents and settings\ron\local > settings\temp\del24.tmp > 12:26 PM: Found Trojan Horse: 2nd-thought, version > 1, c:\program files\yahoo!\ypsr\quarantine\ppq21.tmp > 12:26 PM: Found Trojan Horse: 2nd-thought, version > 1, c:\program files\yahoo!\ypsr\quarantine\ppqa.tmp > 12:26 PM: Found Trojan Horse: 2nd-thought, version > 1, c:\program files\yahoo!\ypsr\quarantine\ppqba.tmp > 12:26 PM: Found Adware: FunWebProducts, version 1, > c:\windows\downloaded program > files\f3initialsetup1.0.0.6.inf > 12:26 PM: Found Adware: SearchAssistant nCase, > version 1, c:\windows\180solutions\saap.log > 12:27 PM: Found Adware: SearchAssistant nCase, > version 1, c:\windows\aurl.dat > 12:28 PM: Found: SearchAssistant nCase, version 1 > 12:28 PM: Found Adware: vx2 (Transponder), version > 1, c:\windows\inf\polmx2.inf > 12:28 PM: Found Adware: vx2 (Transponder), version > 1, c:\windows\inf\biini.inf > 12:28 PM: Found Adware: vx2 (Transponder), version > 1, c:\windows\inf\belt.inf > 12:30 PM: Found Adware: SearchAssistant nCase, > version 1, c:\windows\system32\msbb\kyf.dat.old > 12:30 PM: Found Adware: PortalSearching, version 1, > c:\windows\system32\vbshell.tlb > 12:31 PM: Found: 68 file traces. > 12:31 PM: Full Sweep has completed. Elapsed time > 00:10:32 > 56,130 files swept > 83 item traces located > 12:43 PM: Removal process initiated > 12:43 PM: Quarantining: Adminder Cookie > 12:43 PM: Cookie: c:\documents and > settings\tasha\cookies\tasha@www.adminder[1].txt > 12:43 PM: Quarantining: Ask Cookie > 12:43 PM: Cookie: c:\documents and > settings\tasha\cookies\tasha@ask[1].txt > 12:43 PM: Quarantining: Callwave Cookie > 12:43 PM: Cookie: c:\documents and > settings\tasha\cookies\tasha@callwave[1].txt > 12:43 PM: Quarantining: fe.lea.lycos.com Cookie > 12:43 PM: Cookie: c:\documents and > settings\tasha\cookies\tasha@fe.lea.lycos[1].txt > 12:43 PM: Quarantining: Kount Cookie > 12:43 PM: Cookie: c:\documents and > settings\tasha\cookies\tasha@kount[1].txt > 12:43 PM: Cleaning Traces > 12:43 PM: Removing file: c:\documents and > settings\tasha\cookies\tasha@kount[1].txt > 12:43 PM: Removing file: c:\documents and > settings\tasha\cookies\tasha@fe.lea.lycos[1].txt > 12:43 PM: Removing file: c:\documents and > settings\tasha\cookies\tasha@callwave[1].txt > 12:43 PM: Removing file: c:\documents and > settings\tasha\cookies\tasha@ask[1].txt > 12:43 PM: Removing file: c:\documents and > settings\tasha\cookies\tasha@www.adminder[1].txt > 12:43 PM: Removal process completed. Elapsed time > 00:00:01 > 5 items (5 traces) quarantined. > 12:43 PM: Sweep initiated using definitions version 440 > 12:43 PM: Sweeping memory for threats. > 12:44 PM: Memory sweep has completed. Elapsed time > 00:00:13 > 12:44 PM: Registry sweep initiated. > 12:44 PM: Found: 6 Attempted BHO registry traces. > 12:44 PM: Found: 4 Popnav Hijacker registry traces. > 12:44 PM: Found: 1 SideSearch registry traces. > 12:44 PM: Found: 4 WebSearch Toolbar registry traces. > 12:44 PM: Registry sweep completed. Elapsed time > 00:00:33 > 12:44 PM: Full sweep on all local drives initiated. > 12:44 PM: Now sweeping drive C: > 12:44 PM: Found: SideSearch, version 1 > 12:44 PM: Found Trojan Horse: 2nd-thought, version > 1, c:\documents and > settings\ron\favorites\shopping\ebay.url > 12:44 PM: Found Trojan Horse: 2nd-thought, version > 1, c:\documents and > settings\ron\favorites\shopping\walmart.url > 12:44 PM: Found Trojan Horse: 2nd-thought, version > 1, c:\documents and > settings\tasha\favorites\shopping\walmart.url > 12:44 PM: Found Trojan Horse: 2nd-thought, version > 1, c:\documents and > settings\tasha\favorites\shopping\ebay.url > 12:44 PM: Found Trojan Horse: Internet Optimizer, > version 1, c:\documents and settings\ron\local > settings\temp\del24.tmp > 12:48 PM: Found Trojan Horse: 2nd-thought, version > 1, c:\program files\yahoo!\ypsr\quarantine\ppqa.tmp > 12:48 PM: Found Trojan Horse: 2nd-thought, version > 1, c:\program files\yahoo!\ypsr\quarantine\ppqba.tmp > 12:48 PM: Found Trojan Horse: 2nd-thought, version > 1, c:\program files\yahoo!\ypsr\quarantine\ppq21.tmp > 12:48 PM: Found Adware: FunWebProducts, version 1, > c:\windows\downloaded program > files\f3initialsetup1.0.0.6.inf > 12:48 PM: Found Adware: SearchAssistant nCase, > version 1, c:\windows\180solutions\saap.log > 12:48 PM: Found Adware: SearchAssistant nCase, > version 1, c:\windows\aurl.dat > 12:49 PM: Found: SearchAssistant nCase, version 1 > 12:49 PM: Found Adware: vx2 (Transponder), version > 1, c:\windows\inf\polmx2.inf > 12:49 PM: Found Adware: vx2 (Transponder), version > 1, c:\windows\inf\biini.inf > 12:49 PM: Found Adware: vx2 (Transponder), version > 1, c:\windows\inf\belt.inf > 12:49 PM: Found Adware: SearchAssistant nCase, > version 1, c:\windows\system32\msbb\kyf.dat.old > 12:50 PM: Found Adware: PortalSearching, version 1, > c:\windows\system32\vbshell.tlb > 12:50 PM: Found: 63 file traces. > 12:50 PM: Full Sweep has completed. Elapsed time > 00:06:42 > 56,128 files swept > 78 item traces located > > |
|
|
|
12-01-2005, 03:37 PM
|
#3 |
|
Guest
Posts: n/a
|
Re: Spyware missed by Microsoft found by SpySweeper
> Nice report. Thanks. Meanwhile, let's consider that the current Beta1 does
> NOT go into the cookie jar. > > Ron Chamberlin > MS-MVP Indeed, I was more interested in the non-cookie files. The was one file in particular that bothered me: "12:26 PM: Found Adware: FunWebProducts, version 1, c:\windows\downloaded program files\f3initialsetup1.0.0.6.inf" I had to use a command prompt and do a "dir" to see this file, as it was hidden when viewed through Explorer even after turning on hidden and system files There is also a false positive in Spy Sweeper's log. A file used and needed by JavaCool's SpyWareGuard: 12:50 PM: Found Adware: PortalSearching, version 1, c:\windows\system32\vbshell.tlb Everything else was a trace of spyware already removed. Registry entries and log files. So far I am very happy with this new Microsoft offering and am glad they chose to buy the best antispyware out there to make their own and provide to us. I have it running on six systems now, all XP, with no system problems and only minor issues. (please see my post on the Huntbar trying to reinstall occasionally) Thanks, Doug PS. As mentioned over and over, never take the spyware scans at face value from any antispyware program. Always check and verify the files that are about to be deleted. Google is your friend! |
|
|
|
|
| Thread Tools | |
| Rate This Thread | |
|
|
