Spyware Not Detected??? Submit a Suspected Spyware Report

  • Thread starter Steve Dodson [MSFT]
  • Start date
S

Steve Dodson [MSFT]

Spyware is a cat and mouse game. As soon as we fix one problem, another one
is sure to follow. If you have a new piece of spyware, please help us create
new signatures by submitting a suspected spyware report. This is a very easy
task and allows us to make the product better with each signature release.

Steps to take if you have spyware that is not removed by Microsoft Windows
AntiSpyware (beta)
1) Open up AntiSpyware
2) Click Tools at the top
3) Click "Submit a Suspected Spyware Report"
4) Fill out the form with as much detail so we can analyze quickly

By doing these steps before trying something new, you make the product
better.

Thanks again for testing the beta!!!!

--
-steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security

--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.
 
E

Eddy

Hi Steve,

Trying to submit a report I get error message "An error
occurred submitting the scan results. Please check
Internet proxy setting and try again".

Any idea/suggestion?

Thanks

Regards

Eddy

PS - Using Win2000 professional and Broadband is already
connected and running OK

PSS - Was trying to report that Lavasoft's Ad-aware was
executed immediately after AntiSpyware (after rebooting)
and further 8 processess were detected (AntiSpyware found
2 processes)
 
R

Ron Kinner

Are you guys having any luck with the big three?

VX2

CoolWebSearch

about:blank?

I wouldn't go out of Beta until AntiSpy can zap all three
of them on one pass.

Ron
 
B

Bill Sanderson

I wouldn't bet on the one pass idea, but maybe. I know it can do some VX2
variants, but have only tested one or two.

If you give me a note offline (remove the last two terms from the email)
with sources for a test version of each bug--I can test this with a VPC.

I'm rather inclined to wait for either a beta refresh or beta2 to do this
kind of testing, though.
 
J

Justyn

Dear Ron

Dear Ron, Bob Chamberlain said you would be able to help
with problems I'm having with an adware that evades
detection. My homepage is altered constantly to find-more
as you can see. I've noticed I've got C-Dilla in system32
but I've read this is connected to abby finereader so I
didn't want to try and remove it until am sure its causing
the problems. Thanks in advance if you can help. The
hijack log is:

Logfile of HijackThis v1.99.1
Scan saved at 10:55:54, on 07/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adaptec\Easy CD Creator 5
\DirectCD\DirectCD.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-
gb\msnappau.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\mstask.exe
C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0
SE\CalCheck.exe
C:\WINDOWS\twain_32\B12U12K\WATCH.exe
C:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.find-more.net/sp.htm
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar = http://www.find-more.net/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Page = http://www.find-more.net/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.find-everything.com/index.htm
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet
Explorer\Search,SearchAssistant = www.google.com
R1 - HKCU\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch = www.google.com
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant = http://www.find-
more.net/sp.htm
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,
(Default) = http://www.find-more.net/index.htm
R1 - HKCU\Software\Microsoft\Internet
Explorer\SearchURL,SearchURL = http://www.find-
more.net/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local
Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local
Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Connection
Wizard,ShellNext = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window
Title = Microsoft Internet Explorer provided by Freeserve
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-
7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1
\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} -
C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-
xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-
64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN
Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-
64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN
Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-
0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1
\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program
Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN
Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1
\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1
\avgemc.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program
Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program
Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run:
[AutoLoader2spz1JSgMYXN] "C:\WINDOWS\system32
\lcpfile.exe" /HideDir /HideUninstall /PC="CP.CDT4" /ShowLe
galNote="nonbranded"
O4 - HKLM\..\Run: [2F6P37P] lcpfile.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32
\msmsgs.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!
\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ANONYMIZER_SPYWAREKILLER] C:\Program
Files\Anonymizer\Anti-Spyware\AnonAntiSpyware.exe /BOOT
O4 - HKCU\..\Run: [mstask] C:\WINDOWS\system32\mstask.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program
Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program
Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar
Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo
Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32
\B12U12K\WATCH.exe
O8 - Extra context menu item: Send To &Bluetooth -
C:\Program Files\Sitecom\Bluetooth
Software\btsendto_ie_ctx.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-
00010333D0AD} - C:\Program Files\Yahoo!
\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-
4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!
\Messenger\yhexbmes0521.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-
9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth
Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-
C863-46ef-9331-5C8D4460577F} - C:\Program
Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-
F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra button: Medion-UK - {98296527-3BF1-44B8-A3A5-
FA9848DA5C40} - http://www.medion.co.uk (file missing)
(HKCU)
O9 - Extra button: Microsoft AntiSpyware helper -
{D3BDABBE-C546-48B2-A17C-17D73A857861} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper -
{D3BDABBE-C546-48B2-A17C-17D73A857861} - (no file) (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet
Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows
Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst
20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls
/en/x86/client/wuweb_site.cab?1111602301840
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.c
ab31267.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876}
(Anonymizer Anti-Spyware Scanner) -
http://download.zonelabs.com/bin/promotions/spywaredetector
/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/msnmessengersetupdownload
er.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo!
Toolbar) -
http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yie
bio4025.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom
Class) - http://www.zoomify.com/download/zoomify305.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA53E4BA-7845-
4783-A8C4-77BDC5E17593}: NameServer = 80.225.250.178
80.225.250.186
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -
GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT,
s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM,
Inc. - C:\Program Files\Sitecom\Bluetooth
Software\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd -
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: IMAPI CD-Burning COM Service
(ImapiService) - Roxio Inc. - C:\WINDOWS\System32
\ImapiRox.exe
O23 - Service: iPod Service (iPodService) - Apple
Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) -
NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: UStorage Server Service - OTi -
C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone
Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


..
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top