Found a problem the first time

[daveholc]

On my first scan it found the problem I was having. The
problem came back after a restart and launching internet
explorer. I get a darn search bar on the bottom of the
screen. It will no longer find the problem and the bar
is back. Here are the results of the first scan.

Spyware Scan Details
Start Date: 1/27/2005 5:50:36 AM
End Date: 1/27/2005 5:57:20 AM
Total Time: 6 mins 44 secs

Detected Threats

CouponDeals Adware more information...
Details: CouponDeals is adware.
Status: Removed
Severe threat - Severe threats typically are remotely
exploitable vulnerabilities, which can lead to system
compromise. Successful exploitation does not normally
require any interaction and exploits are in the wild.
There exists a high possibility of potential system
damage or security flaw. Attacker has complete control
over your computer or install new software on your
machine.

Infected files detected
c:\windows\system32\cdlsp.dll


OmegaSearch Browser Hijacker more information...
Details: OmegaSearch may install 2 dozen files and
settings onto your computer without your content.
Status: Removed
Severe threat - Severe threats typically are remotely
exploitable vulnerabilities, which can lead to system
compromise. Successful exploitation does not normally
require any interaction and exploits are in the wild.
There exists a high possibility of potential system
damage or security flaw. Attacker has complete control
over your computer or install new software on your
machine.

Infected files detected
c:\Documents and Settings\Dave and Sandy\Application
Data\Skip The Debug\Gramamen.exe

Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Explorer\Browser Helper Objects\{9CF3AA02-B47D-F9AA-
C198-93BDCB2CAE4E}


SearchSquire Adware more information...
Details: SearchSquire is an Internet Explorer sidebar
containing paid links that open when you use search
engines.
Status: Removed
Elevated threat - Elevated threats are usually threats
that fall into the range of adware in which data about a
user's habits are tracked and sent back to a server for
analysis without your consent or knowledge.

Infected registry keys/values detected
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersio
n\Internet Settings\ZoneMap\Domains\searchsquire.com
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersio
n\Internet Settings\ZoneMap\Domains\searchsquire.com * 4


Detected Spyware Cookies

Any ideas or thoughts?

Dave

 

[Bill Sanderson]

Please do a Files, check for update to update definitions to the newest
available (5685), then restart in safe mode, and scan again.

 

[Guest]

Done, it did not find the toolbar. The bar is on the
bottom of the screen. It has a normal close window X on
the outside edge. When you click on the X it turns the
image into a ghost image....all whited out with the words
still there. Is very annoying as it covers the start
window untill you use a cntrl alt del function.

Dave

 

[DT]

The threat you have described is possibly from eZula Inc.
I know this is a MS spyware post however PestPetrol does
detect it. The registry entry is in
Remove AutoRun Reference:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersio
n\Run.
If you find the value
HKEY_CURRENT_USER\software\microsoft\windows\currentversion
\run\ezwo, delete it and reboot the machine immediately.
If you find the value
HKEY_CURRENT_USER\software\microsoft\windows\currentversion
\runonce web offer , delete it and reboot the machine
immediately.
If you find the value
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversio
n\run\sesync,
There is more information here
http://www.pestpatrol.com/PestInfo/e/ezula.asp
I do not personally run PestPetrol I use SpyBot/Ad-Aware
SE-Pro and MS Antispyware (beta). But have found
PestPetrol does find some items that the others do not
(and vis-a-vis).

 

[Bill Sanderson]

So at this point, Microsoft Antispyware sees your system as clean, with this
critter still in place?

If you can, please submit a tools, suspected spyware report from this
machine, describing the issue. This function may or may not work on your
system, however!

Check out the PestPatrol reference in the other response. It should have
manual removal instructions which may take care of this for you--let us
know.

If that fails, I'd recommend getting HijackThis, and posting a log file in
an appropriate forum.

A good place to get HijackThis and have the log analyzed is:

http://www.aumha.org/free.htm

click on HijackThis in the left column, and read the explanatory
material--there's a link in it to a forum to post the log, and a tutorial,
as well.



--
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.txt

Done, it did not find the toolbar. The bar is on the
bottom of the screen. It has a normal close window X on
the outside edge. When you click on the X it turns the
image into a ghost image....all whited out with the words
still there. Is very annoying as it covers the start
window untill you use a cntrl alt del function.

Dave

 

[Guest]

I am submitting a tools report. Pest Patrol does not
find this. I will try hijackthis as well.

Thanks,
Dave

-----Original Message-----
So at this point, Microsoft Antispyware sees your system as clean, with this
critter still in place?

If you can, please submit a tools, suspected spyware report from this
machine, describing the issue. This function may or may not work on your
system, however!

Check out the PestPatrol reference in the other response. It should have
manual removal instructions which may take care of this for you--let us
know.

If that fails, I'd recommend getting HijackThis, and posting a log file in
an appropriate forum.

A good place to get HijackThis and have the log analyzed is:

http://www.aumha.org/free.htm

click on HijackThis in the left column, and read the explanatory
material--there's a link in it to a forum to post the log, and a tutorial,
as well.

 

[Guest]

Unfortunately pest patrol did not catch it. That is why
I came here hopeing this software would.

Dave