registry question

  • Thread starter Thread starter L.
  • Start date Start date
L

L.

Winxp(home).
Somehow I picked up an entry in Reg. that I can't get rid of. Zone Alarm
actually found it.

It's a 180search assistant located at; RegistryKey:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED1}\0000
and every time I reboot it keeps coming back even though I have ZA
quarantine and/or delete it.
Did a google search and it's not all through my system, as far as I can
tell. I searched for other files it's suppose to have with it and nothing
shows up.

Can anyone direct me to fix.
It's on 3 of my 4 systems. Not sure where/how I got it or if I should even
be worried about it.

Help and thanks,

L.
 
From: "L." <[email protected]>

| Winxp(home).
| Somehow I picked up an entry in Reg. that I can't get rid of. Zone Alarm
| actually found it.
|
| It's a 180search assistant located at; RegistryKey:
| HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED
| 1}\0000 and every time I reboot it keeps coming back even though I have ZA
| quarantine and/or delete it.
| Did a google search and it's not all through my system, as far as I can
| tell. I searched for other files it's suppose to have with it and nothing
| shows up.
|
| Can anyone direct me to fix.
| It's on 3 of my 4 systems. Not sure where/how I got it or if I should even
| be worried about it.
|
| Help and thanks,
|
| L.
|



If you are using any version of Sun Java that is prior to JRE Version 6.0,
then you are strongly urged to remove any/all versions.
There are numerous vulnerabilities in them and they are actively being exploited.

It is highly suggested that you update to the latest version which is Sun Java JRE/JSE
Version 6.0

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version.

Such as...
C:\Program Files\Java\jre1.6.0

http://java.sun.com/javase/downloads/index.jsp
http://www.java.com/en/download/manual.jsp

FYI:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1



For non-viral malware...

Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/
http://www.lavasoft.de/ms/index.htm

* SpyBot Search and Destroy v1.4
http://security.kolla.de/
http://www.safer-networking.org/microsoft.en.html

* SuperAntiSpyware
http://www.superantispyware.com/superantispywarefreevspro.html

After the software is updated, I suggest scanning the system in Safe Mode.


For viral malware...

* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *
 
Comment and ??

I have in C:/PF/Java 2x folders. jre1.50_07 & xxx09.
To get started-How do I delete/uninstall them?
Went to CP- "add/remove programs" and I don't see where/how to uninstall.

L.



David H. Lipman said:
From: "L." <[email protected]>

| Winxp(home).
| Somehow I picked up an entry in Reg. that I can't get rid of. Zone
Alarm
| actually found it.
|
| It's a 180search assistant located at; RegistryKey:
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED
| 1}\0000 and every time I reboot it keeps coming back even though I have
ZA
| quarantine and/or delete it.
| Did a google search and it's not all through my system, as far as I can
| tell. I searched for other files it's suppose to have with it and
nothing
| shows up.
|
| Can anyone direct me to fix.
| It's on 3 of my 4 systems. Not sure where/how I got it or if I should
even
| be worried about it.
|
| Help and thanks,
|
| L.
|



If you are using any version of Sun Java that is prior to JRE Version 6.0,
then you are strongly urged to remove any/all versions.
There are numerous vulnerabilities in them and they are actively being
exploited.

It is highly suggested that you update to the latest version which is Sun
Java JRE/JSE
Version 6.0

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version.

Such as...
C:\Program Files\Java\jre1.6.0

http://java.sun.com/javase/downloads/index.jsp
http://www.java.com/en/download/manual.jsp

FYI:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1



For non-viral malware...

Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/
http://www.lavasoft.de/ms/index.htm

* SpyBot Search and Destroy v1.4
http://security.kolla.de/
http://www.safer-networking.org/microsoft.en.html

* SuperAntiSpyware
http://www.superantispyware.com/superantispywarefreevspro.html

After the software is updated, I suggest scanning the system in Safe Mode.


For viral malware...

* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to
go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in
Normal Mode.
This way all the components can be downloaded from each AV vendor's web
site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and
Reboot the PC.

You can choose to go to each menu item and just download the needed files
or you can
download the files and perform a scan in Normal Mode. Once you have
downloaded the files
needed for each scanner you want to use, you should reboot the PC into
Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want
to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal
Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *
Click to expand...
 
Never mind- found it. J2SE Runtime Exxxxxx update 7 & 9.

Should I uninstall these before or after installing 6.0?




L. said:
Comment and ??

I have in C:/PF/Java 2x folders. jre1.50_07 & xxx09.
To get started-How do I delete/uninstall them?
Went to CP- "add/remove programs" and I don't see where/how to uninstall.

L.



David H. Lipman said:
From: "L." <[email protected]>

| Winxp(home).
| Somehow I picked up an entry in Reg. that I can't get rid of. Zone
Alarm
| actually found it.
|
| It's a 180search assistant located at; RegistryKey:
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED
| 1}\0000 and every time I reboot it keeps coming back even though I have
ZA
| quarantine and/or delete it.
| Did a google search and it's not all through my system, as far as I can
| tell. I searched for other files it's suppose to have with it and
nothing
| shows up.
|
| Can anyone direct me to fix.
| It's on 3 of my 4 systems. Not sure where/how I got it or if I should
even
| be worried about it.
|
| Help and thanks,
|
| L.
|



If you are using any version of Sun Java that is prior to JRE Version
6.0,
then you are strongly urged to remove any/all versions.
There are numerous vulnerabilities in them and they are actively being
exploited.

It is highly suggested that you update to the latest version which is Sun
Java JRE/JSE
Version 6.0

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version.

Such as...
C:\Program Files\Java\jre1.6.0

http://java.sun.com/javase/downloads/index.jsp
http://www.java.com/en/download/manual.jsp

FYI:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1



For non-viral malware...

Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/
http://www.lavasoft.de/ms/index.htm

* SpyBot Search and Destroy v1.4
http://security.kolla.de/
http://www.safer-networking.org/microsoft.en.html

* SuperAntiSpyware
http://www.superantispyware.com/superantispywarefreevspro.html

After the software is updated, I suggest scanning the system in Safe
Mode.


For viral malware...

* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to
go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in
C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in
Normal Mode.
This way all the components can be downloaded from each AV vendor's web
site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and
Reboot the PC.

You can choose to go to each menu item and just download the needed files
or you can
download the files and perform a scan in Normal Mode. Once you have
downloaded the files
needed for each scanner you want to use, you should reboot the PC into
Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want
to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal
Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *
Click to expand...
Click to expand...
 
Thanks. I take it the Yes is to uninstall first. :)

Will follow your instructions.
Do have Ad-aware and SpyBot, neither found "problem" only Zone Alarm and
just the one entry in Reg.
 
From: "L." <[email protected]>

| Thanks. I take it the Yes is to uninstall first. :)
|
| Will follow your instructions.
| Do have Ad-aware and SpyBot, neither found "problem" only Zone Alarm and
| just the one entry in Reg.
|

Please try SuperAntiSpayware.
 
Ok, tried SuperAnti--- and still no luck finding the Reg. entry.
It did find a couple of tracking cookies that Spybot and Ad-aware didn't but
nothing is finding the "180search assistant" except Zone Alarm.

Someone else said that ZA is not a great spyware program and it may just be
a glitch with ZA. Since I don't have the full program 180search Assis.
showing up anywhere, "don't worry about it". Also, there must be a .dll that
keeps replacing the reg. entry
(HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED1}\0000
) on restarts.

Your thoughts please,
 
From: "L." <[email protected]>

| Ok, tried SuperAnti--- and still no luck finding the Reg. entry.
| It did find a couple of tracking cookies that Spybot and Ad-aware didn't but
| nothing is finding the "180search assistant" except Zone Alarm.
|
| Someone else said that ZA is not a great spyware program and it may just be
| a glitch with ZA. Since I don't have the full program 180search Assis.
| showing up anywhere, "don't worry about it". Also, there must be a .dll that
| keeps replacing the reg. entry
| (HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753E
| D1}\0000 ) on restarts.
|
| Your thoughts please,


The CSLID -- {8ECC055D-047F-11D1-A537-0000F8753ED1} is associated with malware.

One last shot...

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *
 
Last update.
FYI- As I stated earlier, the only program that picked up the entry was Zone
Alarm Pro.
I followed all your instructions and nothing was found relating to the
entry.
The entry is still there but no value under "Data".

After updating ZAPro anti-spyware today, it doesn't pick it up either. There
are several posts on ZA forums relating to this and it is/was showing up as
a false/positve.

Learned a lot and thanks for your help.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Virus 'W32.Spybot.Worm' identified in file 'wlmsngr.exe' 3
Creating LEGACY_NULL Via Registry Script 3
Rouge Process I cannot get rid of. 16
Problem Service Control Manager 1
Need help with Windows XP registry question 2
solved: The Virtual PC Application Services service 0
3F8AB4CH Service 1
Pinging all the experts here -->Zone Alarm anti-spyware just found 2 trojans that Avast/Ad-Aware/Spy 27

Back
Top