Sending Spyware Reports

[AndyManchesta]

Hi again

Is there a fix for the problem with sending spyware
reports,Ive tried it on 2 pcs and they both say there is
a error and I should check the internet proxy settings ,
This is a broadband conection with no problems connecting
to websites so Im not sure what's causing it unless its
just a bug.

I downloaded xxx.toolbar to help a user on here by
visiting Crack.am and just pressing A in the list then
running the first file in presented, I knew it would
infect me but its suprised me just how much, I will
repost that as a new topic sometime but have Trojans,
Backdoor trojans, Spyware, CWS, Ist and about 20 other
infections so thought it would help MS to get the
filenames before I clear it all but I cannot send the
report, It will not allow it on the infected machine or
this clean machine Im using now so thought Id post incase
there is a fix available for this

Thanks

Andy

 

[AndyManchesta]

It doesnt matter now I had to clean the machine up as Im
going to work soon,

Here's some of the list.I visited Cracks.am and
pressed 'A'in the list and then the first file it shows
then run the file. I had to disable MS Antispys real time
protection to get most of them to install so its great to
know its detecting these and blocking them,I just wanted
to test the damage that one file could do, I supspect the
site serves javascripts and trojan files in the page
itself to cause this amount of problems :

Also I had alot of entries in the trusted zone and
entries in my hosts file

I let it all install and then run MS Antispy on a full
system scan here's the results.There's far too many to
list as its found nearly 600 infected entries and then
Ewido still detected more trojans but here the main list.

MS Antispy detected these :

Ist.Istbar Sidefind - 112 Signatures

AvenueMedia.Dyfuca - 124 Signatures

Adware.Surf Accuracy - 19 Signatures

Ist.Istbar Browser Modifier - 78 Signatures

Trojan.Downloader.Ist.Istbar iinstall - 1 Signature

Ist.XXXtoolbar - 3 Signatures

Ist.Powerscan - 18 Signatures

BHO.WStart - 5 Signatures

CoolWebSearch - 9 Signatures

Ist.Istbar.ActiveX - 34 Signatures

Search Central (Browser Modifier) - 1 Signature

OfferAgent - 7 Signatures

Unclassified.Spyware.57 - 5 Signatures

Ist.Istbar.ContentMatchControl - 37 Signatures

eXact.Bullseye Network - 1 Signature

eXact.Trojan.Downloader - 1 Signature

AproposMedia - 1 Signature

TMKsoft.Xplugin - 78 Signatures

TMKsoft.Admess - 10 Signatures

Ist.Slotchbar - 19 Signatures

BloodHound Exploit ActiveX Trojan - 1 Signature

Moneytree Dialer - 18 Signatures

WinCommX Trojan Downloader - 7 Signatures

There was also Backdoor trojans and Trojan downloader
mostly Trojan.Agent variants but I needed Ewido to clear
them

Removed the rest using MS Antispy and Deleting the
remaining folders and files in temp folders then reset
the host file and trusted zones.

Maybe I will try it again sometime if I get the Spyware
reports to work


Andy

 

[Robin Walker [MVP]]

Is there a fix for the problem with sending spyware
reports,Ive tried it on 2 pcs and they both say there is
a error and I should check the internet proxy settings ,

I'd love to debug this problem, but I'd need Admin access to the PC in
question, and it has never happened to any of my PCs. It's probably a
registry setting somewhere.

 

[AndyManchesta]

Thanks Robin

I've done my work but back in later so can look into it
abit more, Ive not tried the send report before so cannot
say if its always been that way or if something has
changed,

Here's all the references to Proxy in my registry but I
wouldnt know where to start myself as its a area I never
go into unless its really needed, Im not expecting a
answer to this but thought it might give some clues to
the people who have experience with this,


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002
\Services\RemoteAccess\Policy\Pipeline\01]
@="IAS.ProxyPolicyEnforcer"
"Requests"="0 1 2"
"Responses"="0 1 2 3 4"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002
\Services\RemoteAccess\Policy\Pipeline\04]
@="IAS.RadiusProxy"
"Providers"="2"
"Responses"="0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003
\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}
\0009]
"InfPath"="ksfilter.inf"
"InfSection"="MSKSSRV"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.2180"
"MatchingDeviceId"="sw\\{96e080c7-143c-11d1-b40f-
00a0c9223196}"
"DriverDesc"="Microsoft Streaming Service Proxy"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003
\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}
\0007]
"InfPath"="ksfilter.inf"
"InfSection"="MSPCLOCK"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.2180"
"MatchingDeviceId"="sw\\{97ebaacc-95bd-11d0-a3ea-
00a0c9223196}"
"DriverDesc"="Microsoft Streaming Clock Proxy"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003
\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}
\0008]
"InfPath"="ksfilter.inf"
"InfSection"="MSPQM"
"InfSectionExt"=".NT"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2600.2180"
"MatchingDeviceId"="sw\\{ddf4358e-bb2c-11d0-a42f-
00a0c9223196}"
"DriverDesc"="Microsoft Streaming Quality Manager Proxy"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003
\Control\MediaInterfaces\{45FFAAA0-6E1B-11D0-BCF2-
444553540000}]
@="KsProxy DirectShow Audio Interface Handler"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003
\Control\StillImage\Events\STIProxyEvent]
"GUID"="{d711f81f-1f0d-422d-8641-927d1b93e5e5}"
"LaunchApplications"="*"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003
\Enum\Root\LEGACY_CCPROXY]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003
\Enum\Root\LEGACY_CCPROXY\0000]
"Service"="ccProxy"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000020
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="Symantec Network Proxy"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003
\Enum\Root\LEGACY_CTPRXY2K\0000]
"Service"="ctprxy2k"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="Creative Proxy Driver"
"Capabilities"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003
\Enum\Root\LEGACY_CTPRXY2K\0000\LogConf]


It might as well be in chinese as it means nothing to
me

Andy

 

[Bill Sanderson]

I have a pair of very similar machines in a small office one of which works,
and one does not.

I did some experimenting, prompted by your mention of proxycfg in another
thread, last night.

On the machine which did not send, proxycfg -u gave back a bad result--it
gave a server and port number. In fact, in the IE settings, although that
sever and port number had been set in the past, the current settings were
"direct."

So I re-enabled the proxy, physically removed the server name and port
number, and then switched back to direct. That fixed the appearance with
proxycfg--but it didn't change the behavior of Microsoft Antispyware. I
haven't rebooted the PC in question, but hope to soon--it normally runs 24x7
and I hate to disturb the user during the work week.

I've actually sent network traces from both machines off to a knowledgable
source and they spotted differences in DNS requests from the two machines,
but nothing further came of the effort.

I'd be glad to send you registry dump portions from a working and
non-working machine, if you can define what would be useful. I'd even
consider giving you direct access to the machines if you think you could
check it out in a reasonable amount of time. They are a long way from you,
but they can be switched on and off and rebooted reliably over remote links.