bond

Two spywares that I am worried about - Please help

Recommended Posts

Please could someone help me with this. I have the latest edition of Bullguard installed (firewall and antivirus)I run a scan every couple of days. I also use Spybot Search and Destroy and use this every couple of days as well. I downloaded and ran you free edition of A-squared and it found a couple of things that worry me somewhat. The scan found a trace of a programme called CyberAlert 3.1 and also MyNabyoo! Neither of these have previously been picked up on by Bullguard or Spybot and I have not knowingly installed them myself. I have included the full scan log for you to kindly take a look at. What I am wondering is this: Were these two programmes opirational at the time of the scan? Were they false/positives? Were they bundled with Evidence Eraser? (which I have had installed in the past) Were these two programmes ever in use? - or, were they just lying domant and buddled with something I have downloaded? Here is the log. Your help and advice is massively appreciated!

Kind regards,

Share this post


Link to post
Share on other sites
Guest James

Hello,

The two detected items which you mentioned could have been installed by a number of methods based on your log.

You have a large number of rogue applications installed, and it could have been bundled with any of them.

I saw that there was also the ATRAPS infection which could have also installed the previously mentioned infections.

It also wouldn't harm to remind you that illegal patches/cracks/keygens which appear in your log can also have an infection which is set to drop when you run the patch/crack/keygen.

I suggest you quarantine all of the items in your log, simply put they are all some form of Malicious Software.

Regards,

Share this post


Link to post
Share on other sites

Hi bond , welcome to the forum

1) if you want to find out whether the detections are False Positives (FP) or not please submit flagged items from the detection list to EMSI developers for analysis.

You can submit from quarantine as well;

2) please investigate before making decisions to quarantine /delete see this Sticky

3) cookies are harmless and never representing threats. There is no need to quarantine them. It's recommended to clean temporary files locations and cookies prior to scanning;

3) You have to update a-squared since your report showing “Last update: 28/02/2010”

(as a matter of fact, the quarantined item will be re-scanned those items that confirmed to be FP will be restored... that may tace several subsequent updates)

4) If your system is misbehaving and you need assistance by the malware fighter see reference below

5) But as James pointed if you have illegal Software installed you have to remove kegens/cracks, etc. and uninstall the Software prior to posting into Malware Removal section

=======

Read the following instructions

START HERE, if you don't we are just going to send you back to this thread <--click

Prepare and post (attach) the required log files into Malware Removal section of the forum

(create new thread there)

Wait for reply from ShadowPuterDude, Katana, or JeanInMontana

for assistance and further instructions.

=======

Translation Links for Forum Instructions

My regards

P.S. when posting request provide information about System Environment as in Forum Posting Rules

Share this post


Link to post
Share on other sites

Hi James,

Thanks for looking at this for me I really appreciate it! I quarantined the said nasties on the 28th after the scan and then deleted them. I have uninstalled the software and patches etc. Do the two programmes look like they could have been in use? Also, in the quarantined results it does not say anything about CyberAlert being quarantined. When I rescanned the results came back clean. The only log I have mentions the patches etc, and I would like to submit to see if the two programmes that I was worried about are false/positives. What should I do?

Scan end: 28/02/2010 11:42:30

Scan time: 1:36:23

C:\Windows\System32\pu61003.dll Quarantined Trojan-Dropper.Agen!IK

C:\Windows\System32\ctfmon_rg.exe Quarantined Trojan.ATRAPS!IK

C:\Users\brando\Documents\UseNeXT\wizard\UnInstall Tool Professional v2.8.1 build 5022 - Mu\UIT PATCH\utool281_patch.exe Quarantined Trojan-Dropper.Agent!IK

C:\Users\brando\Documents\UseNeXT\wizard\Spyware Cease ( Portable) Durham\Spyware Cease.exe Quarantined Virus.Win32.Virut!IK

C:\Users\brando\Documents\UseNeXT\wizard\Spyware Cease ( Portable) Durham\Stubs\5663ed6efd467ef5a77858f48877f2aa2cc8bd\AutoUpdate.exe Quarantined Virus.Win32.Virut!IK

C:\Users\brando\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt Quarantined Trace.TrackingCookie.www.bullguard!A2

c:\windows\system32\urlhist.tlb Quarantined Trace.File.MyNabyoo!A2

c:\windows\system32\eselleratecontrol350.dll Quarantined Trace.File.Instant Access!A2

c:\users\brando\appdata\roaming\evidenceeraser\ Quarantined Trace.Directory.EvidenceEraser2009!A2

c:\program files\kazaa Quarantined Trace.Directory.KaZaA!A2

Quarantined

Files: 5

Traces: 144

Cookies: 1

Kind regards,

Share this post


Link to post
Share on other sites

bond,

As it was pointed above - you can submit from quarantine

Highlight the item & use respective button

Set Re-scan to "Silent" or "Manual"

Not all items can be submitted , but you will get a message in such situation

As for removing the Software and patches you always can use the referred procedure as in my reply ... if you will experience system's misbehavior due such installations

My regards

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.