Jump to content

Trace.Registry.SpyPc 8.0!A2 plus Trace.Registry.IamBigBrother 9.0!A2


laopa
 Share

Recommended Posts

Hi,

I keep finding these "malware?" on my system every time to do a scan with Emsisoft Anti Malware.

I quarantine them and them they are back the next time I scan.

I have tried to upload them as a group and individually via Quarantine but keep getting "server error" messages.

Tried sending the log file to Emsisoft and have not heard back yet.

Not sure how to upload these items directly from the registry so I have not sent them to VirusTotal yet.

Avira Antivirus, Malwarebytes Antimalware, SuperAntispyware, HitMan Pro do not recognize them as problems.

Any ideas where they come from and how to get rid of them permanently if they are really "malware".

Emsisoft Anti-Malware v. 5.0.0.68

© 2003-2010 Emsi Software GmbH - www.emsisoft.com

ID Object

0 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF208219-0A7F-11D2-A6DE-00400541EFEE}\InprocServer32 --> ThreadingModel Trace.Registry.IamBigBrother 9.0!A2

1 Value: HKEY_CLASSES_ROOT\CLSID\{BF208219-0A7F-11D2-A6DE-00400541EFEE}\InprocServer32 --> ThreadingModel Trace.Registry.IamBigBrother 9.0!A2

2 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9D55102-9683-11D2-BA68-0040053687FE}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

3 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA4FC24B-C65C-11D1-AA6F-000000000000}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

4 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDD136CE-517B-11D2-AD03-00105A17B608}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

5 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B22FE43C-D1E8-432A-A862-9F83D5F04732}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

6 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F99A075-5227-11D2-AD06-00105A17B608}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

7 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{371D0743-7A57-11D2-AD5A-00105A17B608}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

8 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C1F87AE-AE62-11D3-911C-00105A17B608}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

9 Value: HKEY_CLASSES_ROOT\CLSID\{DDD136CE-517B-11D2-AD03-00105A17B608}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

10 Value: HKEY_CLASSES_ROOT\CLSID\{E9D55102-9683-11D2-BA68-0040053687FE}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

11 Value: HKEY_CLASSES_ROOT\CLSID\{CA4FC24B-C65C-11D1-AA6F-000000000000}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

12 Value: HKEY_CLASSES_ROOT\CLSID\{4F99A075-5227-11D2-AD06-00105A17B608}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

13 Value: HKEY_CLASSES_ROOT\CLSID\{B22FE43C-D1E8-432A-A862-9F83D5F04732}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

14 Value: HKEY_CLASSES_ROOT\CLSID\{371D0743-7A57-11D2-AD5A-00105A17B608}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

15 Value: HKEY_CLASSES_ROOT\CLSID\{0C1F87AE-AE62-11D3-911C-00105A17B608}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

16 Value: HKEY_CLASSES_ROOT\CLSID\{371D0743-7A57-11D2-AD5A-00105A17B608}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

17 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{371D0743-7A57-11D2-AD5A-00105A17B608}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

18 Value: HKEY_CLASSES_ROOT\CLSID\{0C1F87AE-AE62-11D3-911C-00105A17B608}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

19 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B22FE43C-D1E8-432A-A862-9F83D5F04732}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

20 Value: HKEY_CLASSES_ROOT\CLSID\{CA4FC24B-C65C-11D1-AA6F-000000000000}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

21 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9D55102-9683-11D2-BA68-0040053687FE}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

22 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA4FC24B-C65C-11D1-AA6F-000000000000}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

23 Value: HKEY_CLASSES_ROOT\CLSID\{BF208219-0A7F-11D2-A6DE-00400541EFEE}\InprocServer32 --> ThreadingModel Trace.Registry.IamBigBrother 9.0!A2

24 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF208219-0A7F-11D2-A6DE-00400541EFEE}\InprocServer32 --> ThreadingModel Trace.Registry.IamBigBrother 9.0!A2

25 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C1F87AE-AE62-11D3-911C-00105A17B608}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

26 Value: HKEY_CLASSES_ROOT\CLSID\{B22FE43C-D1E8-432A-A862-9F83D5F04732}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

27 Value: HKEY_CLASSES_ROOT\CLSID\{E9D55102-9683-11D2-BA68-0040053687FE}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

28 Value: HKEY_CLASSES_ROOT\CLSID\{4F99A075-5227-11D2-AD06-00105A17B608}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

29 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F99A075-5227-11D2-AD06-00105A17B608}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

30 Value: HKEY_CLASSES_ROOT\CLSID\{DDD136CE-517B-11D2-AD03-00105A17B608}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

31 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDD136CE-517B-11D2-AD03-00105A17B608}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

32 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9D55102-9683-11D2-BA68-0040053687FE}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

33 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA4FC24B-C65C-11D1-AA6F-000000000000}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

34 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDD136CE-517B-11D2-AD03-00105A17B608}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

35 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B22FE43C-D1E8-432A-A862-9F83D5F04732}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

36 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F99A075-5227-11D2-AD06-00105A17B608}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

37 Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{371D0743-7A57-11D2-AD5A-00105A17B608}\InprocServer32 --> ThreadingModel Trace.Registry.SpyPc 8.0!A2

Help.

laopa

Link to comment
Share on other sites

Hi, laopa

1st, please do not in-line post - attach reports. See the Forum Posting Rules

If you search about the “Traces” in this and the old forum you will find many discussions

Traces are not necessarily dangerous. Please read Spyware Traces in Detail

Before quarantining those you have to find out whether there are associated Software / files

Those can be leftovers (most likely not in your case)

Those can be recreated every time when you are (re)running the Software , therefore it is important to find out what is that Software

If the Software is trustful you will just whitelist those traces so they are ignored during the scan

In some cases Traces are flagged because of the specific places the Software is writing them (so those can be considered by the security as “potentially unwanted), but then again... that is not necessarily means that the Software itself is malicious. White-listing helps in such cases as well

Most likely you ran just a Quick Scan, The latter will search for the Traces in registry

You probably have to run Smart or the Deep Scan

In addition you can search the Net for the CLSIDs, e.g. from your post “{E9D55102-9683-11D2-BA68-0040053687FE}”

and you may find the software to which it may belong.

In this case one of the searches results (McAfee) sais:

In our tests, this download was free of adware, spyware and other potentially unwanted programs

I cannot tell at this moment why you were not able to submit the entries from the Quarantine . Please try to submit from the Detection List

Let's hope the developers will reply

In any case you will contact the developers please attach the saved Smart or Deep Scan result to the e-mail see Submitting suspected False Positives for analysis

My regards

Link to comment
Share on other sites

Hi,

1st, please do not in-line post - attach reports. See the Forum Posting Rules

Suitably chastised. I will work on sending the zip file of the last Smart Scan, when they again appeared, to Emsisoft and get back if and when I hear anything.

Still no sure why in a reply, you need to have a quoted version of the post you are replying to, included in your own re-post.

laopa

Edited by Lynx
Full quote without comments was removed
Link to comment
Share on other sites

Thanks for reply,laopa

I'm sure the matter will be resolved after the developers response

Still no sure why in a reply, you need to have a quoted version of the post you are replying to, included in your own re-post...

If I got this request correctly - you should not have "quoted version of the post you are replying to"

Please read Forum posing Rules and use quotes (rather parts of those) were that's appropriate or just "Add Reply" without the quotes

Cheers!

Link to comment
Share on other sites

Hi,

Not heard a peep from Emsisoft on the files I sent. Last time I got an answer back within 1 hour.

Sent the thing twice, once 7-Zipped and then about 8 hours later once IZARC Zipped and Encrypted.

Did get a > 69 MB update this morning. Maybe that will fix it?

Back later.

laopa

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...