[RickJ]

Some of you know my Paypal and adSense accounts were compromised a couple weeks ago. Sorry for the long one, but here's my latest:

I tried a few products since then and settled on running ZoneAlarm Free for firewall and AVG Free for antivirus. Also running Malware Sweeper Free, Windows Defender and Spyware Blaster in the background.

This morning the Malware Sweeper notification window was up saying I had 18 infections. Neither of the other two malware products had notifications, but just in case, I ran scans.

Did full scan with Spybot Search & Destroy: It found nothing.
Did full scan with AVG: It found nothing.
Did full scan with Windows Defender: It found nothing.
Did full scan with MS Malware Removal Tool: It found nothing.

So the whimpy Malware Sweeper Free product finds what none of the others find?? Can that be right?

The below is what Malware Sweeper found. Are they really problems? If so, how can we trust any of these malware finders knowing one product may find what many others don't?

The stuff that is supposedly logging what I do is quite concerning!

Malware Sweeper found:

13 Registry Items
** Block-Checker, Severe
hkey_local_machine\software\microsoft\windows\curr entversion\internet settings\p3p\history\bfast.com
hkey_local_machine\software\microsoft\windows\curr entversion\internet settings\p3p\history\bfast.com

Block-checker is a program which is used to check if your frInternet Explorernds are blocking you on MSN, Yahoo or AOL. This program hijacks your messenger services by automatically sending messages such as ;I know who's blocking me on MSN because I use http://www.block-checker.com;. It also adds itself to the firewall exclusion policInternet Explorers.

** systemprocess, severe
hkey_local_machine\software\microsoft\windows\curr entversion\internet settings\p3p\history\qksrv.net
hkey_local_machine\software\microsoft\windows\curr entversion\internet settings\p3p\history\qksrv.net

is an advertising-oriented spyware that downloads and displays advertisements in a popup window while a user is browsing the Web

** CoolWebSearch, severe
hkey_local_machine\software\microsoft\windows\curr entversion\internet settings\zonemap\domains\coolwwwsearch.com
hkey_local_machine\software\microsoft\windows\curr entversion\internet
settings\zonemap\domains\coolwwwsearch.com=*

CoolWebSearch is a wide range of browser redirection tools. All variants redirect you to specific Web sites.

** uncategorized hijacker, moderate
hkey_local_machine\software\microsoft\windows\curr entversion\internet settings\zonemap\domains\xxxtoolbar.com
hkey_local_machine\software\microsoft\windows\curr entversion\internet settings\zonemap\domains\xxxtoolbar.com=*

A hijackjer is is software that resets your browser's settings to point to other sites. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower.

** surveil, severe
hkey_classes_root\.zlg
hkey_classes_root\.zlg
hkey_classes_root\.zlg=original extension

Surveil logs all system activity. The person who installed it can then watch all the logged activity.

5 Files/Folders

** CooKies, moderate
c:\cocuments and settings\rick jackson\cookies\rick [email protected][1].txt
c:\cocuments and settings\rick jackson\cookies\rick [email protected][1].txt
(I know what these are. Cookies not a problem)

A CooKie is an information file that some web servers use to identify you in the internet, but other CooKies might be spyware because of the information they hold.

** passdumper, high
c:\docume~1\rickja!1\locals~1\temp\rarsfx20

PassDumper is a tool which steals windows login name and passwords from windows NT/2000 and saves them into a pass.txt in windows directory.

** achiles, high
c:\windows\system32\catroot2\tmp.edb

is a self-replicating virus that does not alter files but resides in active memory and duplicates itself. Worms use parts of an operating system that are automatic and usually invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks.

** dssdoor.c, severe
c:\windows\system32\\msinet.ocx

malicious user with access to the victim machine. It is a Windows PE EXE file. The file is 419 969 bytes in size. It is packed using UPX. The unpacked file is approximately 890KB in size. This Trojan is written in Visual Basic.

Should I go back in with Malware Sweeper and remove all the stuff above?

Any suggestions? I know I've asked similar before, but this new info sure changes things in my mind.

[Superfly999]

Hmmm I did a search on a few of those last files and those seem like they are needed for the system to function. I don't think I would trust that malware sweeper program. Try this website (in IE not Firefox or myie2) housecall.trendmicro.com it is a free virus/spyware scan site that works really well. If anyone has more info over this please list it.

*EDIT* OK I did a search over a few of the first files this time and it said they were in fact spyware. I still don't know about this program though because those last files that I search for seemed necessary. Again if anyone else can provide more info please do.

[benn11]

You do wonder why sometimes this free programs picks up all sorts of malicious code? For example I have trend micro at work that doesn't pick up anything but when I go to my personal machine installed with AVG it picks up all this viruses..

I would recommend you to backup your data or set a restore point but give the program a go and let us know what happen...

[RickJ]

Thank you, anyone who reads this windy thing.

The plot thickens:

This is becoming quite interesting... and still a bit worrysome:

TrendMicro found only 2 items:

1. SPYWARE_TRAK_CULREMOT.11 (no info about it found by googling)
And
2. a profiling cookie (liveperson, same as found by Malware Sweeper).
I ran the cleaner/remover.

I then checked PCMag. They name the best anti-spyware/malware programs as Webroot Spy Sweeper, Norton Internet Security and Spyware Doctor as the tops... so I ran Spy Sweeper and Spyware Doctor:

Webroot Spy Sweeper found just 2 relatively harmless spy cookies:
2o7.net server.iad.liveperson (interesting that trend micro did not remove it even though it said it did). The free version of Spy Sweeper does not remove items.

Spyware Doctor only found 2 Advertising items and 3 Tracking items.
The free version of Spyware Doctor does not remove items.

... so then I did another system restore point just in case, then ran Malware Sweeper again and used it to remove the items it found. It said it removed them all but another scan shows that dssdoor.c and achiles are still there.

Clicking on Take Action results in the program saying they're removed, but scanning again shows they're still there.

I don't find anything on the net about achiles.

dssdoor.c is another story, though. I read that it

* Allows others to access the computer
* Downloads code from the internet
* Installs itself in the Registry

It was recognized in 2005 so why the other apps could not find it sort of blows me away.

... and for a look back at the other stuff that Malware Sweeper, but not the others, found:

Passdumper seems quite serious. Again, how the little freebie found it but not the other big name ones concerns me.

... does any of this lead anyone else to be very concerned about the big name products?

[biggsie]

I usually go to Pal Talk (chat site) if I have computer problems -- Room Name -- and link below... They usually point me in the right direction...

Personal Computers and High Tech Help

Personal Computers & High Tech Help

I had to clean my computer, because of a Pay Pal incident, someone charged
Jewelry to my PAY PAY account $2300 worth... They could not tell me how it happened.

Two years ago someone got my Pay Pal account number and drained our bank
Account in three days -- straightened out the mess --- once...

This time I closed my account, money is tight, I'm now retired and don't need the stress...

Not sure who to believe when checking for spyware, think some make it
Look like they found something, or planted something to sell their product!!

[SajidBhai]

I agree with u... most of the "anti-spyware" usually plots a spyware and pops up saying I found a spyware I found spyware... much like Mr. Bean putting chrismas cards in his house and enters and say "AAAH :-)"