Re: spyware??

From: Malke (malke_at_nospoonnotreally.com)
Date: 05/27/04 

Date: Thu, 27 May 2004 05:33:42 -0700

Jen wrote:

> I have had trouble with my computer trying to dial up to
> the internet all the time, and trying to open advertising
> pages. I've tried to get help and have been told it is
> spyware. So now I have heaps of software downloaded and
> updated regularly but still have the problem. I have Ad
> Aware, Spybot, CWShredder, Bitdefender, Pestpatrol, The
> cleaner, Stinger, SpywareGuard, and SpywareBlaster. I am
> sending a Hijack this! log with this.

Jen - While I do see AVG Antivirus, the question is whether or not
you've got the latest engine and virus definitions. Also, you've got
lots of stuff running that doesn't need to be running. A quick look
also shows Incredimail, which is a known vector of spyware. What you
should do is a) look up the names of items you find running and that
will tell you whether you need to have them going or not; b) go over to
www.spywareinfo.com and post your HijackThis log in the forums and/or
do some reading over there. I've put a few comments about your log
inline on this post, but you're going to have to spend the time
Sherlocking. I'll only comment on some of the items running that are
questionable.
>

Shared\VS7Debug\mdm.exe - I don't think this needs to be run at Startup

C:\Program Files\Common Files\Softwin\BitDefender - Is this one of your
anti-spyware programs? It seems a bit invasive, but I'm not personally
familiar with the program

C:\WINDOWS\System32\S3tray2.exe - this is for your video card tray icon
- you don't generally need this

C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe - Go into Real Player's and
Quicktime's Preferences and tell them not to do automatic updates and
start with Windows

> C:\WINDOWS\kdlbvl.exe - This doesn't bring any Google links -
suspicious process?

> C:\PROGRA~1\PESTPA~1\PPControl.exe
> C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
> C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

You have an awful lot of these so-called anti-spyware programs running.
Check on Spywareinfo to see if they are any good and if it is efficient
to have so many.

C:\Program Files\Microsoft Office\Office10\msoffice.exe - You don't need
to have the entire MS Office program loaded into memory when you start
Windows.

> C:\Program Files\Internet Explorer\iexplore.exe
> C:\Program Files\Internet Explorer\iexplore.exe

Why do you have two instances of Internet Explorer running? Do you
really or is there a trojan running? See comment about current av
definitions.

So there are just a few comments. This really isn't the best venue for
line-by-line analysis of HijackThis logs, so do go over to
www.spywareinfo.com and check out the forums.

Good luck,

Malke 

-- 
MS MVP - Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
Quantcast