PDA

View Full Version : New Spywares

sanjith_ks
July 7th, 2006, 04:25 PM
This is the scan report of my system by Spyware Doctor.I am unable to remove it.


Spyware Doctor Activity Report
Generated on 08/07/2006 1:09:35 AM
Spyware Doctor Homepage PC Tools Homepage Technical Support
Scans (basic information only):
Scan Results:
scan start: 08/07/2006 1:11:58 AM
scan stop: 08/07/2006 1:20:00 AM
scanned items: 85061
found items: 37
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Hosts Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner

Infection Name Location Risk
Advertising 15 Low
Advertising 16 Low
Advertising 17 Low
Advertising 18 Low
Advertising 19 Low
Advertising 20 Low
Advertising 21 Low
CWS.Home Search Assistant blank High
CWS.Home Search Assistant C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe High
CWS.Home Search Assistant C:\PROGRA~1\SPYBOT~1\SDHelper.dll High
CWS.Home Search Assistant C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll High
CWS.Home Search Assistant C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll High
CWS.Home Search Assistant C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll High
CWS.Home Search Assistant C:\Program Files\Java\jre1.6.0\bin\ssv.dll High
CWS.Home Search Assistant C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe High
CWS.Home Search Assistant C:\Program Files\TrustIn Contextual\trustincontext.dll High
CWS.Home Search Assistant C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe High
CWS.Home Search Assistant C:\WINDOWS\inetloader.dll High
CWS.Home Search Assistant C:\WINDOWS\se_spoof.dll High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR## High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##Brnd High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##BSTV High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##Data High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##LSTV High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##MSLIST High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##SCLIST High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##SSLIST High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\MSSMGR##SSTV High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wingsa32 High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wingsa32## High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wingsa32##Asynchronous High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wingsa32##DllName High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wingsa32##Impersonate High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wingsa32##Shutdown High
Trojan.Downloader.Small.CML HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wingsa32##Startup High
CWS.Home Search Assistant multiple High
ronjor
July 7th, 2006, 04:41 PM
Hello sanjith_ks

I suggest you go to this site -- > http://bfccomputerhelp.com/index.php?showtopic=323 and follow directions there. They will help you get your computer cleaned up.
betauser2
July 7th, 2006, 04:48 PM
Also try to clean with following software

http://www.superantispyware.com/

Also try to run all cleaners in safe mode
aigle
July 8th, 2006, 03:38 AM
BTW, what does this mean?

"CWS.Home Search Assistant C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe High"
nadirah
July 8th, 2006, 06:30 AM
Anybody who reads this thread has to be extra alert, just FYI there seems there MAY be some false positives at first glance,:

CWS.Home Search Assistant C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe High
CWS.Home Search Assistant C:\PROGRA~1\SPYBOT~1\SDHelper.dll High
Quote merijn.org:
Located in:
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
(depending on where Spybot S&D is installed)
Deleted by: Iefeadsl browser hijacker.
Purpose: Spybot S&D resident IE protection, bad download blocker (BHO).
Symptoms: Spybot S&D IE protection not working properly.

Do you have Spybot S&D installed on your computer?

CWS.Home Search Assistant C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe High

Quote this source:
What is it?
Zone Alarm - zlclient.exe
What does it do?
zlclient.exe is a part of Zone Labs Internet Security. You should not end this process for any reason. This is the firewall I use behind my router as a second level of protection. The most important part of this is having to give permission to applications before they access the internet in any way. routers and the windows firewall have a tendency to allow anything out and only blocking inbound connections.
Virus Precautions:
You'll want to keep an eye on this google search (http://www.google.com/search?q=zlclient.exe+virus) for any known viruses. The normal location of this file is in C:\Program Files
gerardwil
July 8th, 2006, 06:40 AM
{QUOTE-> The normal location of this file is in C:\Program Files <-QUOTE}

I think that is not correct
zcv
July 8th, 2006, 06:19 PM
{QUOTE-> I think that is not correct <-QUOTE}
zlclient.exe is in \Program files\Zone Labs\ZoneAlarm and is the GUI for ZA. The firewall itself is vsmon.exe

Regards - Charles
webster
July 8th, 2006, 10:31 PM
Many false positives.

http://www.greatis.com/appdata/a/i/iesdpb.dll.htm

http://www.greatis.com/appdata/a/i/iesdsg.dll.htm

Both are Spyware Doctor files ::)
gerardwil
July 9th, 2006, 06:03 AM
{QUOTE-> zlclient.exe is in \Program files\Zone Labs\ZoneAlarm and is the GUI for ZA. The firewall itself is vsmon.exe

Regards - Charles <-QUOTE}

I know :)

I meant Nadirah did not copy and paste from an other side well ;)
As well she didn't give the link where she get it from...

Gerard