|
|
#1
January 12th, 2006, 02:08 PM
|
||||
|
||||
dialer generic
Could someone PLEASE help with this problem, I have the paid for version ( I have been in touch with ewido twice but no reply.)
Each time I scan I get the following, it is cleaned and is then back the next day. I had a hjt done and they said it was clean. ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 14:24:39, 12/01/2006 + Report-Checksum: 51028F2A + Scan result: HKLM\SYSTEM\ControlSet002\Control\SPPInfo\PPSE1IDesc -> Dialer.Generic : Cleaned with backup ::Report End |
|
#6
January 13th, 2006, 12:20 PM
|
||||
|
||||
|
Re: dialer generic
Maybe something is re-installing it after each reboot?
Give yourself an online scan to see if that throws anything up:- http://www.kaspersky.com/downloads/kws/kavwebscan.html You should also check the Startup tab of msconfig to ensure nothing nasty is set to autostart from there. |
|
#7
January 13th, 2006, 01:18 PM
|
||||
|
||||
|
Re: dialer generic
I just did a scan in safe mode, it was there again as I had to reboot to do it.
Could not see anything unusual in the startup. (msconfig) STILL no reply from ewido after 3 e-mails. Been reading a microsoft article about controlsets. Perhaps ewido is recognising the last good configeration (controlset002) as a threat? I don't know enough about the registry is figure it out. Thanks for the replies  |
|
#8
January 14th, 2006, 04:07 PM
|
||||
|
||||
|
Re: dialer generic
i would check the registry to confirm that ewido removed the regkey..
assuming that ewido does remove the regkey, and that some malware is restoring it, you could try using "sysinternal's" "regmon" to try to see what is writing the regkey.. also, you could try ghostsecurity's "regdefend".. maybe that is another way to see what is writing the regkey.. here is a link to "regmon": http://www.sysinternals.com/Utilities/Regmon.html here is a link to "regdefend": http://www.ghostsecurity.com/index.php?page=regdefend incidentally, i don't have a "HKLM\SYSTEM\ControlSet002" in my registry, running win xpsp2.. Last edited by redwolfe_98 : January 14th, 2006 at 04:18 PM. |
|
#9
January 15th, 2006, 02:57 AM
|
||||
|
||||
|
Re: dialer generic
Thanks for your reply redwolf. The key is always at that address, ewido says removed and cleaned each time, have even tried running it in safe mode.
The info I have on controlset002 (which I don't really understand! ) has been obtained from this microsoft article http://support.microsoft.com/?kbid=100010 I don't really know if I am competent enough to use the things you suggested. I would just love ewido to reply to all my e-mails about this problem. I paid for ewido and had hoped for more support from them. |
|
#10
January 15th, 2006, 06:18 AM
|
||||
|
||||
|
Re: dialer generic
First of all, sorry for the late reply - I will check what happened!
Could you please open regedit.exe, navigate to HKLM\SYSTEM\ControlSet002\Control\SPPInfo right click on SPPInfo, select "Export" and send the created .reg file to submit@ewido.net with a short notice about this thread here? |
|
#11
January 15th, 2006, 06:38 AM
|
||||
|
||||
|
Re: dialer generic
stapp, you could try to get some help in the forums at "dslreports"..
there are probably other forums where you could try to get help; that is just one forum that i am familiar with.. there are some routines that they want you to go through before asking for help with cleaning, so read the articles where it says "read before posting".. here is a link to the "security forum", but notice that there is another forum for help with "cleaning", "security cleanup" (mentioned in the "sticky", at the top of the forum), and there is a tab for the "security cleanup" forum.. http://www.dslreports.com/forum/security |
|
#12
January 15th, 2006, 08:21 AM
|
||||
|
||||
|
Re: dialer generic
Quote:
|
|
#13
January 15th, 2006, 02:03 PM
|
||||
|
||||
|
Re: dialer generic
Have discovered that the controlset002\control\sspinfo\ppse1idesc thing is in CURRENT controlset as well sometimes, although ewido never gives that reg. address as being a problem.
|
|
#14
January 16th, 2006, 08:30 AM
|
||||
|
||||
|
Re: dialer generic
Thanks for the file... However, we were not yet able to reproduce it on our test machines, could be an engine bug
 |
|
#16
January 16th, 2006, 11:05 AM
|
||||
|
||||
|
Re: dialer generic
contents of output.txt file for ease of following:
Quote:
Hey stapp, Just for future reference in case it helps to understand....the ControlSet002 key is "the last known good control set, or the control set that last successfully booted" What are Control Sets? What is CurrentControlSet?
__________________
Wilders - Terms of Service · Site FAQ · Searching the forum easier · The Art of Quoting in Posts |
|
#17
January 16th, 2006, 11:48 AM
|
||||
|
||||
|
Re: dialer generic
Thanks for that bubba. Learn something new everyday...at least for me.
__________________
http://www.tallemu.com/ The Best Of The Best. ßè膣èJÚïÇè69 |
|
#18
January 16th, 2006, 11:49 AM
|
||||
|
||||
|
Re: dialer generic
Thanks Bubba for doing that and the info.
The gentleman who helped me get that info above says ewido may also need this info below I will paste in, to help them to find the source of the problem.... I cannot recreate the problem you are having, Ewido deletes the key on mine and it doesnt come back, Ewido doesnt remove the SPPInfo key but does remove the PPSE1IDesc subkey which is all it seems to target but its strange that it doesnt detect the exact same key in CurrentControlSet, the ControlSet002 entry must be written into their definitions and they must not of included the CurrentControlSet entry. Regarding the permissions if I remove permissions for everyone on that subkey then Ewido shows this in the scan: + Created on: 15:31:58, 16/01/2006 + Report-Checksum: D93BCFF + Scan result: HKLM\SYSTEM\ControlSet002\Control\SPPInfo\PPSE1IDesc -> Dialer.Generic : Error during cleaning ::Report End If I enable permissions for Admin with Full Control then Ewido shows this: + Created on: 15:36:16, 16/01/2006 + Report-Checksum: AAECEBA + Scan result: HKLM\SYSTEM\ControlSet002\Control\SPPInfo\PPSE1IDesc -> Dialer.Generic : Cleaned with backup ::Report End And I can see by checking the registry that it does remove the PPSE1IDesc subkey plus Im able to delete those keys manually without problems Can you create a new user account then try deleting the key using that account, maybe best to write the path to the key down so you can still find it with the new account as it will not load your settings or any text files you have saved. Goto Control Panel (Start menu > Control Panel ) and then double click User Accounts Choose 'Create a New Account' Name it anything and click Next, For Account Type choose 'Computer Administrator' then click 'Create Account' Reboot and then log into the new account then open Regedit and try to manually remove the keys by right clicking SPPInfo and choosing Delete: [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SPPInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SPPInfo] Reboot back to your own account then delete the new account you just created by going to user accounts again and clicking the new account name then choose 'Delete Account' and 'delete files'. Hope this helps It is unlikly I will be able to to follow these instuctions myself! |
|
#19
January 17th, 2006, 11:12 AM
|
||||
|
||||
|
Re: dialer generic
IT'S GONE!!
To bring people up to date . I followed the instuctions above, created a new user, went to regedit, found controlset002, it wouldn't let me delete SSPInfo key. Next I went to currentcontrolset and YES it let me delete the SSPInfo key,. I rebooted , scanned and it's gone. No SSPInfo folder now in either controlset002 or currentcontrolset reg entries. I just wish ewido had helped me do it, I've still had no reply from the 5 e-mails I've sent them. Thanks to all here who did reply. |
|
#20
January 17th, 2006, 11:24 AM
|
||||
|
||||
|
Re: dialer generic
Quote:
That is because we do not want to discuss issues at several places (forum AND email) to avoid confusion... The main thing that caused the delay is that we do not have a definition for HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SPPInfo\PPSE1IDesc and until Bubba posted the whole tree, we could not reproduce the detection... We are still on it, that's for sure |
|
#21
January 18th, 2006, 08:53 AM
|
||||
|
||||
|
Re: dialer generic
Thanks for the reply Peter. When you find out the dialer any chance you could let me know?
P.S. Just to make it clear, I think ewido is a GREAT prog. which is why I bought it. ( just in case I didn't make this clear !) |
|
#22
January 18th, 2006, 09:08 AM
|
||||
|
||||
|
Re: dialer generic
Quote:
 BTW....I will be following a few threads I have found concerning this same issue in particular this thread. Quote:
__________________
Wilders - Terms of Service · Site FAQ · Searching the forum easier · The Art of Quoting in Posts |
|
#23
January 18th, 2006, 11:13 AM
|
||||
|
||||
|
Re: dialer generic
Bubba, you have found me out, Hazelnut is me!! A lady!!
The gentleman you quoted in ccleaner was very helpful and did make some suggestions as to where this may have come from as I am sure you noticed. ccleaner forum is a strong supporter of ewido and indeed it is included in their malware package suggestions for download before hjt logs are submitted. |
|
#25
June 27th, 2006, 12:41 PM
|
||||
|
||||
|
Re: dialer generic
So glad it helped you. It drove me mad at times 'til I got that fix for it from a guy called Andy Manchesta over on ccleaner forums.
Are you still on ewido 3.5? If so I would give ewido 4 a go, I think it's a HUGE all round improvement. |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
