Spyware issue causing concern

[acr1965]

Yesterday evening my Counterspy active protection started popping up messages that my browser home page was attempting to be changed to some odd web sites. Then I got about 50 pop up messages saying sites were trying to be added to my "trusted list" on my browser. I use IE6, mainly because I had some issues with IE7 (Windows locked up). Anyway, I blocked all attempts.

So I scan with Counterspy, AVG Anti-Spyware and run NOD's scan. The results were very odd (to me, at least). Counterspy said I had iSearch.DesktopSearch (browser plug-in). I did not quaranteen at that time but instead ran AVG Anti-Spyware which said I had Not-A-Virus.Monitor.Win32.SpySweeper. I then ran NOD32 which said I had Win32/Adware.WBug.A application. NOD did not show any findings from the scan, though.

I quaranteened iSearch.DesktopSearch in Counterspy as well as quaranteened Not-A-Virus.Monitor.Win32.SpySweeper in AVG. NOD32 had Win32/Adware.WBug.A in quaranteen already.

Is it safe to keep all these quaranteened or should they try to be deleted? Also, should I send Win32/Adware.WBug.A to ESET for analysis? If so, how is that accomplished?

I find it kinda odd that Counterspy found spyware which it rated as "high risk" but it was not detected by NOD32. Could NOD32 have it as misread spyware?

Any other ideas or suggestions?

Thanks in advance.

[Marcos]

Please send a log from Hijackthis (http://www.merijn.org/files/hijackthis.zip) to support @ eset.com with a link to this thread.

[acr1965]

Quote:

Originally Posted by Marcos

Please send a log from Hijackthis (http://www.merijn.org/files/hijackthis.zip) to support @ eset.com with a link to this thread.

Ok I'll do that. Do I save the log as a file and attach it to the email?

[Blackspear]

Quote:

Originally Posted by acr1965

Ok I'll do that. Do I save the log as a file and attach it to the email?

Correct.

Cheers

[acr1965]

sent!!

thanks

Quote:

Originally Posted by acr1965

sent!!

thanks

Please , keep us informed

[Marcos]

The log didn't reveal any suspicious file. I assume the adware was found in a file on the disk not registered in the registry (i.e. it wouldn't start with Windows). If AMON shows an alert window, it also tells you what process / application created it.

[acr1965]

Quote:

Originally Posted by Marcos

The log didn't reveal any suspicious file. I assume the adware was found in a file on the disk not registered in the registry (i.e. it wouldn't start with Windows). If AMON shows an alert window, it also tells you what process / application created it.

I checked AMON but there was no alert window. I submitted the Win32/Adware.WBug.A and it appears to be an aim.exe. So maybe it was no big deal. I am concerned with NOD32 not detecting the high risk spyware though- iSearch.DesktopSearch (browser plug-in). I have NOD32 set to Blackspear's recommendations.

How did NOD32 completely miss the browser plug-in spyware? IIRC- it's not the first time NOD32 has allowed high risk spyware to get into my system.

Quote:

Originally Posted by acr1965

I checked AMON but there was no alert window. I submitted the Win32/Adware.WBug.A and it appears to be an aim.exe. So maybe it was no big deal. I am concerned with NOD32 not detecting the high risk spyware though- iSearch.DesktopSearch (browser plug-in). I have NOD32 set to Blackspear's recommendations.

How did NOD32 completely miss the browser plug-in spyware? IIRC- it's not the first time NOD32 has allowed high risk spyware to get into my system.

Hi ! That's why you keep more than one security software , no one is perfect . NOD32 is one of the best .If you still have the iSearch.DesktopSearch in CounterSpy's quarantine , please submit it to ESET in email samples@eset.com or to support@eset.com , just in case . Thanks

Good luck and less viruses

[ejr]

Quote:

Originally Posted by acr1965

Yesterday evening my Counterspy active protection started popping up messages that my browser home page was attempting to be changed to some odd web sites. Then I got about 50 pop up messages saying sites were trying to be added to my "trusted list" on my browser. I use IE6, mainly because I had some issues with IE7 (Windows locked up). Anyway, I blocked all attempts.

So I scan with Counterspy, AVG Anti-Spyware and run NOD's scan. The results were very odd (to me, at least). Counterspy said I had iSearch.DesktopSearch (browser plug-in). I did not quaranteen at that time but instead ran AVG Anti-Spyware which said I had Not-A-Virus.Monitor.Win32.SpySweeper. I then ran NOD32 which said I had Win32/Adware.WBug.A application. NOD did not show any findings from the scan, though.

I quaranteened iSearch.DesktopSearch in Counterspy as well as quaranteened Not-A-Virus.Monitor.Win32.SpySweeper in AVG. NOD32 had Win32/Adware.WBug.A in quaranteen already.

Is it safe to keep all these quaranteened or should they try to be deleted? Also, should I send Win32/Adware.WBug.A to ESET for analysis? If so, how is that accomplished?

I find it kinda odd that Counterspy found spyware which it rated as "high risk" but it was not detected by NOD32. Could NOD32 have it as misread spyware?

Any other ideas or suggestions?

Thanks in advance.

With the pace that spyware is evolving, you can't expect any one application to detect everything. NOD32 is a worldclass program, but you should also run at least one designated antispyware program with it.

At different points in time, I have used Spyware Doctor, Spysweeper, and Counterspy (as well as a number of others). I don't think you can go wrong with any of these 3.

[acr1965]

Quote:

Originally Posted by HiTech_boy

Hi ! That's why you keep more than one security software , no one is perfect . NOD32 is one of the best .If you still have the iSearch.DesktopSearch in CounterSpy's quarantine , please submit it to ESET in email samples@eset.com or to support@eset.com , just in case . Thanks

Good luck and less viruses

How do I do that?

Quote:

Originally Posted by acr1965

How do I do that?

If there is a file quatantined by CounterSpy , you can open its Quarantine section , choose to get out of quarantine , open your mailbox , compose new message , attach that suspected file and send it to samples@eset.com

You'd better first zip it and password-protect it but if you don't know how, don't worry Then you can quarantine it back again