cws item in tds-3

sorry i havent been here looking in, as ive reformatted and trying to sort out a few issues about security, what else
after reformatting downloading the updated counter spy it found it again, bugger, but it also found visage pc surveillance in 7 all up, from when i went to kas for av updates, its happened a few times
but thats another issue
but counterspy did find cws in the file mentioned in a more specific place
c:\program files\tds-3\xdynamic\tds.unpk\45f3692d-ebbc-489d-82dd-191f4b
and still cws ver 2.13 doesnt find a thing
, im not going to spend much time on it if its a false as im trying to sort a few other things out
it is a wonder why they cant look and say ok it is there, so its not perfect, im not sure anything is

i have just finished the rest of the posts here, it is amazing at the end of the day, for example me......i got online 2 years ago and its taken till now to find some really good software that doesnt cost thousands, and i find myself strangling my system trying to stay ahead
and i was told a AV is enuff, then it became a firewall, then spyware....and to think eric howes at a uni in america is in the middle of a battle with a few companies, because of his honest knowledge
what is the next level, woe betide us simple home users who just want to enjoy a toy in the house, ill need a uni degree next week

now all i have to do is figure out all this info on checksums

 

i did a clean of prefetch/temp files this morning and rebooted....guess what counterspy found another cws referenced in tds-3.... it deffenitely doesnt like the configuration of this program....this extra one is c:\program files\tds-3\xdynamic\tds.unpk\a4d563b1-4dd6-4efa-8b30-0cec54.......i checked it with karens hasher program and they both came back with an ok all clear...i like counterspy as well as tds-3,but i fear counterspy still has some fine tuning
i didnt quarintine the files either, as i have security issues, it is reported in BBreports link here, http://www.broadbandreports.com/forum/remark,13022204
the team over there have been helpful, and more patient than me, as ive been posting about my frustrations in a few posts over the last 2 or 3 weeks
i realise it is not related to the above issue, but maybe someone here will see a pattern in this problem

 

Hi there,
I don't know what made you reformatting your system, i do hope it was not for that one false positive.
A false positive has nothing to do with your system, it is a wrong detection causing people gray hairs with searching etc.
Now you trust that program known for it's false positives more then a leagal program from a known company among the first to deal with trojans and other malware?
Did you read the helpfile and several threads here in the forum?
That xDynamic\tds.Unpk\ is the place where compressed files (zipped for instance) are unpacked to be scanned. Normally after that they are deleted. What you see in that folder are copies of original files which might be elsewhwre on your system or have been deleted.
What is in that folder you can delete after scanning if it was not done already automatically. What is there has nothing to do with TDS, just temporary copy files from elsewhere on your system.
That a4d563b1-4dd6-4efa-8b30-0cec5 looks like a clsid and i wonder the proper file name it belongs to. But don't search for it, just delete it, it has no value at all there.
You might see them in a HiJackThis log showing up.
The Hash tool of Karen -- it's not a scanner but calculates the MD5 value which should be compared with the original file. I have that function in CryptoSuite.

You might like your counterspy, but if it causes you to reformat after every found possible false positive i don't think you should like it.
Read the technical review from above and see if it fits to your situation.

What Controler meant by he would go for reformatting is in his case -- we know him since many years in the forums for testing lots of programs and scanning malware so he might have to reformat more frequently. But not you you after a possible false positive in a temp folder!

 

no jooske, it had nothing to do with that at all.
i have a security issue on this link
http://www.broadbandreports.com/forum/remark,13022204
i reformatted to start the process from clean, hopefully someone will know what is happening

what does the sha160.zip do, im learning so please dont get technical.....or is it too technical ??

 

Now for my understanding:
you reformatted and reinstalled and have the same or more issues?

Was a simple system restore to an older point not much easier?
Which windows version are you using?
Did you scan all software before using it again or did you use new fresh downloads where possible?
Do you have Port Explorer installed so you can see the actual connections and what they are plus resolve very quick the connections?
Did you install a registry protection like RegProtect or RegDefence?
Did you look at your firewall and browser setting relating to cookies and zones?
Some sites like this forum you better add to your trusted zone, and it depends on what you like to allow them further.

If you visit sites you will get lots of sockets opening for all those images and links on the pages: do a simple page refresh on this forum and you'll see some 5 or 6 and 1 remaining after several seconds.


You speak in the other thread about Visage PC Surveillance which is a normal shareware program you or somebody around has installed to see what is happening on your pc. http://www.realcode.com/; employers, parents, spouses install the kind of programs to check all user's activities.
But it must have it's own uninstaller in add/remove.
I wonder how this comes in the KAV directory; it doesn't come bundled with it now does it?
Did your counterspy come with false positives again, like detecting files in KAV's detection database?
I ever installed a new AV for testing and that wiped out my complete legal database from another AV/AT as thousands of positive identifications before i could stop it.
Thought KAV has an online webform support option, you could try to get answers that way; normally they are rather secure in answering.

Links to your other issues and screenshots would clarify a lot for everybody who is trying to help you.
"Does anybody remember my other issue with another ...." no i don't, i didn't see those postings and how you solved it till now and lack of time forbids me going to dig for it.
Your RegHive file might have to do with remote connection with another networked pc, maybe part of the update session or part of something you don't want installed or what you did install.
Did you ever use remote desktop for others helping on your system?

By the looks there's nothing wrong with your system but to be sure you could follow all the steps in BlackSpear's cleaning instruction. https://www.wilderssecurity.com/showthread.php?t=50662

 

ill dive into it more deeply jooske later so you understand more
basically i am a home user, running a netcomm 1300plus4 linked to westnet to link me to the internet
i have NEVER linked to another computer, EVER, no P2P, ever
so this is what worries me
the survellence software that was on my system came in thru KAVS updater when i first get on line
it has happened everytime i used KAV.i install all programs off disks, i find now nearly everything installed i save to disk has extra attachments that might not be saved when you copy this file to disc
i go on and update windows before doing the anti virus updates, all behind the nat router plus a firewall
i use outpost now,but have used KAVs anti hacker and zonealarm,they got past zonealarm with a comsurrogate program

id like to be telling all the program sites about all the issues, but seeing as ive only been using diamondcs gear, which is still in evaluation mode, i have only just learnt how to monitor properly as the ones i used before werent quite there
i have never installed a reg protector either
in the town im in there is few and far between as far as trained IT pros
my problems have the few stumped
so with my limited knowledge , it is a big hill i am climbing

i will use the cleaning process you mentioned, but i must tell you i did BBR's clean and nothing other than one mysterious root was found and i posted it,
and HJT logs find nothing
most IP addresses i find linked to me are abuse teams of various sites, whether it is them or not i dont know
after reading the issue of (DoS)grc.com it could be mirrored off them too

THANKYOU with all my heart on talking so,i have been banging my head against a brick wall over this, until now, and i realise i might not be set up enuff to really be on the internet......but i have been reading,reading,reading trying to gain the knowledge on how to set up my computer(and no-one sitting here looking/helping doesnt help

i bought a computer an AV ,a firewall and got online(thats all we were told we would need)
the average user doesnt have the knowledge of more tech experienced people

thanks again, maybe i am closer to solving an issue that has plagued me for a year now

 

jooske here is the links to some of the questions ,maybe in your spare time, i could get some feed back. you will have to excuse my natterings, it has been very frustrating to get to the bottom of the problem,as i find it hard to understand it let alone tell someone what is happening
http://www.broadbandreports.com/forum/remark,13038071
http://www.broadbandreports.com/forum/remark,13012408
http://www.broadbandreports.com/forum/remark,13001167
http://www.broadbandreports.com/forum/remark,12996112
http://www.broadbandreports.com/forum/remark,12979798
http://www.broadbandreports.com/forum/remark,12963180

i realise this is a lot of reading, so dont rush into it, but you sound very knowledged on this subject so hopefully in time you can see something. iam howeva thinking of scrubbing the HDD or throwing it away and starting with clean programs
the only problem here is how long will it last as it has been the last year that ive had them

thankyou in advance, i am grateful for what you have shown so far

 

Norwegian, i saw the recent HJT log in one of those threads, and i saw Calamity Jane on your case: she found your logs cleaner then clean, and i can tell you she is a professional in this field.
I see you have lots of professional protection software installed, among which ProcessGuard, protecting your system and files on kernel level, you really should get RegDefend beside that which protects your registry for tampering on kernel level. You could think of RegProtect too.
ProcessGuard among all has a very fine helpfile, which does tell about the program functionalities but also educates in backgrounds. Same with your TDS and it's helpfile, same with Port Explorer which i urge you to install and see what is happening on your system and reading that helpfile too.
I see in the HJT you are running XP home SP2, so all those fine programs run on your system.
Your HJT fle, did you make that in normal mode after a reboot, so all possible startup stuff was there?
And did you also try the AutoStartViewer (DiamondCS) which might show other stuff?

 

yes jooske, i am not doubting the people on this site at all, its just i have in start up list a program with no name that is in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run i was told it was a bad uninstall
I REFORMATTED MY DISK AND I LOOK UP MSCONFIG and its there again, i get no reply on this issue off anyone, how can a startup program have no name

this vx2 finder log what is SV1
Files Found---


Guardian Key--- is called:

User Agent String---
SV1

i did a rootkit scan and found all files with kavichs on the end, i beleive this is normal, but i also found a regisrty entry in
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\(and some coding)
i tryed to get the screen shot to convert to something postable, but i think i need to install one of my photo programs to transfer from rich text 4MB to JPEG to show what i mean,
1 key reg_sz (default)
2 key devicedesc reg_sz (coded)
3 key deviceInstanceIds reg_multi_sz(driver-ati catalyst)
4 key displayname reg_sz (coded)
5 key MFG reg_sz (coded)
6 key providername reg_sz (coded)
7 reinstallstring reg_sz 6.14.10.64.67

 

here also is my last 2 days of firewall logs, why is the ones with # there
i didnt visit them at all

 

sorry for all this jooske, i would just like an answer and i guess they are fed up with me

 

jooske
i think i found it
if it wasnt for port explorer from diamondcs i would never have known
when the cash flows all together after i get back to work im gunna buy the whole lot of their programs
you beauty as us aussies say
capture is passworded
and the other is a text file
it all relates to the other day when 300+ ports seemed open, a one off item but i was at a government site looking for work related site


THE FILES DIDNT UPLOAD AS THEY WERE ZIP, BECAUSE IN TEXT THEY WILL BE 4MG EACH
but trust me it will be worth it, maybe there is another way i can send them or look at this link
http://www.broadbandreports.com/forum/remark,13041377