I thought I had decent protection but I just picked up 9 trojans. I have Trendmicro internet security, Xoftspy, MS antispy (Giant), SpyBlaster, Spyware X-terminator, enhanced hosts file, and a few others. But Xoftspy just picked up 9 trojans(Xoftspy doesn't have realtime protection). What do I need to do to stop the tojans from being installed? Spyware is really getting out of hand!
Hi JB16907, and welcome to the forum. I have moved your post from the Javacool SpywareBlaster forum as your question is more general and involves other security apps. Your thread will receive better attention for your questions in this forum (Privacy Problems). Could you please give us a bit more information on what the name(s) are of the 'trojan/spyware' that's being identified, along with the name of the file(s) and where they are located. Telling us your Operating System, and also if you have a firewall installed, will also help us find out what more you may need for protection. If it is just Xoftspy that is picking up this infection and all your other scanners are not, then there is a good change these are false/positives by Xoftspy. You can go through the steps in the General Cleaning thread as an added measure. Regards, snap
quite simple stop using interent explorer and get a decent browser like Firefox, alot of these spyware progs and stuff like wwwcoolsearch and things are developing alot of spyware and buying internet exploits from people that are currently undisclosed tospread thier software so no av program will pick it up so they can easily bundle in a rat or too with thier software.
A little premature in your assumption, Th3ChaS3r. Nothing wrong with using an alternative browser, but let's wait until JB16907 replies with further information. Regards, snap
There is as Snapdragin is saying a good chance that it's false-positive's, something Xoftspy has been known for, from the "rogue list": it specificly says "trojans" then try to download Ewido Anti-trojan (free for 14 days) and run that. Try couple of online-scanners more like : Bitdefender & Panda. Personally i would uninstall Xoftspy & Spyware X-terminator, and use MS Antispyware, Ad-Aware, Spybot with spywareblaster for spywaredetection/prevention. Just my 2 cents
@ Admin okay i wanna sportsmans bet he will be using IE (jokes) Yeah i agree my assumptions are premature but i know too many people that complain about spyware and use internet explorer. Yeah try using an online scanner or try out ewido, the guy who made ewido knows what he was doing.
I pulled this from their log: Troj/Agent-BN"> <REGKEYFOUND NAME = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\search-soft.net"/> <REGKEY NAME = "Troj/Agent-BN Troj/Dloader-FC www.awmdabest.com"/> <HOST VALUE = "Troj/Dloader-FC www.sexfiles.nu"/> <HOST VALUE = "Troj/Dloader-FC awmdabest.com"/> <HOST VALUE = "Troj/Dloader-FC sexfiles.nu"/> <HOST VALUE = "Troj/Dloader-FC iframe.biz"/> <HOST VALUE = "Troj/Dloader-FC www.newiframe.biz"/> <HOST VALUE = "Troj/Dloader-FC www.vesbiz.biz"/> <HOST VALUE = "Troj/Dloader-FC vesbiz.biz
Since Don has quoted the section on XoftSpy above, to be fair, I must point out there is a Note on XoftSpy which state the concerns for false/positives were addressed in their version 4.0, though to what degree hasn't been stated as far as I can see. So there is still a possibility of these being false/positives. Also, XoftSpy has been removed from the rouge/suspect list for anti-spyware, as mentioned in that "note". Regards, snap
Some of those files are detected by Sophos AV under those names, so they may not be false positives. The best way to tell would be to scan the files with another AV/AS pro, or submit the samples to TrendMicro.
Hi JB16907, You've mentioned that you use SpywareBlaster, and if you have enabled ALL it's protection, then that would include the "Restricted Sites Protection". SpywareBlaster does enter into the registry the search-soft.net (along with a few other's you've listed above) into the Internet Explorer's Restricted sites zone, as does IE-Spyad (if you are using that one). This section of the registry: My Computer\HKEY+CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains If you have XoftSpy fix those entries, you can check SpywareBlaster and see if those exact same entries are then disabled. That way you would know if XoftSpy is detecting the protection SpywareBlaster is entering into the registry. I am not familiar with XoftSpy's log's, so I'm not sure where these "HOST VALUE = " are being detected at, but you did mention using an "enhanced hosts file" ...so XoftSpy could be detecting your hosts file's entries in this case also. But to be on the safe side, as suggested by Sweetie(*)(*) you should do an on-line scan, and also going through the General Cleaning instructions in the link I provided above in Post #2, just to see if any other scanners are picking up an infection. Please let us know how the scans turn out. Regards, snap
Thanks for all of the help! I'm at work now so it will tonight before I can send any more info. I agree with one of the posts about Spyware X-terminator. I don't think it's very effective. I know Xoftspy has been slammed for a while, but the curent version seems to be very effective and their support was great when I was fighting some trojans a few weeks ago. I had the terrible cws virus and it took 5 days to get everything cleaned up! They were very interested in Hijackthis logs I sent them. Doesn't Firefox have hacker problems via the international fonts? I thought I read something about that. I'm sure getting an education on spyware . I blame MS for all of this. John
nope firefox is the safest browser around at the moment, i know that there is a version of mozilla and firefox prior to the newest which has xss holes in it with the way it handles news:// but that is the only thing i know about with firefox
Hi John, once your system is clean, you may want to take a look HERE, with further discussions on security and how to make your system that much stronger, see HERE and HERE. Hope this helps... Cheers
Thank you BlackSpear for not stating what is not needed . The guy asked for some help . If he chooses to use IE , so be it . Not fair to tam something else down his throat . And the info on Xoftspy is precise . Thanks to you as well , Snap for helping with the problem . Nice to see there is help when needed . Keep up the great work guys
Wow so many requests! Sorry but I had to work until 8pm so I didn't get much done. Snapdragin you're right about where Xoftspy is finding the trojans-CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains. They could be false positives, but SpywareBlaster doesn't list any disabled protection so I can't be sure. I sent the logs to Xoftspy support so I'd like to wait to see what they have to say. They have always responded quickly. I also pointed them to this thread so they can comment if they want. I looked at the 3 levels of protection Blackspear suggested and intend to use that info to make my computers safer. I'm using Trend micro's firewall and am convinced it's not very good. Is Outpost's firewall the way to go? I used to use Zonealarm's free firewall but it drove me crazy with the silly hourly popup asking if I wanted to upgrade to the pro version. Is the pro version a resource hog? Th3ChaS3r you seem so convinced Firefox is the way to go you've convinced me to give it a try. Give me some time to get all of these tasks done. Sorry about all of the babble . I like this forum and will begin camping out here some(mostly just listening). Thanks again.
Hi JB16907, I'm glad you were able to contact XoftSpy about the alerts....that would be the best way to rule out any possible false/positives. No program is without a false/positive now and then and it is always best to check with the program's developers before deleting any files. In regards to your questions concerning firewalls and browsers... in order not to take this thread off-topic, you can do a search of our forum and you'll find many threads on both where member's have given their experience and opinions on them. Then if you wish to ask further questions about firewalls and browsers, you can open a new topic in the appropriate forums: For firewalls -> Other Firewalls fourm For browsers -> Software & Services forum Please do let us know how you make out with the reply from XoftSpy as it may help someone else who might have received similiar alerts. Regards, snap
Well I have an update....they (xoftspy) posted a new definition file so I updated and ran again. This time it found NUMEROUS bad guys in my host file. Only problem is they are there as 127.0.0.0 to screw up these rogue sites. I sent another logfile and my host file to help them out. The good news is they are trying hard. They bad news is they aren't watching what you guys and others are doing to combat rogueware. So I suggested they start watching this forum and majorgeeks to keep up with you! I've already paid for one year so I'm sticking with them and hopefully help fix their stuff. I know this belongs in another forum, but this is just a note to Th3ChaS3r. I downloaded firefox and had some problems with some sites I use for my business so it's still a work in progress for me. Looks ok otherwise. I'm ready to dump trendmicro's firewall (I'll keep the virus checker) and go with Kerio. Can someone point me to docs on setting up the rules? I saw a site a few days ago but can't find it again. Thanks in advance
Ok, I liked Zonealarm but the popup drove me crazy. Thanks for the way too turn it off. Yes, I'd like your method to make IE solid.
@ racoons13....I have split your posts into a thread of it's own in order to assist you better with your problem. This thread---> Trojans detected ? Regards, Bubba