Backweb lite

Discussion in 'other security issues & news' started by BornMember, Apr 27, 2005.

Thread Status:
Not open for further replies.
  1. BornMember

    BornMember Registered Member

    Joined:
    Mar 30, 2005
    Posts:
    75
    Hi All

    Just updated Spybot and ran a scan with new detection rules, it has found Backweb Lite with 64 probs in total. I have F-Secure as my AV and I'm aware that it uses Backweb (don't know what Backweb is though) Should I let Spybot fix this problem?

    ThanX
     
  2. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
  3. chaos16

    chaos16 Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,004
    wat is it from f-secureo_O
    coz i get the same thing and i don't use f-secure??
     
  4. BornMember

    BornMember Registered Member

    Joined:
    Mar 30, 2005
    Posts:
    75
    Well I have had F-Secure for atleast a month now and this is the first time Spybot has detected it. The update info for spybot is given as below and it does not look as though Backweb lite has been added today (unless I'm blind)

    From what I can see all the problems with Backweb lite (64 in total) detected by Spybot does not state F-Secure I can see NETSCAPE VIEWER entries as HKEY and all the rest are IBACKWEB... (I use Firefox as my browser)

    The only program I updated today other than F-Secure AV is JAP (to version 00.04.017).

    hmmm... can JAP be the culprit?


    Spybot
    Updates 27. April 2005

    2005-04-27
    Dialer
    ++ EOPS-Connector.Solutions
    Hijacker
    ++ CoolWWWSearch.BadZoneMap ++ CoolWWWSearch.Feat2Installer.ADS + CoolWWWSearch + CoolWWWSearch.SmartSearch ++ MBKW-Bar + eXact Advertising.BargainsBuddy.Solutions ++ CWS.Solutions ++ MTC.MakeMeSearch.com ++ Superlogy.com.Solutions ++ Hyperlinker.Solutions ++ Stickypops.com.Solutions ++ CWS.SmartSearch-Gal
    Malware
    ++ SpywareStormer ++ Macrosoft ++ Rotue ++ Apphunter ++ Phynix ++ Catal + E2Give ++ DarpMeter + R-Bot + QDown (3) ++ EffectiveBandToolbar.Solutions ++ Hotplug ++ Systime.Solutions ++ VirtuMonde ++ MTC.Saristar ++ NeoToolbar
    Spyware
    + WildTangent + n-Case + Admilli Service + Farmmext ++ BancBan
    Trojan
    + Startpage-EH ++ InstaFink + Haxdoor-H + Nuclearwinter ++ Windows AdTools.Solutions ++ Adlogix
     
  5. BornMember

    BornMember Registered Member

    Joined:
    Mar 30, 2005
    Posts:
    75
    I have checked the link and this is what a cut from it

    "F-Secure BackWeb shall be used only for receiving updates and related information on F-Secure's antivirus and security products. F-Secure BackWeb may not be used for any other purpose or service. "BackWeb" is a trademark of BackWeb Technologies."

    Still can't explain why Netscape viewer entries show up.

    Chaos do you have any idea where you got it from? I'm starting to point the finger at JAP amd its update and upgrade function. Has anyone else faced this with JAP?
     
  6. Jeremy2

    Jeremy2 Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    72
    I got them too, Netscape viewer entries, since the last spybot update. I don't have f'secure, neither jap. I run Adware, and it didn't catch any.

    Anyone has any idea, about these entries?
     
  7. BornMember

    BornMember Registered Member

    Joined:
    Mar 30, 2005
    Posts:
    75
    Come on GuyZ need help here

    Whilst searcing for Backweb entries with regseeker, all F-Secure related Backweb entries can be clearly distinguished and the same applies for MS search under the start menu. I'm fairly sure that the Backweb Lite entries detected by Spybot are not related to F-Secure.

    I have no other software that requires Backweb (as far as I am aware). Should I fix Backweb Lite with Spybot? the only thing holding me back is that I dont want any problems with F-Secure the installation process is soooooooooo long.

    Any ideas?

    Born
     
  8. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Try to let Spybot fix it, you can restore the files from "recovery" in case you notice something thats not right after fixing it, well thats what i would do anyway. :)
     
  9. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
  10. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    If you don't mind....Please follow the below instructions concerning Saving Advanced Log Reports and when you get to the part about Next click 'Copy'....Please post\paste the output of that copy here.

    This link---> Saving Advanced Log Reports
    My suggestion would be to re-scan after placing a check mark next to the BackWeb lite entry found in the Pups.sbi or All products tab.

    Mode\Advanced Mode\Settings\Ignore products
     

    Attached Files:

  11. BornMember

    BornMember Registered Member

    Joined:
    Mar 30, 2005
    Posts:
    75
    ThanX guyZ and here is my report Bubba


    --- Search result list ---

    --- Spybot - Search && Destroy version: 1.3 ---
    2005-04-26 Includes\Cookies.sbi
    2005-04-27 Includes\Dialer.sbi
    2005-04-27 Includes\Hijackers.sbi
    2005-04-15 Includes\Keyloggers.sbi
    2004-11-29 Includes\LSP.sbi
    2005-04-27 Includes\Malware.sbi
    2005-04-27 Includes\PUPS.sbi
    2005-04-27 Includes\Revision.sbi
    2005-02-09 Includes\Security.sbi
    2005-04-27 Includes\Spybots.sbi
    2005-02-17 Includes\Tracks.uti
    2005-04-27 Includes\Trojans.sbi


    --- System information ---
    Windows XP (Build: 2600) Service Pack 2
    / Windows XP / SP3: Windows XP Hotfix - KB834707
    / Windows XP / SP3: Windows XP Hotfix - KB867282
    / Windows XP / SP3: Windows XP Hotfix - KB873333
    / Windows XP / SP3: Windows XP Hotfix - KB873339
    / Windows XP / SP3: Windows XP Hotfix - KB885250
    / Windows XP / SP3: Windows XP Hotfix - KB885835
    / Windows XP / SP3: Windows XP Hotfix - KB885836
    / Windows XP / SP3: Windows XP Hotfix - KB886185
    / Windows XP / SP3: Windows XP Hotfix - KB887742
    / Windows XP / SP3: Windows XP Hotfix - KB888113
    / Windows XP / SP3: Windows XP Hotfix - KB888302
    / Windows XP / SP3: Windows XP Hotfix - KB890047
    / Windows XP / SP3: Windows XP Hotfix - KB890175
    / Windows XP / SP3: Windows XP Hotfix - KB890859
    / Windows XP / SP3: Windows XP Hotfix - KB890923
    / Windows XP / SP3: Windows XP Hotfix - KB891781
    / Windows XP / SP3: Windows XP Hotfix - KB893066
    / Windows XP / SP3: Windows XP Hotfix - KB893086
    / Windows XP / SP3: Windows Installer 3.1 (KB893803)


    --- Startup entries list ---
    Located: HK_LM:Run, adiras
    command: adiras.exe

    Located: HK_LM:Run, F-Secure Manager
    command: C:\Program Files\Shaw Secure\Common\FSM32.EXE /splash

    Located: HK_LM:Run, F-Secure TNB
    command: C:\Program Files\Shaw Secure\TNB\TNBUtil.exe /CHECKALL /WAITFORSW

    Located: HK_LM:Run, WinPatrol
    command: C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    file: C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    size: 140480
    MD5: a6c7b9148581b89ba437ac29404e20b9

    Located: HK_CU:Run, ctfmon.exe
    command: C:\WINDOWS\system32\ctfmon.exe
    file: C:\WINDOWS\system32\ctfmon.exe
    size: 15360
    MD5: 24232996a38c0b0cf151c2140ae29fc8

    Located: Startup (common), DSLMON.lnk
    command: C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    file: C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    size: 962663
    MD5: b2eb1a530f47eeea0e8f42d4d29392ee

    Located: Startup (common), hp psc 2000 Series.lnk
    command: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    file: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    size: 323646
    MD5: 76266fcb3ec2e37c7b6477d6ba1e7869

    Located: Startup (user), SpywareGuard.lnk
    command: C:\Program Files\SpywareGuard\sgmain.exe
    file: C:\Program Files\SpywareGuard\sgmain.exe
    size: 360448
    MD5: 61c028aba5e49573a6332f4a7c744e87

    Located: Startup (disabled), hpoddt01.exe (DISABLED)
    command: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe
    file: C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe
    size: 28672
    MD5: a564a22308a3f55235ba2478ee82992d

    Located: Startup (disabled), Utility Tray (DISABLED)
    command: C:\WINDOWS\system32\sistray.exe
    file: C:\WINDOWS\system32\sistray.exe
    size: 352256
    MD5: 8270d99a5d96d2a269f852ff7728c82d



    --- Browser helper object list ---
    {4A368E80-174F-4872-96B5-0B27DDD11DB2} (SpywareGuard Download Protection)
    BHO name: SpywareGuard Download Protection
    CLSID name: SpywareGuardDLBLOCK.CBrowserHelper
    description: SpywareGuard download protection
    classification: Legitimate
    known filename: dlprotect.dll
    info link: http://www.wilderssecurity.net/spywareguard.html
    info source: TonyKlein
    Path: C:\Program Files\SpywareGuard\
    Long name: dlprotect.dll
    Short name: DLPROT~1.DLL
    Date (created): 03/08/2003 00:24:02
    Date (last access): 28/04/2005 20:23:24
    Date (last write): 03/08/2003 00:24:02
    Filesize: 192512
    Attributes: readonly archive
    MD5: 964621E8B2415FEAA99026ED4F29D198
    CRC32: DC8CF59D
    Version: 0.2.0.2

    {53707962-6F74-2D53-2644-206D7942484F} ()
    BHO name:
    CLSID name:
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDhelper.dll
    info link: http://spybot.eon.net.au/
    info source: Patrick M. Kolla
    Path: C:\PROGRA~1\SPYBOT~1\
    Long name: SDHelper.dll
    Short name:
    Date (created): 12/05/2004 02:03:00
    Date (last access): 28/04/2005 20:23:24
    Date (last write): 12/05/2004 02:03:00
    Filesize: 744960
    Attributes: archive
    MD5: ABF5BA518C6A5ED104496FF42D19AD88
    CRC32: 5587736E
    Version: 0.1.0.3



    --- ActiveX list ---
    {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
    DPF name:
    CLSID name: Shockwave ActiveX Control
    description: Macromedia ShockWave Flash Player 7
    classification: Unknown
    known filename: SWDIR.DLL
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\system32\Macromed\Director\
    Long name: SwDir.dll
    Short name:
    Date (created): 17/04/2005 19:56:46
    Date (last access): 28/04/2005 08:48:50
    Date (last write): 09/09/2004 14:49:12
    Filesize: 54488
    Attributes: archive
    MD5: 943193399C341AC34E842CB07B5F29A0
    CRC32: 12DEB8F4
    Version: 0.10.0.1

    {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine)
    DPF name:
    CLSID name: Office Update Installation Engine
    Path: C:\WINDOWS\
    Long name: opuc.dll
    Short name:
    Date (created): 27/08/2003 05:10:30
    Date (last access): 28/04/2005 08:51:10
    Date (last write): 27/08/2003 05:10:30
    Filesize: 314368
    Attributes: archive
    MD5: 1E32EC4A8A17B19926B49EA5F6B79A76
    CRC32: E98FC293
    Version: 0.11.0.0

    {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
    DPF name:
    CLSID name: WUWebControl Class
    Path: C:\WINDOWS\system32\
    Long name: wuweb.dll
    Short name:
    Date (created): 09/01/2005 11:52:28
    Date (last access): 28/04/2005 08:48:50
    Date (last write): 03/08/2004 14:59:06
    Filesize: 120288
    Attributes: archive
    MD5: 0CD6248038C70B4C688DBD315D90A97A
    CRC32: 0EF7DE01
    Version: 0.5.0.4

    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.3.1_09)
    DPF name: Java Runtime Environment 1.3.1_09
    CLSID name: Java Plug-in 1.3.1_09
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\JavaSoft\JRE\1.3.1_09\bin\
    Long name: NPJava131_09.dll
    Short name: NPJAVA~1.DLL
    Date (created): 23/03/2005 21:19:16
    Date (last access): 28/04/2005 10:00:32
    Date (last write): 05/08/2003 10:02:56
    Filesize: 53365
    Attributes: archive
    MD5: B7901A7E46B41AF6F874A5026A1DA8E1
    CRC32: 9DA843F6
    Version: 0.1.0.3

    {CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_09)
    DPF name: Java Runtime Environment 1.3.1_09
    CLSID name: Java Plug-in 1.3.1_09
    Path: C:\Program Files\JavaSoft\JRE\1.3.1_09\bin\
    Long name: NPJava131_09.dll
    Short name: NPJAVA~1.DLL
    Date (created): 23/03/2005 21:19:16
    Date (last access): 28/04/2005 20:42:20
    Date (last write): 05/08/2003 10:02:56
    Filesize: 53365
    Attributes: archive
    MD5: B7901A7E46B41AF6F874A5026A1DA8E1
    CRC32: 9DA843F6
    Version: 0.1.0.3



    --- Process list ---
    Spybot - Search && Destroy process list report, 28/04/2005 20:42:18

    PID: 0 ( 0) [System]
    PID: 4 ( 0) System
    PID: 460 ( 4) \SystemRoot\System32\smss.exe
    PID: 516 ( 460) csrss.exe
    PID: 548 ( 460) \??\C:\WINDOWS\system32\winlogon.exe
    PID: 592 ( 54:cool: C:\WINDOWS\system32\services.exe
    PID: 604 ( 54:cool: C:\WINDOWS\system32\lsass.exe
    PID: 748 ( 592) C:\WINDOWS\system32\svchost.exe
    PID: 808 ( 592) svchost.exe
    PID: 844 ( 592) C:\WINDOWS\System32\svchost.exe
    PID: 888 ( 592) svchost.exe
    PID: 920 ( 592) svchost.exe
    PID: 1112 ( 592) C:\WINDOWS\system32\spoolsv.exe
    PID: 1216 ( 592) C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
    PID: 1244 ( 592) C:\Program Files\ewido\security suite\ewidoctrl.exe
    PID: 1264 ( 592) C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
    PID: 1300 (1264) C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
    PID: 1312 ( 592) C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
    PID: 1336 (1300) C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
    PID: 1360 ( 592) C:\Program Files\Shaw Secure\Common\FSMA32.EXE
    PID: 1448 ( 592) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    PID: 1516 (1360) C:\Program Files\Shaw Secure\Common\FSMB32.EXE
    PID: 1540 (1360) C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
    PID: 1552 ( 592) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    PID: 1780 ( 592) alg.exe
    PID: 1800 (1360) C:\Program Files\Shaw Secure\Common\FCH32.EXE
    PID: 1832 ( 592) fshttps.exe
    PID: 1876 (1360) C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
    PID: 1928 ( 592) C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
    PID: 1936 (1360) C:\Program Files\Shaw Secure\FSPC\fspc.exe
    PID: 2212 (2116) C:\WINDOWS\Explorer.EXE
    PID: 2400 (2212) C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    PID: 2416 (2212) C:\Program Files\Shaw Secure\Common\FSM32.EXE
    PID: 2432 (2212) C:\WINDOWS\system32\ctfmon.exe
    PID: 2472 (2212) C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    PID: 2508 (2212) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    PID: 2524 (2212) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    PID: 2532 (2212) C:\Program Files\SpywareGuard\sgmain.exe
    PID: 2592 (2416) C:\Program Files\Shaw Secure\FSGUI\fsguiexe.exe
    PID: 2672 ( 74:cool: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    PID: 2764 (2532) C:\Program Files\SpywareGuard\sgbhp.exe
    PID: 2796 (2672) C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    PID: 2988 (1216) C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
    PID: 3384 (2212) C:\Program Files\Jap\jap.exe
    PID: 3440 (3384) C:\WINDOWS\system32\javaw.exe
    PID: 3636 (2212) C:\Program Files\Mozilla Firefox\firefox.exe


    --- Browser start & search pages list ---
    Spybot - Search && Destroy browser pages report, 28/04/2005 20:42:18

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.tiscali.co.uk/broadband
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    %SystemRoot%\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]

    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]

    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip [*]

    Protocol 3: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 4: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{36194EAC-92C2-43FB-B471-6D734B77370A}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{36194EAC-92C2-43FB-B471-6D734B77370A}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8A533DAF-0237-40D5-A37F-E7F5C67F07BD}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8A533DAF-0237-40D5-A37F-E7F5C67F07BD}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C78D09FA-1A78-486B-9E47-37227F46ED55}] SEQPACKET 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C78D09FA-1A78-486B-9E47-37227F46ED55}] DATAGRAM 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{43F2BCCD-BF6F-40F3-80A0-00B06D05C303}] SEQPACKET 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{43F2BCCD-BF6F-40F3-80A0-00B06D05C303}] DATAGRAM 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DBB5AA45-D681-4909-8583-021F6369E6A7}] SEQPACKET 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DBB5AA45-D681-4909-8583-021F6369E6A7}] DATAGRAM 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider 0: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 1: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 2: Network Location Awareness (NLA) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace
     
  12. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    What I did:

    I downloaded and installed the whole Shaw Secure thing, also the Adaware clone. I ran S-S&D and found those 63 Backweb Lite things. Then I uninstalled and removed all the Shaw things (everything means you have to kill before some F-secure processes in your task manager). I left the Adaware part intact. I ran S-S&D again and it found now 7 Backweb Lite issues. I fixed 4 of them, the other ones couldn't. I restarted and killed another one. So I am still having 2 issues here. Adaware is still function and I can still merge the update.defs.
    So far my update.
    Cheers,

    Gerard
     
  13. lindaambar

    lindaambar Registered Member

    Joined:
    Aug 12, 2004
    Posts:
    3
    Hi there!

    I also received a warning today from Spybot re: Backweb Lite. It appears that it is installed with some brands of computer:

    QUOTE:
    Bundled with products from HP (HP Pavilion), Compaq, Network Associates, Real Networks, Logitec (with their mouse drivers!), IBM, F-Secure, Western Digital Data Lifeline, Kodak digital camera sync software, Kodak Software Updater (for Kodak Easyshare digital cameras), Packard Bell ActivSurf.

    Hope this helps.
     
  14. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    784
    Location:
    UK
    Yes agreed, I bought a Packard Bell PC complete with Activsurf :mad: , and Ad aware had a field day when I first ran it. I Uninstalled activsurf and ad aware fixed the rest, with a little help from me manually fixing the registry.. :)
     
  15. lindaambar

    lindaambar Registered Member

    Joined:
    Aug 12, 2004
    Posts:
    3
    Hi again

    There's a lot of info on Backweb's website, including lists of their Customers & Partners.
    Also a comprehensive explaination of what Backweb actually does:

    http://www.backweb.com/services/technical/

    It's certainly very informative - makes you wonder what else is lurking in the Registry!
     
  16. PixelHermit

    PixelHermit Registered Member

    Joined:
    May 3, 2005
    Posts:
    3
    Tricky stuff this... In any case, I think a few things should be pointed out regarding F-Secure products vis-à-vis Backweb. First of all, some F-Secure programs use the Backweb Client, but no F-Secure programs use Backweb Lite! The Client and the Lite versions are not entirely the same, and as far as I can tell only the Lite version can be used by malware or spyware.

    Secondly, only older F-Secure products use the Backweb Client, namely F-Secure Anti-Virus 5.4x and earlier (both server and workstation versions) and a few of their anti-viral solutions for mail servers. Newer products, such as F-Secure Anti-Virus 2003 and later, F-Secure Internet Security 2003 and later, and all versions of the excellent F-Secure Anti-Virus Client Security suite do not use Backweb, in any form or shape. Chances are that if you get second thoughts about Backweb because of F-Secure products, you probably should consider updating the latter ones anyway, since they are outdated. And if you already use newer F-Secure versions, they are not to blame: however, you might consider adding F-Secure Anti-Spyware to your F-Secure family... ;)
     
  17. Shrink

    Shrink Guest

    It is tricky - and the answer isn't that simple either I'm afraid. I've got F-Secure Anti Virus Client Security 5.55 and that uses Backweb.

    So don't get rid of all those entries just yet folks!
     
  18. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi,

    Have you tried turning off "system restore" to see if SpyBot can do it's thing.

    Take Care,
    TheQuest :cool:
     
  19. BornMember

    BornMember Registered Member

    Joined:
    Mar 30, 2005
    Posts:
    75
    Hey Quest there is no problem with removal as Spybot does that. But when I fixed all 64 probs with spybot and restarted I could not update F-Secure AV so I reinstalled the components through the recovery (I had done this in a rush as I currently don't have the time to investigate it now). Agree with Shrink and PixelHermit don't think all 64 probs are related to F-Secure. When I have the time I will try to remove as many as I can with spybot and I will keep you posted.

    sorry for the v. late reply guyz have been away. ThanX for all the posts!

    Born
     
  20. jaymac

    jaymac Guest

  21. BornMember

    BornMember Registered Member

    Joined:
    Mar 30, 2005
    Posts:
    75
    Thanks jaymac, they are all false pos. related to F-secure backweb. You can view these entries with Regseeker. The netscape entries are also related to F-secure, however I am still not sure if it is used by F-secure to update or if it comes packed with Backweb that they use.

    My updates have recently expired with F-secure and I have uninstalled it (although it's very good) awaiting the final release of KAV 6 security suite.

    Cheers all

    Born
     
  22. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I just got Spybot ver. 1.4 with the latest definitions. For the first time, Spybot says I have Backweb lite and the registry keys are for Netscape. I had F-Secure two years ago and got rid of it almost immediately because it installed Backweb (not the lite version) which promtply killed my screen saver and put its own on with ads! That happened on my older 98SE box.

    On my current XP Pro box, F-Secure has NEVER been on this box. So if these Netscape entries are connected to F-Secure then why do I have them? And why has Spybot never noticed them, in all the years I've had Spybot, until now?

    I gather these registry entries are from Netscape 7.2 which I rarely use, Mozilla 1.6 which I use frequently and from Firefox 1.0PR my main browser. What is this viewer stuff that the entries have to do with? I can't find any viewers when I look at Netscape preferences or in the other browsers.

    So, I am quite confused. Spybot told me that it could not fix the problem because the registry keys were in use! I only had Firefox open when it told me that. It said I had to reboot and check the box to let Spybot run at boot before the Desktop loaded. So, I did that and it got rid of the entries. But I'm wondering if this isn't a false positive? I did some Googling and evidently the registry entries are there if you have any flavor of a Mozilla product ...Netscape, Firefox or Mozilla.

    I posted at the Spybot forum in the False Positives area but haven't seen a response yet.
     
  23. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Backweb lite is also used by Logitech with their wireless keyboards.

    Cheers :D
     
  24. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Yes, I know. It's also used by:
    ACNielson
    BIOTRONIK
    Boehringer Ingelheim
    Borsa Italiana
    British Telecom
    Fidelity Investment
    F-Secure (F-Prot AV maker)
    Guidant
    Hewlett-Packard
    Kaeser Kompressoren
    LKA-tencor
    Kodak
    Lam Research
    Logitech
    Netstal
    Owens-Illinois
    Siemens
    http://www.backweb.com./customers/

    Backweb Partners »www.backweb.com./partners/
    BEA
    Checkpoint
    F-Secure
    IBM
    PeopleSoft
    Plumtree
    SAP

    Backweb technology has been used by Netscape since 1996, so why is just now being detected by Spybot? Did it change recently and become more spywarish? Spybot says it puts background downloaded popup ads on your box. Well, if does, between Proxo and Firefox adblocker which is also in Netscape, I sure don't see any! :) Why would Netscape partner with some company that would put popup ads on your computer to fight with Netscape ad blocker? I think this must be a false positive.
     
Thread Status:
Not open for further replies.