Howcome they come back?

Discussion in 'SpywareBlaster & Other Forum' started by computerkiller, Oct 30, 2004.

Thread Status:
Not open for further replies.
  1. computerkiller

    computerkiller Registered Member

    Joined:
    May 28, 2004
    Posts:
    6
    I use SpywareBlaster in conjunction with plenty of spyware removal programs. Whenever I finish a scan with one of them and I see that it detects a registry key with a CLSID I enter that CLSID into the custom blocking tool in SpywareBlaster and enable protection against it. However, a lot of times I will find the same CLSID reappearing in future spyware scans. I thought SpywareBlaster was supposed to prevent this. Why do the same CLSIDs keep coming back even though I have blocked them using SpywareBlaster?
     
  2. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    Hi & welcome to Wilders. I suspect ur problem lies with a loophole in IE. If u download IE-Spyad the Web sites for these companies will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs onto the PC.

    I also suspect ur re-occurring pest is "redsheriff" which will be blocked by IE-Spyad.

    http://tinyurl.com/6mryz - IE-spyad download.

    Before installing IE-Spyad, if u do, I suggest u first clear ur computer of all spyware with the progranms u are using to do so.
     
  3. scott lang

    scott lang Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    211
    Location:
    claremore,ok
    also one other thing might help some and that is get the current hosts file and overwrite your hosts file you have now. i have blaster, spybot, and adaware se plus i overwrote the hosts with the newer one. helped alot. also make sure you have all the current prg releases of you spyware prgs. spybot is now 1.3.1TX
    adaware se is 1.05. incase you dont have them upto these versions already.
     
    Last edited: Nov 5, 2004
  4. computerkiller

    computerkiller Registered Member

    Joined:
    May 28, 2004
    Posts:
    6
    I already had IE-SpyAd, but I downloaded the newest one just now. I also already had a hosts file, from something like mvps.org. All of my programs are up to date. I just thought that SpywareBlaster prevented blocked CLSIDs from getting installed, but there are a handful of them that keep coming back. The only program I have that detects them is Spyware Doctor. I remove them every time, yet they always reappear. Every CLSID that it finds is on my custom blocking list. Here is a log of what Spyware Doctor finds:

    007 Keylogger (HKCR\clsid\{48E59293-9880-11CF-9754-00AA00C00908})
    007 Keylogger (HKCR\Interface\{48E59291-9880-11CF-9754-00AA00C00908})
    007 Keylogger (HKCR\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908})
    Super-gals.com (HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com)
    Virtual Bouncer (HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908})
    Virtual Bouncer (HKCR\CLSID\{48E59294-9880-11CF-9754-00AA00C00908})
    Virtual Bouncer (HKCR\CLSID\{48E59295-9880-11CF-9754-00AA00C00908})
    Virtual Bouncer (HKCR\InetCtls.Inet)
    Virtual Bouncer (HKCR\InetCtls.Inet.1)
    Virtual Bouncer (HKCR\Interface\{48E59291-9880-11CF-9754-00AA00C00908})
    Virtual Bouncer (HKCR\Interface\{48E59292-9880-11CF-9754-00AA00C00908})
    Virtual Bouncer (HKCR\TypeLib\{48E59290-9880-11CF-9754-00AA00C00908})
    Zango Search Assistant (HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com)
    Zango Search Assistant (HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\i-lookup.com)
    Zango Search Assistant (HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\offshoreclicks.com)
    Zango Search Assistant (HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\teensguru.com)
    Zango Search Assistant (HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com)
     
  5. scott lang

    scott lang Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    211
    Location:
    claremore,ok
    do these addy's show up in the ie's restricted sites? and whats your setting for it? i have mine on high with everything disabled.
     
  6. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    They are False positives by Spyware Doctor....Please follow the below links to some recent threads concerning these Spyware Doctor False positives.

    Recent threads:
    Items unblocking themselves

    Spyware Blaster and Spyware Doctor
     
  7. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    @ Scott:
    Please follow the below link from the other day where I commented that a Hosts file does not add sites to the Restricted Zone of IE.

    This post---> https://www.wilderssecurity.com/showpost.php?p=288008&postcount=11
     
  8. computerkiller

    computerkiller Registered Member

    Joined:
    May 28, 2004
    Posts:
    6
    Thanks for the clarification, Bubba.
     
  9. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Your very Welcome :)
     
  10. akaBob

    akaBob Registered Member

    Joined:
    Nov 3, 2004
    Posts:
    1
    THANK YOU for your explanation in that earlier thread. This exact problem has been driving me bonkers ever since I installed licensed versions of both Spyware Doctor and AdwareAway (added to SmartKiller, HijackThis, SpywareBlaster, AdAware SE, and SpyBot). Thankfully a Google Search for "CoolWebSearch (484)" led me to this forum. Cheers, Bob :D
     
  11. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    You just gotta Love Google....it brought you our way....Welcome to Wilders Bob :)
     
Thread Status:
Not open for further replies.