need advice! should i delete these files

Discussion in 'ewido anti-spyware forum' started by Cscampxp, Feb 11, 2006.

Thread Status:
Not open for further replies.
  1. Cscampxp

    Cscampxp Registered Member

    Joined:
    Oct 25, 2005
    Posts:
    34
    I tried ewido a couple days ago and it found some spyware that PestPatrol and MSAS didnt find before. Namely Spyware.BrilliantDigital and Spyware.VirtuMonde. I'm kinda hesitant from fully removing it in my system coz Ewido found it in my registry and im worried if i remove, it might make my system unstable or cause other problems.

    Here it is:

    HKLM\SOFTWARE\Classes\AppID\installman.EXE -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Classes\BDEInstallMan3.BDEInstallMan3 -> Spyware.Altnet : Cleaned with backup
    HKLM\SOFTWARE\Classes\BDEInstallMan3.BDEInstallMan3\CLSID -> Spyware.Altnet : Cleaned with backup
    HKLM\SOFTWARE\Classes\BDEInstallMan3.BDEInstallMan3\CurVer -> Spyware.Altnet : Cleaned with backup
    HKLM\SOFTWARE\Classes\BDEInstallMan3.BDEInstallMan3.1 -> Spyware.Altnet : Cleaned with backup
    HKLM\SOFTWARE\Classes\BDESmartInstaller25.BDESmartInstaller25 -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Classes\BDESmartInstaller25.BDESmartInstaller25\CurVer -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Classes\BDESmartInstaller4.BDESmartInstaller4 -> Spyware.Altnet : Cleaned with backup
    HKLM\SOFTWARE\Classes\BDESmartInstaller4.BDESmartInstaller4\CurVer -> Spyware.Altnet : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{8721F16D-CBF8-4CE5-B924-18D64E12E77E} -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{ED5ABC42-8E4F-4C39-9972-F0CF619D672F} -> Spyware.VirtuMonde : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{67925164-C4B6-11D2-B9C6-0000E84F59A6} -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{817B054A-DE21-44E2-B2D5-B7BDD3F26A42} -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{BAF2D92F-B610-4BA1-86D0-464D26DDCA69} -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{CABBB49A-4D7B-415B-8250-15C3B854E9FF} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{F2AC7A7B-DFFE-4036-8561-54C88EFE544A} -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{5FBF618A-82CC-4E96-BC3D-C91C48E94B3E} -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{74CDA0EC-917B-4330-9702-6D4796D2D5EF} -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{82FC7881-AACC-11D2-B9C6-0000E842E40A} -> Spyware.BrilliantDigital : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ED5ABC42-8E4F-4C39-9972-F0CF619D672F} -> Spyware.VirtuMonde : Cleaned with backup
    HKU\S-1-5-21-2731178490-2448115642-3546609019-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED5ABC42-8E4F-4C39-9972-F0CF619D672F} -> Spyware.VirtuMonde : Cleaned with backup

    That last spyware which starts in S-1-5-21....Isnt that my SID? Should i fully remove these files from my quarantine folder or just leave it there? What do you guys think?
     
  2. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    It looks like you are not using the latest definitions. Please update your copy of ewido and do another scan, thanks.
     
Thread Status:
Not open for further replies.