SDS Software/Setup2Go found; also ? FP on 2 Trojans?

Discussion in 'privacy problems' started by j2callie, Aug 4, 2005.

Thread Status:
Not open for further replies.
  1. j2callie

    j2callie Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    35
    Location:
    Oregon USA
    Ewido and Webroot Spy Audit found this registry entry in

    HKLM/SOFTWARE/SDS Software/Setup2Go

    I found the program's website, says it's an installer. So I'm guessing that some bad guy tried ?? to install something ??

    Another scan (I forget which one) said it found Kitten Free Sex Dialer (which I did find a definition on eTrust Spyware Encyclopedia, but not on the Spyware Guide site) and neither found another one called "Media.... something I can't remember, both called Trojans.

    I was wondering if it was a FP though, to get me to buy the software?? None of the other antispy programs I have found them.

    I've scanned with:

    CounterSpy -- nothing
    Spyware Blaster -- nothing
    Spyware Guard -- nothing
    Spybot S&D -- nothing
    A-squared -- nothing

    Also using:
    ZoneAlarm
    NAV
    SpywareBlaster
    IESpyAd
    BHO Demon

    Any thoughts about this?

    Thanks,

    Callie
     
  2. dog

    dog Guest

  3. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Ewido's database is much better than some of the other products that you mentioned. If you wanted some more confirmation (it appears that Webroot concurs), then I would try an online scan. Maybe McAfee since I do not think that KAV online is still available. I think I would trust Ewido and Webroot at this point.

    Rich
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,696
    Hi,
    Ewido is very powerful, but it can still have fps.
    On one of my machines, which is protected by 35 tons of layered security applications, Ewido found two bargain buddy keys, however none of those keys or files you find in online encyclopedia showing the usual files and locations of the malware, just two nondescript keys in the registry. And this machine has had fresh format and install just 2 months ago.
    Now, this is definitely a fp, since I never use IE, have no extra toolbars or anything, netstat shows clean, hijackthis shows clean and blah blah so forth. I also scanned with A2 anti-trojan and it showed nothing. Sometimes, even very good programs can have spoofed alerts.
    Now, I don't know how you surf or what you did, it could be that you contracted some nasty or something. Is your machine behaving differently than you're used to? Extra cpu usage? Modem blinking too much when you're idle?
    I suggest you trial versions of TDS-3 and Trojan Hunter and see if they can discover anything. If nothing else gives you an alarm, you're probably clean. Do a hijackthis log and post it in a relevant forum, and ask for expert's help.
    Cheers,
    Mrk
     
  5. x-TDS-3

    x-TDS-3 Guest


    Trial version of TDS-3o_O?
     
  6. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Mrkvonic, they all have false postives, including TDS-3 which had false postives, because it was discontinued 2 weeks ago and are not available anymore. ;)
     
  7. j2callie

    j2callie Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    35
    Location:
    Oregon USA
    Thanks for all the suggestions. I downloaded a trial of Trojan Hunter and it didn't find anything, whew. I thought I had pretty good security though so I was shocked that I had something at all. Wouldn't it be nice if it was a FP?

    I pass the GRC port scan okay, ZA is set to notify me, as is CounterSpy. I have scripting turned off in IE, use Firefox primarily and am usually on as Limited User. I do have DSL, but haven't noticed degraded performance, extra popups, or anything suspicious lately.

    Does DSL also "phone" with a dialer?

    Thanks again. I guess I'm okay again.

    Callie
     
  8. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Yes, it would be nice, and to be sure i would recommend that you submit the file to Ewido:http://www.ewido.net/en/malware/ to confirm this and also help others. :)
     
  9. StevieO

    StevieO Guest

    Hi Callie,

    In answer to your question " Does DSL also "phone" with a dialer? "

    If you don't have a 56k modem installed in your comp, or it's physically disconnected from the wall socket, then it can't dial out. If you do have you can disable it in the Network settings. This will also free up resources for you.

    As an extra precaution you could remove the lead to a safe place so nobody could reconnect it.


    StevieO
     
  10. j2callie

    j2callie Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    35
    Location:
    Oregon USA
    There's probably a modem in there, but the only connection is via the DSL modem. Whew.
     
  11. j2callie

    j2callie Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    35
    Location:
    Oregon USA
    Hmm, the link you gave me takes me to a place to send items that *weren't* detected ?? And what "file" do I send to them?

    I found a list of *.tmp files in the Ewido\Quarantine folder, but can't read them in Notepad so can't tell which one is the bad guy. And they're in quarantine so I can't find them where they used to be. And I don't see any place in Ewido to save the list of what it found. ??

    oops, I stumbled upon a possible way --- if you go to the support on their website, there's a "contact" form that lets you upload a screenshot. I'll try that.

    http://www.ewido.net/en/contact/
     
  12. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    You're sending a possble false positive Callie, this is the only way to submit files, first restore the file from quarantine and submit it. :)
     
  13. j2callie

    j2callie Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    35
    Location:
    Oregon USA
    This is what I got back from Ewido:

    Dear customer,

    thank you for your request. This is a known and already fixed problem. We're
    sorry for this ungratefulness.

    With best regards,

    Your ewido networks Support-Team
     
Thread Status:
Not open for further replies.