Spyware issue causing concern

Discussion in 'NOD32 version 2 Forum' started by acr1965, Nov 28, 2006.

Thread Status:
Not open for further replies.
  1. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Yesterday evening my Counterspy active protection started popping up messages that my browser home page was attempting to be changed to some odd web sites. Then I got about 50 pop up messages saying sites were trying to be added to my "trusted list" on my browser. I use IE6, mainly because I had some issues with IE7 (Windows locked up). Anyway, I blocked all attempts.

    So I scan with Counterspy, AVG Anti-Spyware and run NOD's scan. The results were very odd (to me, at least). Counterspy said I had iSearch.DesktopSearch (browser plug-in). I did not quaranteen at that time but instead ran AVG Anti-Spyware which said I had Not-A-Virus.Monitor.Win32.SpySweeper. I then ran NOD32 which said I had Win32/Adware.WBug.A application. NOD did not show any findings from the scan, though.

    I quaranteened iSearch.DesktopSearch in Counterspy as well as quaranteened Not-A-Virus.Monitor.Win32.SpySweeper in AVG. NOD32 had Win32/Adware.WBug.A in quaranteen already.

    Is it safe to keep all these quaranteened or should they try to be deleted? Also, should I send Win32/Adware.WBug.A to ESET for analysis? If so, how is that accomplished?

    I find it kinda odd that Counterspy found spyware which it rated as "high risk" but it was not detected by NOD32. Could NOD32 have it as misread spyware?

    Any other ideas or suggestions?

    Thanks in advance.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
  3. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Ok I'll do that. Do I save the log as a file and attach it to the email?
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Correct.

    Cheers :D
     
  5. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    sent!!

    thanks
     
  6. ASpace

    ASpace Guest

    Please , keep us informed ;) :thumb:
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The log didn't reveal any suspicious file. I assume the adware was found in a file on the disk not registered in the registry (i.e. it wouldn't start with Windows). If AMON shows an alert window, it also tells you what process / application created it.
     
  8. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I checked AMON but there was no alert window. I submitted the Win32/Adware.WBug.A and it appears to be an aim.exe. So maybe it was no big deal. I am concerned with NOD32 not detecting the high risk spyware though- iSearch.DesktopSearch (browser plug-in). I have NOD32 set to Blackspear's recommendations.

    How did NOD32 completely miss the browser plug-in spyware? IIRC- it's not the first time NOD32 has allowed high risk spyware to get into my system.
     
  9. ASpace

    ASpace Guest

    Hi ! That's why you keep more than one security software , no one is perfect . NOD32 is one of the best .If you still have the iSearch.DesktopSearch in CounterSpy's quarantine , please submit it to ESET in email samples@eset.com or to support@eset.com , just in case . Thanks :thumb:

    Good luck and less viruses :D :D :D
     
  10. ejr

    ejr Registered Member

    Joined:
    Nov 19, 2005
    Posts:
    538
    With the pace that spyware is evolving, you can't expect any one application to detect everything. NOD32 is a worldclass program, but you should also run at least one designated antispyware program with it.

    At different points in time, I have used Spyware Doctor, Spysweeper, and Counterspy (as well as a number of others). I don't think you can go wrong with any of these 3.
     
  11. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954

    How do I do that?
     
  12. ASpace

    ASpace Guest

    If there is a file quatantined by CounterSpy , you can open its Quarantine section , choose to get out of quarantine , open your mailbox , compose new message , attach that suspected file and send it to samples@eset.com

    You'd better first zip it and password-protect it but if you don't know how, don't worry :thumb: Then you can quarantine it back again ;)
     
Thread Status:
Not open for further replies.