Trj/Clicker.CP---sockdebug.exe

Discussion in 'malware problems & news' started by Crockman, Jun 14, 2005.

Thread Status:
Not open for further replies.
  1. Crockman

    Crockman Registered Member

    Joined:
    Jun 14, 2005
    Posts:
    9
    Location:
    Minnesota
    Hi !
    Can anybody help me with a Clicker-Trojan.

    This was found by BitDefenders On-line Scan. The Scan removed 1 file, but couldn't the 2nd one.
    I've 'physically' found the file at: C:\WINDOWS\SYSTEM\sockdebug.exe

    My Computer: Windows 98SE, IE 6, ZA Pro 5.5, AVG AV(free), Webroot Spysweeper3.5, Adaware SE(free), Spybot S&D1.4, RegSeeker, CCleaner, Startup Mechanic (Nothing on my Computer 'sees' this Trojan)

    Being that AVG is 'lacking' and should be replaced, Would installing BitDefenders v7 (free) remove this Trojan ? (note--BDs' on-line scan is actually Version 8] If not, does anybody have suggestions o_O

    Thanks :doubt:
     
    Last edited by a moderator: Jun 14, 2005
  2. Crockman

    Crockman Registered Member

    Joined:
    Jun 14, 2005
    Posts:
    9
    Location:
    Minnesota
    Update: a-squared (free) doesn't 'see' the Trojan either.

    I just downloaded & ran it, no luck.
     
  3. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    First of all, BitDefender 7 (free) is a demand scanner only - it lacks the real time protection of a Guard - so you are better off with AVG.

    If you can manually find and access the file you should upload it here:- http://virusscan.jotti.org/

    That will give you the opinion of several scanners. If it is not a false positive you should boot into 'safe' and delete it manually.

    You can see from Jotti's what scanners are 'finding' this thing; if it so happens that Avast or AntiVir are detecting something AVG can't find, you may consider changing 'free' solutions!

    Edit - I have just found this thread:- http://pcpitstop.invisionzone.com/index.php?showtopic=92365
     
    Last edited: Jun 14, 2005
  4. Crockman

    Crockman Registered Member

    Joined:
    Jun 14, 2005
    Posts:
    9
    Location:
    Minnesota
    I was working w/ Pc Pit Stop on this also. It was taking awhile, plus another opinion can be helpful

    http://pcpitstop.invisionzone.com/index.ph...ndpost&p=941221

    If you want to see how it was Eliminated.

    I go by Spy Sweeper at PC Pit Stop.

    Thanks for taking the time to answer my Thread.

    Whats a 'False Positive' ?

    Its almost too bad I dont still have sockdebug.exe, I'd of liked to seen Jottis' opinion.

    Only Bitdefenders' on-line Scan & Pit Stops on-line Scan 'saw' it. Nothing on my Computer did, neither did Trend Micro, not Symantec, there were 2 or 3 other on-line scans ( I cant remember) that didnt either.

    Thanks for the Link, Bookmarked, that could be nice-n-handy
     
  5. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    A "false positive" is just a phrase for incorrectly indentifying a file as infected when in fact it is not. All av's and at's are capable of a false positive everyonce in a while. ( no software is perfect
     
  6. Crockman

    Crockman Registered Member

    Joined:
    Jun 14, 2005
    Posts:
    9
    Location:
    Minnesota
    So the no defunct sockdebug.exe could really have been a "False Positive" ?

    With 2 Well-known Scans ?
     
  7. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I really just was explaining what a false positive was. But when two different applications report the same thing it is a little suspicious. I would try the trial of TDS3 here and see what that tells you.
     
  8. Crockman

    Crockman Registered Member

    Joined:
    Jun 14, 2005
    Posts:
    9
    Location:
    Minnesota
    Thanks for the Link.

    With the Trojan already removed, will that TDS3 be of any immediate value ?

    Or, would running TDS3 be assurance that 'off-shoots' don't still occupy the PC ?
     
  9. Crockman

    Crockman Registered Member

    Joined:
    Jun 14, 2005
    Posts:
    9
    Location:
    Minnesota
    I ran Spy Sweeper, Adaware SE, Spybot S&D,a-squared, AVG scan, BitDefender on-line scan & Pit Stops' on-line scan all within the last 3 hours, ALL of them now show my PC as Spotless since 'sockdebug's been removed. I also ran RegSeeker til' clean, 2 hours apart.

    I think I'll hold off on the TDS, but a Better AntiVirus is a Must.

    NOD32, Kaspersky probably the Top 2, Correct ?

    Thanks for your time.
     
  10. BgFunk76

    BgFunk76 Guest

    This may seem a little redundant but this is the 2nd forum I've seen where somebody that said that AVG did not find "sockdebug.exe" (TrojanClicker). Im a little confused because AVG DID find and occurence of "sockdebug.exe" on my computer and tossed it right into the virus vault. Wonder why some people are having different experiences with AVG!?
     
  11. Crockman

    Crockman Registered Member

    Joined:
    Jun 14, 2005
    Posts:
    9
    Location:
    Minnesota
    So your AVG found sockdebug.exe, interesting.

    I've since moved on to a: 1 year Free Trial of eTrust EZ AntiVirus.

    http://store.ca.com/dr/v2/ec_main.e...lient=ComputerAssociates&sid=55939&CID=190471

    I kept reading of so many comments from 'educated' people at all the Forums i browse thru, that the Free AV Programs are not Good Enough(also not as good as eachs' perspective Paid Program) And, on my PC, that AVG never found a single Virus( i was sure i had one), I switched to something considered a bit better than 'Free'.

    http://forums.anandtech.com/messageview.aspx?catid=33&threadid=997283&enterthread=y

    I'll eventually Buy Kaspersky or NOD32.

    Thanks for the Reply
     
  12. johnvanhulst

    johnvanhulst Registered Member

    Joined:
    Jun 27, 2005
    Posts:
    1
    Hi,

    AVG found Sockdebug.exe on my PC as well, while I was doing a spyware scan with Counterspy. I have no idea why and by which program it was installed (I mean sockdebug.exe). I searched the AVG virus database for sockdebug.exe, but couldn't find it! Does anybody know what this is, what it does, and why it could be a virus, or just a false positive?

    John
     
  13. Crockman

    Crockman Registered Member

    Joined:
    Jun 14, 2005
    Posts:
    9
    Location:
    Minnesota
    Try the BitDefender Database. Their on-line scan found the sockdebug.exe, but said 'This is Not a Virus'. They list it as a Trojan. Also try PC Pit Stop.

    My Norton AntiVirus 'nabbed' a Virus called: sysdebug32.exe, just a few days before the sockdebug.exe incident, If that helps your Quest.
     
Thread Status:
Not open for further replies.