NC: vcodec.com, not cleaned. / EasySearchBar

  • Thread starter Thread starter Example Sample
  • Start date Start date
E

Example Sample

vcodec.com has a spyware package launcher for download called vc1_05a.exe,
which is 8,885 bytes,
md5sum: 98bc5bad5d37a9c532649ee4e00993e8 *vc1_05a.exe

EasySearchBar appears as the removal item, however after a reboot the msn
messenger still launches and subsequent antispyware beta1 searches still
prompt EasySearchBar (adware) for removal

Using the most recent spyware definitions as of this posting date, May 17,
2005.

--

Microsoft AntiSpyware version 1.0.509
Windows OS: XP
Windows OS Version Info: 148
Windows OS Major Version: 5
Windows OS Minor Version: 1
Windows OS Build: 2600
Current Path: C:\Program Files\Microsoft AntiSpyware
Install Path: C:\Program Files\Microsoft AntiSpyware\
Session.RunMode: 5
Session.TimeBombDaysRemaining: 75
Session.TimeBombExpirationDate: 7/31/2005
Real-time protection running: False
Real-time protection enabled: True
Security Agents Application Enabled: False
Security Agents Internet Enabled: False
Security Agents System Enabled: False
Security Agents Checkpoints: 59
Definitions Update Date: 5/15/2005 2:23:02 PM
AutoUpdater Enabled: 1
AutoUpdater AutoApply Enabled: 1
Definitions Increment Version: 70/70
Definitions ThreatAuditThreatData: 1332931
Definitions ThreatAuditScanData: 2377784
Definitions DeterminationData: 406490
Software Update Check Date: 5/16/2005 2:23:21 PM
AutoUpdater Software Enabled: 1
TotalThreatsDetected: 28
TotalScansRun: 14
LastScanDate: 5/17/2005 10:39:19 AM
Is US Locale: True
Locale Language: English (United States):English (0409)
Locale Country: United States:United States (1)
Processor Identifier: x86 Family 6 Model 10 Stepping 0
Processor Name: AMD Athlon(tm) MP 2600+
IE Version: 6.0.2900.2180
msvbvm60.dll: 6.0.96.90
vbscript.dll: 5.6.0.8820
gcUnCompress.dll: 1.1.0.0
gcmd5query.dll: 1.0.0.1
openports.dll:
SDelete.dll:
gcASSoapLib.dll: 1.0.0.509
gcPorttoProcess.dll:
gcTCPObjLib.dll: 1.0.0.509
gcasDtServ.exe: 1.0.0.509
gcAntiSpywareLibrary.dll: 1.0.0.509
gcIPtoHostQueue.exe: 1.0.0.509
gcasServ.exe: 1.0.0.509
gcasServAlert.exe: 1.0.0.509
gcasServHook.dll:
gcASHashLibrary.dll:
gcASThreatAudit.dll: 1.0.0.509
gcASCleaner.exe: 1.0.0.509
GIANTAntiSpywareUpdater.exe: 1.0.0.509
gcASPrivacyLib.dll: 1.0.0.509
gcASShredCtxShell.dll:
gcasSWUpdater.exe: 1.0.0.509
gcSoftwareUpdateLib.dll: 1.0.0.509
GIANTSpywareScan.exe:
gcasDtServ Status: Loaded
gcasDtServ IsAuthorized: True
gcAntiSpywareLibrary Status: Loaded
gcAntiSpywareLibrary IsAuthorized: True
gcASThreatAudit Status: Loaded
gcASThreatAudit IsAuthorized: True
Now: 5/17/2005 10:58:47 AM
 
If you are under attack and MSAS does not seem to help:

*Submit suspected spyware report in the tools menu of MSAS*

PREP YOUR MACHINE FIRST!
- IF you are using Spybot S/D, UN-Immunize your computer
- IF you are using Adaware, turn off AD-Watch
- Disable all other active anti-spy applications
- Dump all temporary file locations and Internet files

1. Download:
lspfix.exe www.cexx.org/lspfix.htm
winsockxpfix.exe www.snapfiles.com/get/winsockxpfix.html
ccleaner.exe www.ccleaner.com
killbox.exe www.bleepingcomputer.com/files/killbox.php

2. Clean out all temp file locations with ccleaner.exe

3. Install and use killbox to delete stubborn files

4. Reboot into safe mode - http://tinyurl.com/pfca
5. Run MSAS at least twice in full/deep mode
6. Run a robust, updated antivirus software scan
7. Reboot into normal mode,see if problem has been corrected

8. If you think something is there but can't see it, download:
- Blacklight by F-Secure
www.europe.f-secure.com/exclude/blacklight/blbeta.exe
- RootKitRevealer by SysInternals
www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml

9. If your problem is Virus or Security patch related:
In the United States or Canada, call 1-866-PCSAFETY
MS will provide free support for those issues.

Battle Notes:
- If you have trojans (files that won't go away),
you may have to disable System Restore on XP:
http://tinyurl.com/movy

- If your Internet connectivity quits:
http://support.microsoft.com/kb/892350
http://support.microsoft.com/kb/811259
LSPFix - www.cexx.org/lspfix.htm
Winsockxpfix - www.snapfiles.com/get/winsockxpfix.html

- Install SpywareBlaster to block malware apps from
installing on your machine. Does not actively run
on your machine, you run it, it makes changes that
protect you.
http://www.javacoolsoftware.com/

- This program will not detect or remove viruses
http://www.microsoft.com/athome/security/viruses/default.mspx

*** For assistance in battling infestations***
- Get HijackThis.exe from:
http://tomcoyote.org/hjt/hjt199//HijackThis.exe
- Save it to C:\hjt (new folder)
- Open it and select "Scan and Save Log"
- Send it to Ron Kinner as an attachment
- Ron's email address is (e-mail address removed)
- Put Hijack in the subject so he knows it's not spam

Application Notes:
Registering a VB6 dll seems to fix missing agents:
1) Open up a command prompt (start -> run -> cmd)
2) Type in the following "regsvr32 msvbvm60.dll" (without the quotes).
3) Close and re-open Windows AntiSpyware
4) If that fails, install VB6 runtime files:
http://www.softwarepatch.com/windows/vbrun6download.htm

- To report false positives:
www.microsoft.com/athome/security/spyware/software/isv/fpform.aspx
- To submit disputes or requests:
www.microsoft.com/athome/security/spyware/software/isv/cdform.aspx
- To learn more about how MS analyzes suspected spyware:
www.microsoft.com/athome/security/spyware/software/isv/analysis.mspx
- To Run MSAS in passive mode:
http://support.microsoft.com/kb/892375

Alternative Anti-Spyware Applications:
- Spybot Search and Destroy
http://www.majorgeeks.com/download2471.html
- LavaSoft AdAware
http://www.majorgeeks.com/download506.html
- AdAware VX2 Cleaner Plugin
http://www.majorgeeks.com/download4283.html
- BHODemon
http://www.majorgeeks.com/download3550.html
- CWShredder (CoolWWWSearch)
http://www.majorgeeks.com/download3019.html
- PestPatrol
http://www.majorgeeks.com/download1187.html
- Webroot Spysweeper
http://www.majorgeeks.com/download3263.html
- Ewido Security Suite
http://www.ewido.net/en/
- CounterSpy (Same Giant Company Engine as MSAS)
- http://www.sunbelt-software.com

Recommended Software to help protect you:
- Windows XP Service Pack 2
http://www.microsoft.com/windowsxp/sp2/default.mspx
- SpywareBlaster
http://www.javacoolsoftware.com
- Outpost Firewall Pro
http://www.agnitum.com/products/outpost
---------------------------------------------
 
Back
Top