Spyware missed by Microsoft found by SpySweeper

  • Thread starter Thread starter Doug
  • Start date Start date
D

Doug

FYI, this is a log from SpySweeper for spyware after a
full clean by Microsoft Antispy.

12:16 PM: Spy Sweeper 3.5.0 (Build 189) started
12:20 PM: Sweep initiated using definitions version 440
12:20 PM: Sweeping memory for threats.
12:20 PM: Memory sweep has completed. Elapsed time
00:00:15
12:20 PM: Registry sweep initiated.
12:20 PM: Found: 6 Attempted BHO registry traces.
12:21 PM: Found: 4 Popnav Hijacker registry traces.
12:21 PM: Found: 1 SideSearch registry traces.
12:21 PM: Found: 4 WebSearch Toolbar registry traces.
12:21 PM: Registry sweep completed. Elapsed time
00:00:38
12:21 PM: Full sweep on all local drives initiated.
12:21 PM: Now sweeping drive C:
12:21 PM: Found: SideSearch, version 1
12:21 PM: Found Trojan Horse: 2nd-thought, version
1, c:\documents and
settings\ron\favorites\shopping\ebay.url
12:21 PM: Found Trojan Horse: 2nd-thought, version
1, c:\documents and
settings\ron\favorites\shopping\walmart.url
12:21 PM: Found Trojan Horse: 2nd-thought, version
1, c:\documents and
settings\tasha\favorites\shopping\ebay.url
12:21 PM: Found Cookie: Kount Cookie, version 1,
c:\documents and settings\tasha\cookies\tasha@kount[1].txt
12:21 PM: Found Cookie: Adminder Cookie, version 1,
c:\documents and settings\tasha\cookies\[email protected]
[1].txt
12:21 PM: Found Cookie: fe.lea.lycos.com Cookie,
version 1, c:\documents and
settings\tasha\cookies\[email protected][1].txt
12:21 PM: Found Cookie: Ask Cookie, version 1,
c:\documents and settings\tasha\cookies\tasha@ask[1].txt
12:21 PM: Found Cookie: Callwave Cookie, version 1,
c:\documents and settings\tasha\cookies\tasha@callwave
[1].txt
12:21 PM: Found Trojan Horse: 2nd-thought, version
1, c:\documents and
settings\tasha\favorites\shopping\walmart.url
12:22 PM: Found Trojan Horse: Internet Optimizer,
version 1, c:\documents and settings\ron\local
settings\temp\del24.tmp
12:26 PM: Found Trojan Horse: 2nd-thought, version
1, c:\program files\yahoo!\ypsr\quarantine\ppq21.tmp
12:26 PM: Found Trojan Horse: 2nd-thought, version
1, c:\program files\yahoo!\ypsr\quarantine\ppqa.tmp
12:26 PM: Found Trojan Horse: 2nd-thought, version
1, c:\program files\yahoo!\ypsr\quarantine\ppqba.tmp
12:26 PM: Found Adware: FunWebProducts, version 1,
c:\windows\downloaded program
files\f3initialsetup1.0.0.6.inf
12:26 PM: Found Adware: SearchAssistant nCase,
version 1, c:\windows\180solutions\saap.log
12:27 PM: Found Adware: SearchAssistant nCase,
version 1, c:\windows\aurl.dat
12:28 PM: Found: SearchAssistant nCase, version 1
12:28 PM: Found Adware: vx2 (Transponder), version
1, c:\windows\inf\polmx2.inf
12:28 PM: Found Adware: vx2 (Transponder), version
1, c:\windows\inf\biini.inf
12:28 PM: Found Adware: vx2 (Transponder), version
1, c:\windows\inf\belt.inf
12:30 PM: Found Adware: SearchAssistant nCase,
version 1, c:\windows\system32\msbb\kyf.dat.old
12:30 PM: Found Adware: PortalSearching, version 1,
c:\windows\system32\vbshell.tlb
12:31 PM: Found: 68 file traces.
12:31 PM: Full Sweep has completed. Elapsed time
00:10:32
56,130 files swept
83 item traces located
12:43 PM: Removal process initiated
12:43 PM: Quarantining: Adminder Cookie
12:43 PM: Cookie: c:\documents and
settings\tasha\cookies\[email protected][1].txt
12:43 PM: Quarantining: Ask Cookie
12:43 PM: Cookie: c:\documents and
settings\tasha\cookies\tasha@ask[1].txt
12:43 PM: Quarantining: Callwave Cookie
12:43 PM: Cookie: c:\documents and
settings\tasha\cookies\tasha@callwave[1].txt
12:43 PM: Quarantining: fe.lea.lycos.com Cookie
12:43 PM: Cookie: c:\documents and
settings\tasha\cookies\[email protected][1].txt
12:43 PM: Quarantining: Kount Cookie
12:43 PM: Cookie: c:\documents and
settings\tasha\cookies\tasha@kount[1].txt
12:43 PM: Cleaning Traces
12:43 PM: Removing file: c:\documents and
settings\tasha\cookies\tasha@kount[1].txt
12:43 PM: Removing file: c:\documents and
settings\tasha\cookies\[email protected][1].txt
12:43 PM: Removing file: c:\documents and
settings\tasha\cookies\tasha@callwave[1].txt
12:43 PM: Removing file: c:\documents and
settings\tasha\cookies\tasha@ask[1].txt
12:43 PM: Removing file: c:\documents and
settings\tasha\cookies\[email protected][1].txt
12:43 PM: Removal process completed. Elapsed time
00:00:01
5 items (5 traces) quarantined.
12:43 PM: Sweep initiated using definitions version 440
12:43 PM: Sweeping memory for threats.
12:44 PM: Memory sweep has completed. Elapsed time
00:00:13
12:44 PM: Registry sweep initiated.
12:44 PM: Found: 6 Attempted BHO registry traces.
12:44 PM: Found: 4 Popnav Hijacker registry traces.
12:44 PM: Found: 1 SideSearch registry traces.
12:44 PM: Found: 4 WebSearch Toolbar registry traces.
12:44 PM: Registry sweep completed. Elapsed time
00:00:33
12:44 PM: Full sweep on all local drives initiated.
12:44 PM: Now sweeping drive C:
12:44 PM: Found: SideSearch, version 1
12:44 PM: Found Trojan Horse: 2nd-thought, version
1, c:\documents and
settings\ron\favorites\shopping\ebay.url
12:44 PM: Found Trojan Horse: 2nd-thought, version
1, c:\documents and
settings\ron\favorites\shopping\walmart.url
12:44 PM: Found Trojan Horse: 2nd-thought, version
1, c:\documents and
settings\tasha\favorites\shopping\walmart.url
12:44 PM: Found Trojan Horse: 2nd-thought, version
1, c:\documents and
settings\tasha\favorites\shopping\ebay.url
12:44 PM: Found Trojan Horse: Internet Optimizer,
version 1, c:\documents and settings\ron\local
settings\temp\del24.tmp
12:48 PM: Found Trojan Horse: 2nd-thought, version
1, c:\program files\yahoo!\ypsr\quarantine\ppqa.tmp
12:48 PM: Found Trojan Horse: 2nd-thought, version
1, c:\program files\yahoo!\ypsr\quarantine\ppqba.tmp
12:48 PM: Found Trojan Horse: 2nd-thought, version
1, c:\program files\yahoo!\ypsr\quarantine\ppq21.tmp
12:48 PM: Found Adware: FunWebProducts, version 1,
c:\windows\downloaded program
files\f3initialsetup1.0.0.6.inf
12:48 PM: Found Adware: SearchAssistant nCase,
version 1, c:\windows\180solutions\saap.log
12:48 PM: Found Adware: SearchAssistant nCase,
version 1, c:\windows\aurl.dat
12:49 PM: Found: SearchAssistant nCase, version 1
12:49 PM: Found Adware: vx2 (Transponder), version
1, c:\windows\inf\polmx2.inf
12:49 PM: Found Adware: vx2 (Transponder), version
1, c:\windows\inf\biini.inf
12:49 PM: Found Adware: vx2 (Transponder), version
1, c:\windows\inf\belt.inf
12:49 PM: Found Adware: SearchAssistant nCase,
version 1, c:\windows\system32\msbb\kyf.dat.old
12:50 PM: Found Adware: PortalSearching, version 1,
c:\windows\system32\vbshell.tlb
12:50 PM: Found: 63 file traces.
12:50 PM: Full Sweep has completed. Elapsed time
00:06:42
56,128 files swept
78 item traces located
 
Doug,
Nice report. Thanks. Meanwhile, let's consider that the current Beta1 does
NOT go into the cookie jar.


Ron Chamberlin
MS-MVP


Doug said:
FYI, this is a log from SpySweeper for spyware after a
full clean by Microsoft Antispy.

12:16 PM: Spy Sweeper 3.5.0 (Build 189) started
12:20 PM: Sweep initiated using definitions version 440
12:20 PM: Sweeping memory for threats.
12:20 PM: Memory sweep has completed. Elapsed time
00:00:15
12:20 PM: Registry sweep initiated.
12:20 PM: Found: 6 Attempted BHO registry traces.
12:21 PM: Found: 4 Popnav Hijacker registry traces.
12:21 PM: Found: 1 SideSearch registry traces.
12:21 PM: Found: 4 WebSearch Toolbar registry traces.
12:21 PM: Registry sweep completed. Elapsed time
00:00:38
12:21 PM: Full sweep on all local drives initiated.
12:21 PM: Now sweeping drive C:
12:21 PM: Found: SideSearch, version 1
12:21 PM: Found Trojan Horse: 2nd-thought, version
1, c:\documents and
settings\ron\favorites\shopping\ebay.url
12:21 PM: Found Trojan Horse: 2nd-thought, version
1, c:\documents and
settings\ron\favorites\shopping\walmart.url
12:21 PM: Found Trojan Horse: 2nd-thought, version
1, c:\documents and
settings\tasha\favorites\shopping\ebay.url
12:21 PM: Found Cookie: Kount Cookie, version 1,
c:\documents and settings\tasha\cookies\tasha@kount[1].txt
12:21 PM: Found Cookie: Adminder Cookie, version 1,
c:\documents and settings\tasha\cookies\[email protected]
[1].txt
12:21 PM: Found Cookie: fe.lea.lycos.com Cookie,
version 1, c:\documents and
settings\tasha\cookies\[email protected][1].txt
12:21 PM: Found Cookie: Ask Cookie, version 1,
c:\documents and settings\tasha\cookies\tasha@ask[1].txt
12:21 PM: Found Cookie: Callwave Cookie, version 1,
c:\documents and settings\tasha\cookies\tasha@callwave
[1].txt
12:21 PM: Found Trojan Horse: 2nd-thought, version
1, c:\documents and
settings\tasha\favorites\shopping\walmart.url
12:22 PM: Found Trojan Horse: Internet Optimizer,
version 1, c:\documents and settings\ron\local
settings\temp\del24.tmp
12:26 PM: Found Trojan Horse: 2nd-thought, version
1, c:\program files\yahoo!\ypsr\quarantine\ppq21.tmp
12:26 PM: Found Trojan Horse: 2nd-thought, version
1, c:\program files\yahoo!\ypsr\quarantine\ppqa.tmp
12:26 PM: Found Trojan Horse: 2nd-thought, version
1, c:\program files\yahoo!\ypsr\quarantine\ppqba.tmp
12:26 PM: Found Adware: FunWebProducts, version 1,
c:\windows\downloaded program
files\f3initialsetup1.0.0.6.inf
12:26 PM: Found Adware: SearchAssistant nCase,
version 1, c:\windows\180solutions\saap.log
12:27 PM: Found Adware: SearchAssistant nCase,
version 1, c:\windows\aurl.dat
12:28 PM: Found: SearchAssistant nCase, version 1
12:28 PM: Found Adware: vx2 (Transponder), version
1, c:\windows\inf\polmx2.inf
12:28 PM: Found Adware: vx2 (Transponder), version
1, c:\windows\inf\biini.inf
12:28 PM: Found Adware: vx2 (Transponder), version
1, c:\windows\inf\belt.inf
12:30 PM: Found Adware: SearchAssistant nCase,
version 1, c:\windows\system32\msbb\kyf.dat.old
12:30 PM: Found Adware: PortalSearching, version 1,
c:\windows\system32\vbshell.tlb
12:31 PM: Found: 68 file traces.
12:31 PM: Full Sweep has completed. Elapsed time
00:10:32
56,130 files swept
83 item traces located
12:43 PM: Removal process initiated
12:43 PM: Quarantining: Adminder Cookie
12:43 PM: Cookie: c:\documents and
settings\tasha\cookies\[email protected][1].txt
12:43 PM: Quarantining: Ask Cookie
12:43 PM: Cookie: c:\documents and
settings\tasha\cookies\tasha@ask[1].txt
12:43 PM: Quarantining: Callwave Cookie
12:43 PM: Cookie: c:\documents and
settings\tasha\cookies\tasha@callwave[1].txt
12:43 PM: Quarantining: fe.lea.lycos.com Cookie
12:43 PM: Cookie: c:\documents and
settings\tasha\cookies\[email protected][1].txt
12:43 PM: Quarantining: Kount Cookie
12:43 PM: Cookie: c:\documents and
settings\tasha\cookies\tasha@kount[1].txt
12:43 PM: Cleaning Traces
12:43 PM: Removing file: c:\documents and
settings\tasha\cookies\tasha@kount[1].txt
12:43 PM: Removing file: c:\documents and
settings\tasha\cookies\[email protected][1].txt
12:43 PM: Removing file: c:\documents and
settings\tasha\cookies\tasha@callwave[1].txt
12:43 PM: Removing file: c:\documents and
settings\tasha\cookies\tasha@ask[1].txt
12:43 PM: Removing file: c:\documents and
settings\tasha\cookies\[email protected][1].txt
12:43 PM: Removal process completed. Elapsed time
00:00:01
5 items (5 traces) quarantined.
12:43 PM: Sweep initiated using definitions version 440
12:43 PM: Sweeping memory for threats.
12:44 PM: Memory sweep has completed. Elapsed time
00:00:13
12:44 PM: Registry sweep initiated.
12:44 PM: Found: 6 Attempted BHO registry traces.
12:44 PM: Found: 4 Popnav Hijacker registry traces.
12:44 PM: Found: 1 SideSearch registry traces.
12:44 PM: Found: 4 WebSearch Toolbar registry traces.
12:44 PM: Registry sweep completed. Elapsed time
00:00:33
12:44 PM: Full sweep on all local drives initiated.
12:44 PM: Now sweeping drive C:
12:44 PM: Found: SideSearch, version 1
12:44 PM: Found Trojan Horse: 2nd-thought, version
1, c:\documents and
settings\ron\favorites\shopping\ebay.url
12:44 PM: Found Trojan Horse: 2nd-thought, version
1, c:\documents and
settings\ron\favorites\shopping\walmart.url
12:44 PM: Found Trojan Horse: 2nd-thought, version
1, c:\documents and
settings\tasha\favorites\shopping\walmart.url
12:44 PM: Found Trojan Horse: 2nd-thought, version
1, c:\documents and
settings\tasha\favorites\shopping\ebay.url
12:44 PM: Found Trojan Horse: Internet Optimizer,
version 1, c:\documents and settings\ron\local
settings\temp\del24.tmp
12:48 PM: Found Trojan Horse: 2nd-thought, version
1, c:\program files\yahoo!\ypsr\quarantine\ppqa.tmp
12:48 PM: Found Trojan Horse: 2nd-thought, version
1, c:\program files\yahoo!\ypsr\quarantine\ppqba.tmp
12:48 PM: Found Trojan Horse: 2nd-thought, version
1, c:\program files\yahoo!\ypsr\quarantine\ppq21.tmp
12:48 PM: Found Adware: FunWebProducts, version 1,
c:\windows\downloaded program
files\f3initialsetup1.0.0.6.inf
12:48 PM: Found Adware: SearchAssistant nCase,
version 1, c:\windows\180solutions\saap.log
12:48 PM: Found Adware: SearchAssistant nCase,
version 1, c:\windows\aurl.dat
12:49 PM: Found: SearchAssistant nCase, version 1
12:49 PM: Found Adware: vx2 (Transponder), version
1, c:\windows\inf\polmx2.inf
12:49 PM: Found Adware: vx2 (Transponder), version
1, c:\windows\inf\biini.inf
12:49 PM: Found Adware: vx2 (Transponder), version
1, c:\windows\inf\belt.inf
12:49 PM: Found Adware: SearchAssistant nCase,
version 1, c:\windows\system32\msbb\kyf.dat.old
12:50 PM: Found Adware: PortalSearching, version 1,
c:\windows\system32\vbshell.tlb
12:50 PM: Found: 63 file traces.
12:50 PM: Full Sweep has completed. Elapsed time
00:06:42
56,128 files swept
78 item traces located
Click to expand...
 
Nice report. Thanks. Meanwhile, let's consider that the current Beta1 does
NOT go into the cookie jar.

Ron Chamberlin
MS-MVP
Click to expand...

Indeed, I was more interested in the non-cookie files. The was one file in
particular that bothered me:
"12:26 PM: Found Adware: FunWebProducts, version 1,
c:\windows\downloaded program files\f3initialsetup1.0.0.6.inf"

I had to use a command prompt and do a "dir" to see this file, as it was
hidden when viewed through Explorer even after turning on hidden and system
files

There is also a false positive in Spy Sweeper's log. A file used and needed
by JavaCool's SpyWareGuard:
12:50 PM: Found Adware: PortalSearching, version 1,
c:\windows\system32\vbshell.tlb

Everything else was a trace of spyware already removed. Registry entries
and log files.

So far I am very happy with this new Microsoft offering and am glad they
chose to buy the best antispyware out there to make their own and provide to
us. I have it running on six systems now, all XP, with no system problems
and only minor issues. (please see my post on the Huntbar trying to
reinstall occasionally)

Thanks,
Doug

PS. As mentioned over and over, never take the spyware scans at face value
from any antispyware program. Always check and verify the files that are
about to be deleted. Google is your friend!
 
Back
Top