Quantcast
Channel: Spybot Forums
Viewing all 7596 articles
Browse latest View live

Whitelisting: Interminable and Non-Terminable

May 28, 2016, 6:09 am
$
0
0
Hi all! Love the program, have used it basically as long as I have used computers, which is longer than I care to admit.

This morning I was loading Spybot on a friend's new Asus Transformer (dual-core notebook/tablet). I sometimes cut corners on my own installs, but wanted to give them the full underbody treatment, so to speak.

I have never created a whitelist before, since my computer is usually filled with questionable articles by this time. In this case I could, so I did. This is the only text I'm given by the unsolicited prompt:


Do you want to speed up your system scan by whitelisting all files?

This should only be done if you have a new Windows setup and have not yet connected to the internet, this is the only way you can be certain you have no malware.


I admit to connecting to the internet to download a web browser and this program. Despite this sin, I am growing increasingly angry at the behavior of this part of the program. It has been over four hours on a modern computer which I would expect to finish a full system scan more quickly. But what is truly aggravating is that I cannot stop this process. I'm sitting here with my friend, who's forced to visit me because this potentially delicate operation will not allow them to leave my house, and I'm wondering why an internal list of safe files stored for future scanning is either so critical or so delicate that it will not let me stop.

If there is some logic behind this process, then there absolutely needs to be a much better explanation on the screen which, after all, prompts you to do this. "Takes many hours" and "cannot be halted or the computer shut down by user" are common phrases used by the industry when a program is about to exhibit such behavior.

Disappointed and waiting to be able to leave my house, but thankful very much for the excellent program anyway!
Search

Root Analyzer

May 30, 2016, 2:02 am
$
0
0
I was looking through this new software on your site,and I could not find any Root Analyzer for Windows 10.Are will one of these other's work instead? Whats a tag for?

Manual Removal Guide for Ad.BuzzSearch

May 30, 2016, 9:50 am
$
0
0
The following instructions have been created to help you to get rid of "Ad.BuzzSearch" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware
  • bho

Description:
Ad.BuzzSearch claims to enhance the browsing experience. This adware is a browser add-on and displays advertisements and sponsored links.
Privacy Statement:
http://www.mybuzzsearch.com/Privacy
Links (be careful!):
: ttp://mybuzzsearch.com
: ttp://www.mybuzzsearch.com
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearch.BOAS.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearch.BOASHelper.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearch.BOASPRT.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearch.BrowserAdapter.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearch.BRT.Helper.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearch.ExpExt.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearch.PurBrowse.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearch.PurBrowse64.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearchBA.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearchBAApp.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\BuzzSearchBrowserFilter.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.BOAS.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.Bromon.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.BroStats.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.BrowserAdapter.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.BrowserAdapterS.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.BrowserFilterG.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.BRT.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.CompatibilityChecker.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.DspSvc.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.ExpExt.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.FeSvc.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.FFUpdate.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.GCUpdate.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.IEUpdate.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.Msvcmon.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.OfSvc.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.PurBrowse.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.PurBrowseG.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\plugins\BuzzSearch.Repmon.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\bin\utilBuzzSearch.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\BuzzSearch.Common.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\BuzzSearch.FirstRun.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\BuzzSearch.ico".
  • The file at "<$PROGRAMFILES>\BuzzSearch\BuzzSearchBHO.dll".
  • The file at "<$PROGRAMFILES>\BuzzSearch\BuzzSearchuninstall.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\jhjjdgbhohaallcimgcmakfiobacimkm.crx".
  • The file at "<$PROGRAMFILES>\BuzzSearch\updateBuzzSearch.exe".
  • The file at "<$PROGRAMFILES>\BuzzSearch\updater.exe".
Make sure you set your file manager to display hidden and system files. If Ad.BuzzSearch uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm\1.0.0_0".
  • The directory at "<$APPDATA>\Opera Software\Opera Stable\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm".
  • The directory at "<$PROGRAMFILES>\BuzzSearch\bin\plugins".
  • The directory at "<$PROGRAMFILES>\BuzzSearch\bin".
  • The directory at "<$PROGRAMFILES>\BuzzSearch".
Make sure you set your file manager to display hidden and system files. If Ad.BuzzSearch uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{396ECD31-EDF7-489F-BDA1-83DBA4C36E81}" at "HKEY_CLASSES_ROOT\TypeLib\".
  • Delete the registry key "{5cf5a690-c8f4-488e-9d20-f21aef602d41}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{5cf5a690-c8f4-488e-9d20-f21aef602d41}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{D0EC4142-5808-41D2-A4DC-6081CF1A9693}" at "HKEY_CLASSES_ROOT\Interface\".
  • Delete the registry key "BuzzSearch" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "BuzzSearch" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Delete the registry key "Update BuzzSearch" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
  • Delete the registry key "Update BuzzSearch" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
  • Delete the registry key "Update BuzzSearch" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
  • Delete the registry value "id" at "HKEY_CURRENT_USER\Software\BuzzSearch\".
  • Delete the registry value "iid" at "HKEY_CURRENT_USER\Software\BuzzSearch\".
  • Delete the registry value "is" at "HKEY_CURRENT_USER\Software\BuzzSearch\".
If Ad.BuzzSearch uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.

Manual Removal Guide for Win32.Agent.rmh

May 30, 2016, 9:51 am
$
0
0
The following instructions have been created to help you to get rid of "Win32.Agent.rmh" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • trojan

Description:
Win32.Agent.rmh connects to remote servers in the background.
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$PROGRAMFILES>\WithMoa\except.ini".
  • The file at "<$PROGRAMFILES>\WithMoa\IUtil.ini".
  • The file at "<$PROGRAMFILES>\WithMoa\uninstall.exe".
  • The file at "<$PROGRAMFILES>\WithMoa\widlib.dll".
  • The file at "<$PROGRAMFILES>\WithMoa\widmoa.dll".
  • The file at "<$PROGRAMFILES>\WithMoa\widservice.exe".
  • The file at "<$PROGRAMFILES>\WithMoa\withmoa.exe".
  • The file at "<$PROGRAMFILES>\WithMoa\withmoaun.exe".
  • The file at "<$WINDIR>\SYSTEM32\withmoaAX.ocx".
Make sure you set your file manager to display hidden and system files. If Win32.Agent.rmh uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$PROGRAMFILES>\WithMoa".
Make sure you set your file manager to display hidden and system files. If Win32.Agent.rmh uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "anyfund" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "anyfund" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
  • Delete the registry value "change" at "HKEY_CURRENT_USER\Software\anyfund\".
  • Delete the registry value "today" at "HKEY_LOCAL_MACHINE\SOFTWARE\anyfund\".
If Win32.Agent.rmh uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.

Manual Removal Guide for Win32.Kraddare

May 30, 2016, 9:51 am
$
0
0
The following instructions have been created to help you to get rid of "Win32.Kraddare" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • adware

Description:
Win32.Kraddare installs unwanted adware clinets.
Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.
  • Entries named "signkey" and pointing to "<$LOCALAPPDATA>\signkey\signkey.exe".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$LOCALAPPDATA>\signkey\iesignkey.exe".
  • The file at "<$LOCALAPPDATA>\signkey\signkey.exe".
  • The file at "<$LOCALAPPDATA>\signkey\skun.exe".
Make sure you set your file manager to display hidden and system files. If Win32.Kraddare uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
  • The directory at "<$LOCALAPPDATA>\signkey".
Make sure you set your file manager to display hidden and system files. If Win32.Kraddare uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "signkey" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "signkey" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall".
  • Remove "<regexpr>[A-Za-z ] " from registry value "Partner" at "HKEY_CURRENT_USER\Software\signkey\".
If Win32.Kraddare uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.

Manual Removal Guide for Win32.Kraddare

May 30, 2016, 6:40 pm

Manual Removal Guide for Win32.Agent.rmh

May 30, 2016, 6:40 pm

Manual Removal Guide for Ad.BuzzSearch

May 30, 2016, 6:40 pm
Search

Updating Free Version weekly

June 4, 2016, 8:42 am
$
0
0
I am using the free version of Spybot at the moment running Windows 8.1. I read that the free version updates once per week. I am assuming that this is an automatic update?
Spybot for me is not updating once per week. I always have to update manually after more than a week has gone past.
I do not have my own proxy so I have not ticked "Use own proxy to download updates" in Internet protection setting.

I have input the Spybot proxy settings in to my browser. This works fine.

Why would it not update automatically once per week?

Thank you.

Peter

Please fix your SDUpdate.exe

June 4, 2016, 3:06 pm
$
0
0
Please fix your SDUpdate.exe. This has been going on for a few months now and I have tried to get customer support to help me resolve this issue, and to no avail. I've done several things.. tried 2.5 beta, uninstalled and reinstalled, looked into the fault extensively.. but the only results I have found were issued caused by SDUpdate.exe itself. It spams my Event Viewer with Application Errors and it has started to get to the point where it lags out my computer for a split second. This is posted about every 5 minutes in my event viewer as an error:

Faulting application name: SDUpdate.exe, version: 2.4.40.94, time stamp: 0x53ad3eee
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a7e4
Exception code: 0x0eedfade
Fault offset: 0x0000c54f
Faulting process id: 0x16e4
Faulting application start time: 0x01d1beabe090ccdb
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 1f852e71-2a9f-11e6-a2d1-bc5ff435fa53

Computer Supper Slow, Please Help, Logs included

June 4, 2016, 7:31 pm
$
0
0
[i] 16-03-09 19:25:28 TFileScanHTTPDaemon Listening on port 21323
[i] 16-03-09 19:25:28 TWebTestHTTPDaemon Listening on port 21322
[i] 16-03-09 19:25:28 TWebTestHTTPDaemon Successfully started listening on port 21322.
[i] 16-03-09 19:25:28 TFileScanHTTPDaemon Successfully started listening on port 21323.
[i] 16-03-09 19:27:42 TFileScanHTTPDaemon HTTP daemon on port 21323 closed.
[i] 16-03-09 19:27:42 TWebTestHTTPDaemon HTTP daemon on port 21322 closed.
[i] 16-03-10 03:20:35 TFileScanHTTPDaemon Listening on port 21323
[i] 16-03-10 03:20:35 TWebTestHTTPDaemon Listening on port 21322
[i] 16-03-10 03:20:35 TFileScanHTTPDaemon Successfully started listening on port 21323.
[i] 16-03-10 03:20:35 TWebTestHTTPDaemon Successfully started listening on port 21322.
[i] 16-03-11 19:56:05 TFileScanHTTPDaemon HTTP daemon on port 21323 closed.
[i] 16-03-11 19:56:07 TWebTestHTTPDaemon HTTP daemon on port 21322 closed.
[i] 16-03-11 19:57:42 TWebTestHTTPDaemon Listening on port 21322
[i] 16-03-11 19:57:42 TFileScanHTTPDaemon Listening on port 21323
[i] 16-03-11 19:57:42 TFileScanHTTPDaemon Successfully started listening on port 21323.
[i] 16-03-11 19:57:42 TWebTestHTTPDaemon Successfully started listening on port 21322.
[i] 16-03-14 15:00:48 TFileScanHTTPDaemon HTTP daemon on port 21323 closed.
[i] 16-03-14 15:00:49 TWebTestHTTPDaemon HTTP daemon on port 21322 closed.
[i] 16-03-14 15:02:16 TFileScanHTTPDaemon Listening on port 21323
[i] 16-03-14 15:02:16 TFileScanHTTPDaemon Successfully started listening on port 21323.
[i] 16-03-14 15:02:16 TWebTestHTTPDaemon Listening on port 21322
[i] 16-03-14 15:02:16 TWebTestHTTPDaemon Successfully started listening on port 21322.
[i] 16-03-27 09:29:16 TFileScanHTTPDaemon HTTP daemon on port 21323 closed.
[i] 16-03-27 09:29:18 TWebTestHTTPDaemon HTTP daemon on port 21322 closed.
[i] 16-03-27 09:31:20 TWebTestHTTPDaemon Listening on port 21322
[i] 16-03-27 09:31:20 TFileScanHTTPDaemon Listening on port 21323
[i] 16-03-27 09:31:20 TWebTestHTTPDaemon Successfully started listening on port 21322.
[i] 16-03-27 09:31:20 TFileScanHTTPDaemon Successfully started listening on port 21323.
[i] 16-04-01 08:22:32 TFileScanHTTPDaemon HTTP daemon on port 21323 closed.
[i] 16-04-01 08:22:34 TWebTestHTTPDaemon HTTP daemon on port 21322 closed.
[i] 16-04-01 08:24:17 TFileScanHTTPDaemon Listening on port 21323
[i] 16-04-01 08:24:17 TWebTestHTTPDaemon Listening on port 21322
[i] 16-04-01 08:24:17 TFileScanHTTPDaemon Successfully started listening on port 21323.
[i] 16-04-01 08:24:17 TWebTestHTTPDaemon Successfully started listening on port 21322.
[i] 16-04-17 14:42:00 TFileScanHTTPDaemon HTTP daemon on port 21323 closed.
[i] 16-04-17 14:42:02 TWebTestHTTPDaemon HTTP daemon on port 21322 closed.
[i] 16-04-17 14:44:05 TFileScanHTTPDaemon Listening on port 21323
[i] 16-04-17 14:44:07 TWebTestHTTPDaemon Listening on port 21322
[i] 16-04-17 14:44:07 TWebTestHTTPDaemon Successfully started listening on port 21322.
[i] 16-04-17 14:44:07 TFileScanHTTPDaemon Successfully started listening on port 21323.
[i] 16-04-18 03:34:41 TFileScanHTTPDaemon HTTP daemon on port 21323 closed.
[i] 16-04-18 03:34:43 TWebTestHTTPDaemon HTTP daemon on port 21322 closed.
[i] 16-04-18 03:37:06 TWebTestHTTPDaemon Listening on port 21322
[i] 16-04-18 03:37:06 TWebTestHTTPDaemon Successfully started listening on port 21322.
[i] 16-04-18 03:37:06 TFileScanHTTPDaemon Listening on port 21323
[i] 16-04-18 03:37:06 TFileScanHTTPDaemon Successfully started listening on port 21323.
[i] 16-04-23 08:31:22 TFileScanHTTPDaemon HTTP daemon on port 21323 closed.
[i] 16-04-23 08:31:23 TWebTestHTTPDaemon HTTP daemon on port 21322 closed.
[i] 16-04-23 08:33:04 TWebTestHTTPDaemon Listening on port 21322
[i] 16-04-23 08:33:04 TFileScanHTTPDaemon Listening on port 21323
[i] 16-04-23 08:33:04 TWebTestHTTPDaemon Successfully started listening on port 21322.
[i] 16-04-23 08:33:04 TFileScanHTTPDaemon Successfully started listening on port 21323.
[i] 16-05-18 20:59:49 TFileScanHTTPDaemon HTTP daemon on port 21323 closed.
[i] 16-05-18 20:59:50 TWebTestHTTPDaemon HTTP daemon on port 21322 closed.
[i] 16-05-20 03:37:37 TWebTestHTTPDaemon Listening on port 21322
[i] 16-05-20 03:37:37 TFileScanHTTPDaemon Listening on port 21323
[i] 16-05-20 03:37:37 TWebTestHTTPDaemon Successfully started listening on port 21322.
[i] 16-05-20 03:37:37 TFileScanHTTPDaemon Successfully started listening on port 21323.
[i] 16-05-29 18:47:34 TFileScanHTTPDaemon HTTP daemon on port 21323 closed.
[i] 16-05-29 18:47:36 TWebTestHTTPDaemon HTTP daemon on port 21322 closed.
[i] 16-05-29 18:49:30 TFileScanHTTPDaemon Listening on port 21323
[i] 16-05-29 18:49:30 TFileScanHTTPDaemon Successfully started listening on port 21323.
[i] 16-05-29 18:49:30 TWebTestHTTPDaemon Listening on port 21322
[i] 16-05-29 18:49:30 TWebTestHTTPDaemon Successfully started listening on port 21322.
[i] 16-06-02 12:45:27 TFileScanHTTPDaemon HTTP daemon on port 21323 closed.
[i] 16-06-02 12:45:29 TWebTestHTTPDaemon HTTP daemon on port 21322 closed.
[i] 16-06-02 12:47:45 TFileScanHTTPDaemon Listening on port 21323
[i] 16-06-02 12:47:45 TFileScanHTTPDaemon Successfully started listening on port 21323.
[i] 16-06-02 12:47:45 TWebTestHTTPDaemon Listening on port 21322
[i] 16-06-02 12:47:45 TWebTestHTTPDaemon Successfully started listening on port 21322.
[i] 16-06-02 13:41:59 TFileScanHTTPDaemon HTTP daemon on port 21323 closed.
[i] 16-06-02 13:42:00 TWebTestHTTPDaemon HTTP daemon on port 21322 closed.
[i] 16-06-02 13:43:39 TFileScanHTTPDaemon Listening on port 21323
[i] 16-06-02 13:43:39 TWebTestHTTPDaemon Listening on port 21322
[i] 16-06-02 13:43:39 TFileScanHTTPDaemon Successfully started listening on port 21323.
[i] 16-06-02 13:43:39 TWebTestHTTPDaemon Successfully started listening on port 21322.
[i] 16-06-02 14:18:34 TFileScanHTTPDaemon HTTP daemon on port 21323 closed.
[i] 16-06-02 14:18:36 TWebTestHTTPDaemon HTTP daemon on port 21322 closed.
[i] 16-06-02 14:19:54 TFileScanHTTPDaemon Listening on port 21323
[i] 16-06-02 14:19:54 TWebTestHTTPDaemon Listening on port 21322
[i] 16-06-02 14:19:54 TFileScanHTTPDaemon Successfully started listening on port 21323.
[i] 16-06-02 14:19:54 TWebTestHTTPDaemon Successfully started listening on port 21322.
[i] 16-06-04 17:57:17 TWebTestHTTPDaemon Listening on port 21322
[i] 16-06-04 17:57:17 TFileScanHTTPDaemon Listening on port 21323
[i] 16-06-04 17:57:17 TWebTestHTTPDaemon Successfully started listening on port 21322.
[i] 16-06-04 17:57:17 TFileScanHTTPDaemon Successfully started listening on port 21323.

New to Spoybot Beacon.

June 6, 2016, 1:38 pm
$
0
0
Installed 1.5. Did the immunization. Do I have to open the program each time I turn on my PC (Windows 10) or will it run in background automatically? Thanks, Jeff

Spybot will not Fix Selected

June 7, 2016, 11:11 am
$
0
0
I am running Windows 7, Spybot A&D +AV Professional 2.6 on Administrator.

When I get to the end of the scan and try to 'Fix Selected' I get the following messages:

"Could not allocate memory for environment block"

and

"Failed to load \Spybot - Search _Destroy 2\DelZip192.dll
Invalid access to memory location"

Any advice would be appreciated.
Many thanks

Full system scan sticks at 4.6%

June 7, 2016, 11:41 am
$
0
0
I've tried for a few days to run a full scan, each time it tells me that the Estimated Time to completion is 597 minutes.

7 hours and 40 minutes after I started the scan today, I clicked 'Stop Scan' as it was still only at 4.6%

I am having to select drives and folders separately in order to scan the system.

I have Windows 7, and am running Spybot S&D +AV 2.6 Professional on Administrator

Any help you can give will be appreciated.
Many thanks

Manual Removal Guide for Win32.Swizzor.st

June 8, 2016, 4:18 am
$
0
0
The following instructions have been created to help you to get rid of "Win32.Swizzor.st" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • trojan

Description:
Swizzor variant. Copies the Trojan file 'mswinexe.exe' into the system directory and redirects shell and userinit variables to it. This Swizzor variants operates with redirecting JS files.
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • The file at "<$SYSDIR>\mswinexe.exe".
Make sure you set your file manager to display hidden and system files. If Win32.Swizzor.st uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "DEADBOOBSUPPORT" at "HKEY_CURRENT_USER\Software\".
  • Delete the registry key "seek one blue" at "HKEY_CURRENT_USER\Software\DEADBOOBSUPPORT\".
  • Delete the registry value "messcash" at "HKEY_CURRENT_USER\Software\DEADBOOBSUPPORT\".
  • Delete the registry value "WindowsExplorer" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\".
  • Remove "<regexpr> .<$SYSDIR>\\mswinexe\.exe." from registry value "Shell" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon".
  • Remove "<regexpr>.<$SYSDIR>\\mswinexe\.exe.\," from registry value "Userinit" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon".
If Win32.Swizzor.st uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Search

Manual Removal Guide for Win32.Swizzor.st

June 8, 2016, 10:40 am

Manual Removal Guide for Ad.KeepSurf

June 8, 2016, 10:40 am

Manual Removal Guide for Ad.Karatoh

June 8, 2016, 10:40 am

Manual Removal Guide for Ad.JumpFlip

June 8, 2016, 10:40 am

Manual Removal Guide for Ad.CrankWeb

June 8, 2016, 10:40 am
Viewing all 7596 articles
Browse latest View live
Search