Quick question about spyware in the registry

Started by komkast, March 23, 2006, 07:54:10 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

komkast

March 23, 2006, 07:54:10 PM
the following locations:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

on my computer have massive lists of what appears to be Urls to every website/ ad page my internet has ever loaded, most look like spyware/ porn websites that I personally havnt been to that I know of, I was wondering if these lists are suppose to be there or if there spyware or what, I have Ad-Aware SE Professional, Xoftspy, ZoneAlarm Security Suite, A-Squared Avast Professional Antivirus and use to have spybot.. the only of those programs to find anything related to those locatations was ZoneAlarm which found a trojan dialer near those lists and removed it but didnt remove the lists... help?

GR@PH;<'S

#1
March 23, 2006, 09:20:14 PM
komkast,
you can clear your History from your PC.
I recommend that you clear out your cache folder ie: temporary internet folder There are some free programs that you can use that will do that for you if needed like ;)
CCleaner
(Note in CCleaner: go to >options > advanced > Uncheck "Only delete files in Windows Temp folders older than 48 hours").
Then can you make sure that you have Ad-aware SE Build 106 if so please use the WebUpDate to get the  latest Definition file
(SE1R100 23.03.2006)
then scan by doing a  "Full Scan"  then post your logfile here by using the Add-Reply Feature .

GR@PH;<'S   :breakkie:
press Enter then have a Brandy then if the problem is still there have another Brandy
Q: does it work
A: It does seem to for a few hours at least.

winchester73

#2
March 24, 2006, 01:51:33 PM
Do you have IE-Spyad or SpywareBlaster installed?

QuoteHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History

IE6 added a Privacy tab to allow users to control cookies.  Your "privacy" levels are stored in the registry at the same location as the "security zones".  The above registry key is where site-based cookies can be allowed or blocked ... listed under this key are domains that have been added ... they carry either of the following DWORD values:

0x00000005 - Always Block
0x00000001 - Always Allow

QuoteHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

The ZoneMap key contains several items, but as for "domains" ... this key contains changes added to the default.  The Domains key will have a DWORD with a value name of the affected protocol. The value of the DWORD will be the same as the numeric value of the security zone where the domain is added.

Quotethe only of those programs to find anything related to those locatations was ZoneAlarm which found a trojan dialer near those lists and removed it but didnt remove the lists

Was it Win32.Trojan.Dialer.hz?

If so, it's a false positive:  http://forum.zonelabs.org/zonelabs/board/message?board.id=Antivirus&message.id=10436
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

komkast

#3
March 29, 2006, 02:09:14 AM
Yeah I got Ccleaner GR@PH;<'S, ill try unchecking that 48 hour box, and thanx for all that Winchester, I just added IE-Spyad yesterday and figured that stuff out, and yes it was dialer.hz, good that it was a false alarm & my ad-aware is up to date... now all I have left to deal with is Trojano-472 killing my memory :x anyone get bored & feel like helping me with that? (lol) feel free to email me... kom.kast [at] yahoo.com thanx for the help...  :firefox:

SpiritWind

#4
March 29, 2006, 05:16:40 PM
 :D  Hi Komkast :

      For trojan, worm, etc detection & removal, I recommend the good & FREE "Ewido"
      available from www.ewido.net/en . There's a tutorial at :   
      www.greyknight17.com/spy/Tutorials/ewidoQuickGuide.pdf .

      And Eric Howes of IE-Spyad now recommend IE-Spyad for ZonedOut, available
      at www.funkytoad.com/zonedout.htm .

     
For the BEST in what counts in Life :

www.tacf.org

komkast

#5
March 30, 2006, 09:54:32 PM
Ive got Ewidos, A-Squared, Xoftspy & IE-Spyad SpiritWind none of them find it only my antivirus (Avast Professional) the viruses name is [VBS] Trojano-472 and it cant be a fake / false alarm because ever since Avast brought it to my attention my memory usage went from 60% to 90-100% ... just simply playing a video playing in windows media player and having firefox open is lagging me... Theres no file location for it only a hexidecimal (I think) location of where it is in the memory....
Print
Go Up Pages1
User actions