Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Brynn

Pages: 1 ... 27 28 [29]
421
Analysis and Malware Removal / Re: Spybot S&D Threat Descriptions?
« on: August 27, 2005, 04:29:13 PM »
 :cry:
Looks like the saga is not over yet, Friends.
I did realize that I had not Immunized with the new version, just before my scan today.  So I Immunized and scanned, and the darn LSA shows up again.  It gets worse...confusing the LSA, temporarily, with something else, I thought I should tell Spybot S&D to Ignore it.  I don't even know what I was thinking about.  So the most immediate concern, is how do I "un-Ignore" it.  As soon as I can do that, I will post a new log.  While waiting for a reply here, I will be trying to figure out how to "un-Ignore" by myself.  But if you're reading this and find no new log below, please let me know how.

Thanks Everyone, for all the awesome info posted to this thread.

422
Analysis and Malware Removal / Re: Spybot S&D Threat Descriptions?
« on: August 20, 2005, 01:20:21 AM »
Guns and computers, huh?  ...interesting!
Ok, just kidding  :D

Thanks, winchester73.  I more than welcome any tip from a professional!
But darn it, it seems like I just downloaded a current Acrobat Reader.  Maybe I didn't install it right, or something.  I'll look into it.  But I do use IE-SpyAd, and just got the newest version (per my last message).

On the new security programs, can you please tell me, what are the benefits of Javacool's SpywareBlaster and SpywareGuard?  It's just I'm starting to feel like I'm bordering on over-kill, with all this security stuff.  But of course I want to be protected.  Anyway, what do these programs do, that all my other programs don't?  I know I can follow your link and read about it, but I'm hoping you can make it easier for me?  LOL!!  I don't mean to be insulting, like I'm using you or wasting your time.  I'm just plain lazy.  Veeerrry lazy!  As I intimated earlier, the whole computer security industry, or maybe more the whole need for so much security, is overwhelming to me, and I assume most "average" computer/internet users.  So anyway, if it's too much trouble for you to explain, don't worry about it.  I will go and read about.  I very, very much appreciate your comments already.

All best  :)

423
Analysis and Malware Removal / Re: Spybot S&D Threat Descriptions?
« on: August 19, 2005, 07:10:34 AM »
Hi Corrine,
Ok, I finally finished uninstalling, downloading, and installing new versions of CWShredder, Ad-Aware SE Personal, Spybot S&D, IE-SpyAd, and CCleaner (which I realize is not a security program, but useful just the same).  I thought I had read there was a new version of Hijack This, but it turns out I have the newest version.  In any case, all my scans are now clean.   You were right about the LSA threat in my last scan with the old Spybot S&D version.  It does not show up in scans with the new version.  So yeehaa!!  :gwave:

OH!  But wow :shock: the scan goes super fast with the new version!!  It's like a flash!  I ran 3 scans in a row, thinking the scan was somehow aborting, immediately after it started.  I mean, when I was downloading the new version, it did say it was a little faster.  I just didn't expect it to be this fast.  My goodness, the scan used to take 10 or 15 minutes, and with the new version, it takes about 5 seconds, no kidding!  I wish Ad-Aware and Norton would make their scans that fast  :)

Well anyway, many, many, many thanks, Corrine!  I so appreciate your patience, help and support.  All best  :D

424
Analysis and Malware Removal / Re: Spybot S&D Threat Descriptions?
« on: August 15, 2005, 12:16:34 PM »
Oh geez!
Well I had just scanned with Spybot a few days before -- Thursday -- and it was clean.  So either I just picked up this LSA, or I just got the definition to detect it....I guess...???

Ok, then I should just do nothing with these LSA threats, or maybe they're "threats"?  What about Hijack This?  Not to be disrespectful, but normally I give brand new versions (of anything) a few months before I use them, just to make sure those surprise glitches, which seem to often occur with new versions (of anything), get worked out before I use it.

....SIGH!!!....
Ok, well, I need to get the new v of Ad-Aware.  And I just read where there's a new v of Hijack This.  So I will ignore...I mean personally I will ignore the LSA, for now, not that I'm going to tell Spybot to ignore it ;)  Then I will go and get brand neweverything, brand new definitions, and scan with everything!  :lol:

Yes, I will definitely keep you posted, one way or another.  Thank you very much.
Geez, this security business is beginning to take more time than what I spend online in the first place!  AAaaaarrrggh!!!

425
Analysis and Malware Removal / Re: Spybot S&D Threat Descriptions?
« on: August 15, 2005, 05:18:10 AM »
Hhm.  I put LSA in Google, and found this:
http://www.microsoft.com/technet/security/bulletin/ms99-020.mspx
and this:
http://www.insecure.org/sploits/NT.LSA.secrets.html

Neither of which I understand, or helps me to understand the Spybot threat  :?

426
Analysis and Malware Removal / Re: Spybot S&D Threat Descriptions?
« on: August 15, 2005, 03:34:05 AM »
Hi Corrine,
Oh, well I would never post on 2 forums to troubleshoot a problem.  But since I was only asking where to find this threat info, and since neither forum looked very busy today, I figured posting in both would get an answer sooner.  As it turns out, I fell asleep right after posting!  LOL!!  Anyway, now I will either delete the other message, or post I found the answer, in a reply.  So, I'm all yours!  :lol:

Ok, I've made it through your instructions through the first uncheck item.  The 2nd and 3rd options are not there.  However there are 8 options which are similar, and I'm assuming it's just a matter of terminology, and what you want me to uncheck is probably there.  Unfortunately I can't figure out which ones they are.  But I'll guess.  Ok, one item is "Include list of Winsock LSPs in report"  Since the S in LSP is Services, I'm going to uncheck it, and hope it's the list of services not to include.  Ok, and in the Tools menu (along the left) has an item called Uninstall Info, which appears not to be included in the list in the first place.  So hopefully this it what you want.  If not, just let me know.

--- Search result list ---
LSA: Settings (Registry key, nothing done)
  HKEY_USERS\S-1-5-18\SYSTEM\CurrentControlSet\Control\Lsa

LSA: Settings (Registry key, nothing done)
  HKEY_USERS\S-1-5-21-1659004503-1965331169-682003330-1003\SYSTEM\CurrentControlSet\Control\Lsa

LSA: Settings (Registry key, nothing done)
  HKEY_USERS\.DEFAULT\SYSTEM\CurrentControlSet\Control\Lsa


--- Spybot - Search && Destroy version: 1.3  ---
2005-04-26 Includes\Cookies.sbi
2005-08-12 Includes\Dialer.sbi
2005-08-12 Includes\Hijackers.sbi
2005-06-23 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-08-12 Includes\Malware.sbi
2005-08-12 Includes\PUPS.sbi
2005-04-27 Includes\Revision.sbi
2005-08-06 Includes\Security.sbi
2005-08-12 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-08-12 Includes\Trojans.sbi


--- System information ---
Windows XP (Build: 2600) Service Pack 2
 / Internet Explorer 6 / SP1: Windows XP Hotfix - KB834707
 / Windows XP / SP2: Windows XP Service Pack 2
 / Windows XP / SP3: Windows XP Hotfix - KB834707
 / Windows XP / SP3: Windows XP Hotfix - KB867282
 / Windows XP / SP3: Windows XP Hotfix - KB873333
 / Windows XP / SP3: Windows XP Hotfix - KB873339
 / Windows XP / SP3: Security Update for Windows XP (KB883939)
 / Windows XP / SP3: Windows XP Hotfix - KB885250
 / Windows XP / SP3: Windows XP Hotfix - KB885835
 / Windows XP / SP3: Windows XP Hotfix - KB885836
 / Windows XP / SP3: Windows XP Hotfix - KB885884
 / Windows XP / SP3: Windows XP Hotfix - KB886185
 / Windows XP / SP3: Windows XP Hotfix - KB887472
 / Windows XP / SP3: Windows XP Hotfix - KB887742
 / Windows XP / SP3: Windows XP Hotfix - KB887797
 / Windows XP / SP3: Windows XP Hotfix - KB888113
 / Windows XP / SP3: Windows XP Hotfix - KB888302
 / Windows XP / SP3: Security Update for Windows XP (KB890046)
 / Windows XP / SP3: Windows XP Hotfix - KB890047
 / Windows XP / SP3: Windows XP Hotfix - KB890175
 / Windows XP / SP3: Windows XP Hotfix - KB890859
 / Windows XP / SP3: Windows XP Hotfix - KB890923
 / Windows XP / SP3: Windows XP Hotfix - KB891781
 / Windows XP / SP3: Security Update for Windows XP (KB893066)
 / Windows XP / SP3: Windows XP Hotfix - KB893086
 / Windows XP / SP3: Security Update for Windows XP (KB893756)
 / Windows XP / SP3: Windows Installer 3.1 (KB893803)
 / Windows XP / SP3: Windows Installer 3.1 (KB893803)
 / Windows XP / SP3: Update for Windows XP (KB894391)
 / Windows XP / SP3: Security Update for Windows XP (KB896358)
 / Windows XP / SP3: Security Update for Windows XP (KB896422)
 / Windows XP / SP3: Security Update for Windows XP (KB896423)
 / Windows XP / SP3: Security Update for Windows XP (KB896428)
 / Windows XP / SP3: Update for Windows XP (KB896727)
 / Windows XP / SP3: Update for Windows XP (KB898461)
 / Windows XP / SP3: Security Update for Windows XP (KB899587)
 / Windows XP / SP3: Security Update for Windows XP (KB899588)
 / Windows XP / SP3: Security Update for Windows XP (KB899591)
 / Windows XP / SP3: Update for Windows XP (KB900930)
 / Windows XP / SP3: Security Update for Windows XP (KB901214)
 / Windows XP / SP3: Security Update for Windows XP (KB903235)


--- Startup entries list ---
Located: HK_LM:Run, ccApp
command: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
   file: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
   size: 58992
    MD5: 35e1f41f9cea284f8484172180dc1012

Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\system32\hkcmd.exe
   file: C:\WINDOWS\system32\hkcmd.exe
   size: 118784
    MD5: 66a5047df0c0cec911b95b5b1e24cebc

Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\system32\igfxtray.exe
   file: C:\WINDOWS\system32\igfxtray.exe
   size: 155648
    MD5: d24b9b36c06ca0acf7ca2c69d9bb25b5

Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
   file: C:\WINDOWS\system32\dumprep.exe
   size: 10752
    MD5: 13922eb54890c77005268882629a31fe

Located: HK_LM:Run, Microsoft Works Portfolio
command: C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

Located: HK_LM:Run, Microsoft Works Update Detection
command: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
   file: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
   size: 28738
    MD5: 5ac34c17115d3818dc9c9f5b2d909858

Located: HK_LM:Run, MMTray
command: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
   file: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
   size: 90112
    MD5: 9d20ca8871a7a138f0a0f63553eb2d57

Located: HK_LM:Run, Share-to-Web Namespace Daemon
command: C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
   file: C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
   size: 57344
    MD5: d4f5faa2fd2dc5923c82ee5808beed7c

Located: HK_LM:Run, Symantec NetDriver Monitor
command: C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
   file: C:\PROGRA~1\SYMNET~1\SNDMon.exe
   size: 100056
    MD5: f9418981ee4d7e995d359833adab59d5

Located: HK_LM:Run, UserFaultCheck
command: %systemroot%\system32\dumprep 0 -u
   file: C:\WINDOWS\system32\dumprep.exe
   size: 10752
    MD5: 13922eb54890c77005268882629a31fe

Located: HK_LM:Run, WorksFUD
command: C:\Program Files\Microsoft Works\wkfud.exe
   file: C:\Program Files\Microsoft Works\wkfud.exe
   size: 24576
    MD5: 8f13ea2d495ae946b1f33898ada8fdd5

Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
   file: C:\Program Files\Messenger\msmsgs.exe
   size: 1694208
    MD5: 74e6e96c6f0e2eca4edbb7f7a468f259

Located: HK_CU:Run, SpybotSD TeaTimer
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
   file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
   size: 1038336
    MD5: 58f7e6434d285f4c98ad3621e0bd8c8d

Located: Startup (common), HPAiODevice(hp psc 700 series) - 1.lnk
command: C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
   file: C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
   size: 487484
    MD5: 4f465e03aa8cfa07755b76b49f353887

Located: Startup (common), Internet Answering Machine.lnk
command: C:\Program Files\CallWave\IAM.exe
   file: C:\Program Files\CallWave\IAM.exe
   size: 1061984
    MD5: 7b6f470379196e954b3ae266edd2aa38

Located: Startup (common), Microsoft Office.lnk
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
   file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
   size: 83360
    MD5: 5bc65464354a9fd3beaa28e18839734a

Located: Startup (common), Microsoft Works Calendar Reminders.lnk
command: C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
   file: C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
   size: 24633
    MD5: 39fdfd34f7b04290d1bc53e3d6ec7d83



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
          BHO name:
        CLSID name: AcroIEHlprObj Class
       description: Adobe Acrobat reader
    classification: Legitimate
    known filename: AcroIEhelper.ocx
AcroIEhelper.dll
         info link: http://www.adobe.com/products/acrobat/readstep2.html
       info source: TonyKlein
              Path: C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\
         Long name:   AcroIEHelper.ocx
        Short name:       ACROIE~1.OCX
    Date (created): 12/31/2004 3:42:32 PM
Date (last access): 8/14/2005 10:05:52 PM
 Date (last write): 3/2/2001 1:02:04 PM
          Filesize:              37808
        Attributes:                   
               MD5: 8394ABFC1BE196A62C9F532511936DF7
             CRC32:           71D6E350
           Version:            0.1.0.0

{53707962-6F74-2D53-2644-206D7942484F} ()
          BHO name:
        CLSID name:
       description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDhelper.dll
         info link: http://spybot.eon.net.au/
       info source: Patrick M. Kolla
              Path: C:\PROGRA~1\SPYBOT~1\
         Long name:       SDHelper.dll
        Short name:                   
    Date (created): 5/12/2004 2:03:00 AM
Date (last access): 8/14/2005 10:05:52 PM
 Date (last write): 5/12/2004 2:03:00 AM
          Filesize:             744960
        Attributes:           archive
               MD5: ABF5BA518C6A5ED104496FF42D19AD88
             CRC32:           5587736E
           Version:            0.1.0.3

{9ECB9560-04F9-4bbc-943D-298DDF1699E1} (Norton Internet Security)
          BHO name: Norton Internet Security
        CLSID name: CNisExtBho Class
       description: NIS 2004,
    classification: Legitimate
    known filename: NISShExt.dll
         info link: http://www.symantec.com/sabu/nis/nis_pe/
       info source: TonyKlein
              Path: C:\Program Files\Common Files\Symantec Shared\AdBlocking\
         Long name:       NISShExt.dll
        Short name:                   
    Date (created): 8/31/2004 3:29:54 AM
Date (last access): 8/14/2005 10:05:52 PM
 Date (last write): 8/31/2004 3:29:54 AM
          Filesize:             103568
        Attributes:           archive
               MD5: C022E044C7693F7581FFA624BC61BA16
             CRC32:           AAC028CD
           Version:            0.8.0.0

{BDF3E430-B101-42AD-A544-FADC6B084872} (NAV Helper)
          BHO name: NAV Helper
        CLSID name: CNavExtBho Class
       description: Norton Antivirus
    classification: Legitimate
    known filename: NavShExt.dll
         info link: http://www.symantec.com/nav/nav_9xnt/
       info source: TonyKlein
              Path: C:\Program Files\Norton Internet Security\Norton AntiVirus\
         Long name:       NAVSHEXT.DLL
        Short name:                   
    Date (created): 8/30/2004 7:34:34 PM
Date (last access): 8/14/2005 10:05:52 PM
 Date (last write): 1/10/2005 1:20:36 PM
          Filesize:             218736
        Attributes:           archive
               MD5: 46CE9AE4F88ED616A149924F40EB10D7
             CRC32:           5BC5C6AE
           Version:           0.11.0.0



--- ActiveX list ---
Microsoft XML Parser for Java (Microsoft XML Parser for Java)
          DPF name: Microsoft XML Parser for Java
        CLSID name:
       description:
    classification: Legitimate
    known filename: %WINDIR%\Java\classes\xmldso.cab
         info link:
       info source: Patrick M. Kolla

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
          DPF name:
        CLSID name: Windows Genuine Advantage Validation Tool
              Path: C:\WINDOWS\system32\
         Long name: LegitCheckControl.DLL
        Short name:       LEGITC~1.DLL
    Date (created): 7/12/2005 6:04:22 PM
Date (last access): 8/14/2005 10:05:52 PM
 Date (last write): 8/3/2005 10:33:42 AM
          Filesize:             520456
        Attributes:           archive
               MD5: 386D5DD972E4F6A1CF7F626751FD29F7
             CRC32:           3C9940B2
           Version:            0.1.0.3

{1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class)
          DPF name:
        CLSID name: LSSupCtl Class
              Path: C:\WINDOWS\Downloaded Program Files\
         Long name:       LSSupCtl.dll
        Short name:                   
    Date (created): 10/27/2004 3:10:26 PM
Date (last access): 8/14/2005 10:05:52 PM
 Date (last write): 10/27/2004 3:10:26 PM
          Filesize:             111752
        Attributes:           archive
               MD5: C8FEBEA460AAD5C1B6817F9676E03F78
             CRC32:           807349F9
           Version:            0.3.0.1

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner)
          DPF name:
        CLSID name: Symantec AntiVirus scanner
       description: Symantec online scanner
    classification: Legitimate
    known filename: AVSNIFF.DLL
         info link:
       info source: Patrick M. Kolla
              Path: C:\WINDOWS\Downloaded Program Files\
         Long name:        avsniff.dll
        Short name:                   
    Date (created): 10/26/2004 7:14:08 PM
Date (last access): 8/14/2005 10:05:52 PM
 Date (last write): 10/26/2004 7:14:08 PM
          Filesize:             197760
        Attributes:           archive
               MD5: 8C505A352CE49B8BB0822D67EF8892E6
             CRC32:           6768F662
           Version:          7.212.0.6

{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
          DPF name:
        CLSID name: MSN Photo Upload Tool
              Path: C:\WINDOWS\Downloaded Program Files\
         Long name:       MsnPUpld.dll
        Short name:                   
    Date (created): 10/8/2004 4:01:22 PM
Date (last access): 8/14/2005 10:05:54 PM
 Date (last write): 10/8/2004 4:01:22 PM
          Filesize:             372736
        Attributes:           archive
               MD5: D2ED523BB0FE94F8F492BEFE1C336040
             CRC32:           C4677625
           Version:           0.10.0.0

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
          DPF name:
        CLSID name: WUWebControl Class
              Path: C:\WINDOWS\system32\
         Long name:          wuweb.dll
        Short name:                   
    Date (created): 8/3/2004 2:59:06 PM
Date (last access): 8/14/2005 10:05:54 PM
 Date (last write): 5/26/2005 4:16:30 AM
          Filesize:             173536
        Attributes:           archive
               MD5: C459F2D5E64C942F3F66E1CD7F1C4C00
             CRC32:           EEF66B50
           Version:            0.5.0.8

{644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
          DPF name:
        CLSID name: Symantec RuFSI Utility Class
              Path: C:\WINDOWS\Downloaded Program Files\
         Long name:          rufsi.dll
        Short name:                   
    Date (created): 10/26/2004 7:14:18 PM
Date (last access): 8/14/2005 10:05:54 PM
 Date (last write): 10/26/2004 7:14:18 PM
          Filesize:             160928
        Attributes:           archive
               MD5: 7FC8A8D89A80ED7443F00C31AEDAC9A9
             CRC32:           3EC34C3D
           Version:          7.212.0.6

{9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control)
          DPF name:
        CLSID name: MSN File Upload Control
              Path: C:\WINDOWS\DOWNLO~1\
         Long name:        MsnUpld.dll
        Short name:                   
    Date (created): 5/19/2003 3:30:40 PM
Date (last access): 8/14/2005 10:05:54 PM
 Date (last write): 5/19/2003 3:30:40 PM
          Filesize:             205880
        Attributes:           archive
               MD5: 0F6F48E86D0F5FE47E4C7D364B7C579B
             CRC32:           72C6AB39
           Version:            0.9.0.0

{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
          DPF name:
        CLSID name:
       description: Windows Update
    classification: Legitimate
    known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
         info link:
       info source: Patrick M. Kolla

{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class)
          DPF name:
        CLSID name: ActiveDataInfo Class
              Path: C:\WINDOWS\Downloaded Program Files\
         Long name:       SymAData.dll
        Short name:                   
    Date (created): 12/20/2004 7:03:36 PM
Date (last access): 8/14/2005 10:05:54 PM
 Date (last write): 12/20/2004 7:03:36 PM
          Filesize:             157288
        Attributes:           archive
               MD5: D39C8355D0587B6A3FD2325DA7E2919C
             CRC32:           B639D5B5
           Version:            0.2.0.0



--- Process list ---
Spybot - Search && Destroy process list report, 8/14/2005 10:21:52 PM

PID:    0 (   0) [System]
PID:    4 (   0) System
PID:  172 ( 540) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PID:  416 (   4) \SystemRoot\System32\smss.exe
PID:  472 ( 416) csrss.exe
PID:  496 ( 416) \??\C:\WINDOWS\system32\winlogon.exe
PID:  540 ( 496) C:\WINDOWS\system32\services.exe
PID:  552 ( 496) C:\WINDOWS\system32\lsass.exe
PID:  696 ( 704) C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
PID:  704 ( 540) C:\WINDOWS\system32\svchost.exe
PID:  752 ( 540) svchost.exe
PID:  792 ( 540) C:\WINDOWS\System32\svchost.exe
PID:  836 ( 704) C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
PID:  848 ( 540) svchost.exe
PID:  940 ( 540) svchost.exe
PID: 1164 ( 540) C:\WINDOWS\system32\spoolsv.exe
PID: 1172 (1124) C:\WINDOWS\Explorer.EXE
PID: 1308 ( 540) C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PID: 1340 (1172) C:\WINDOWS\system32\hkcmd.exe
PID: 1348 (1172) C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
PID: 1388 (1172) C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
PID: 1408 (1172) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PID: 1432 (1172) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PID: 1464 ( 704) C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
PID: 1524 (1172) C:\Program Files\Messenger\msmsgs.exe
PID: 1532 (1172) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PID: 1564 ( 540) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PID: 1596 ( 540) C:\Program Files\Norton Internet Security\ISSVC.exe
PID: 1612 (1172) C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
PID: 1628 (1172) C:\Program Files\CallWave\IAM.exe
PID: 1644 (1172) C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
PID: 1664 ( 540) C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
PID: 1776 ( 540) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PID: 1796 ( 540) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PID: 1884 ( 540) C:\WINDOWS\System32\svchost.exe
PID: 1908 ( 540) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PID: 1980 ( 540) wdfmgr.exe
PID: 2064 ( 836) C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
PID: 2584 (1172) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PID: 2724 ( 540) alg.exe
PID: 3484 (3972) C:\Program Files\Outlook Express\msimn.exe
PID: 3972 (1172) C:\Program Files\Internet Explorer\iexplore.exe


--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 8/14/2005 10:21:52 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
  C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
  http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
  http://groups.msn.com/SupportforChronicPain
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
  %SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
  http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
  http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
  http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
  http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
  http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
  http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

You probably already know this, but it's the top 3 items which are the threats that were found.  And I just wanted to know what they are before I "Fix" them.  Thanks very much  :)

427
Analysis and Malware Removal / Spybot S&D Threat Descriptions?
« on: August 15, 2005, 12:05:07 AM »
Hi Friends,
My recent Spybot S&D scan turned up a threat called LSA.  But there's no information about it in the info area of the scan window.  I went to the Spybot S&D website (safer-networking.net or something close to that), where I found a Threat search page.  But when I enter LSA, no results are found.  I've also posted this same request in the Spybot S&D forums (net-integration.net or something close to that).  But looks like that board is moving slow, on this Sunday...maybe they all are???  Anyway, thought I'd see if anyone's online, here.  Here are my questions:

Can someone tell me where to look up the threat info for the LSA?  Or maybe just link me to it?

Thanks very much :-)
(ps -- I'll post when I find the info, one way or another, so you don't worry you might be wasting time by answering ;-)

Pages: 1 ... 27 28 [29]