JackCam614
Premium
join:2000-08-24
New Hyde Park, NY
|  SpyBot S&D Scan result...
After installing the latest update, my scan showed this problem. I ran my resident Anti-Virus, PcCillin and CW-Shredder and both came up clean.
Would I be safe in letting S&D remove this registry key?
Possible False Positive?...
Please advise.
TIA |
|
koma3504
Advocate
Premium
join:2004-06-22
North Richland Hills, TX
| Delete it
Can't believe out of 15 viewers im the first to comment.
and to be on the safe side.
Run these
»www.housecall.trendmicro.com
»www.ewido.net/en/onlinescan
»www.bitdefender.com/scan8/ie.html
»usa.kaspersky.com/services/free-···nner.php
--
† Koma †
If YOu Don't Think It's Possable!! It's Acually A Reality!! The best way to predict the future is to invent it. Alan Kay!!
Ya Don't Know The signal Till Ya Ride It!!
Voice Break's There's Trouble!! |
|
JackCam614
Premium
join:2000-08-24
New Hyde Park, NY
| Hey koma3504,
Thanks for the reply. (The first, and extremely thorough to boot) 
I'll run those online scans you suggested. I think I will do so prior to deleting it. I'm curious to determine if it is a false positive. My search prior to posting indicates it should be a 'Browser Hijacker' or 'Browser Redirect'. My IE7 has exhibited no such behavior.
I have to take care of a business commitment first, but I'll get to it ASAP and get back to you.
Thanks again for the assistance.
Jack |
|
NanDog
The Pup Was Female, I'M Not
Premium
join:2003-12-28
Tacoma, WA
 ·Rainier Connect fr..
| reply to JackCam614
There's also a thread 'bout this over at Castle Cops (but no definite answer as whether it's a FP or not):
»www.castlecops.com/t172247-Spybo···rch.html
--
See ya across the Rainbow Bridge, my good and faithful friend! |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
1 edit | reply to JackCam614
That isn't enough information to determine whether it is or isn't a false or true detection. I rather doubt it is real if your machine has been clean up until the update and nothing else was found. If was really coolwebsearch you would likely have a LOT more found than that one item in the registry.
Could you right click on it and copy the results (not the full report) to clipboard so we can see exactly what is being found.
--
It takes a disaster to make a woman out of a femaleMicrosoft MVP/Windows Security 2003-2007Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
JackCam614
Premium
join:2000-08-24
New Hyde Park, NY
| Hey CalamityJane,
Results from clipboard----->
CoolWWWSearch.GonnaSearch: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Classes\CLSID
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-06-04 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-11-17 Includes\Cookies.sbi (*)
2006-10-13 Includes\Dialer.sbi (*)
2006-11-17 Includes\DialerC.sbi (*)
2006-11-03 Includes\Hijackers.sbi (*)
2006-11-17 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2006-11-17 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-10-13 Includes\Malware.sbi (*)
2006-11-17 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-11-17 Includes\PUPSC.sbi (*)
2006-11-17 Includes\Revision.sbi (*)
2006-10-13 Includes\Security.sbi (*)
2006-11-17 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-11-17 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-11-17 Includes\Trojans.sbi (*)
2006-11-17 Includes\TrojansC.sbi (*)
I hope I did this correctly, and this is what you were looking for? I've not used this feature prior to this.
Thanks for the help,
Jack |
|
JackCam614
Premium
join:2000-08-24
New Hyde Park, NY
| reply to koma3504
Hey koma3504,
I ran full scans of ewido and Kaspersky online scanners and came up clean.
More info to Calamity Jane for analysis as posted above.
Thanks NanDog for the link. At least I'm not alone.
Jack |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
1 edit | Darn! That sure isn't much to go on. Let me see if I can find any TeamSpybot member to take a look.
If it is a FP they would want to know.
{And I know you keep your PC clean, so I kinda think it might be if nothing else is finding it} 
--
It takes a disaster to make a woman out of a femaleMicrosoft MVP/Windows Security 2003-2007Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| reply to JackCam614
Jack, could you open Spybot, in the Advanced user mode,
choose *tools* then
*view report*
Choose *previous report* (unless you still have the current one open)
Then choose the one that says SpybotSD.results.txt
Copy that back here please:
--
It takes a disaster to make a woman out of a femaleMicrosoft MVP/Windows Security 2003-2007Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
JackCam614
Premium
join:2000-08-24
New Hyde Park, NY
| Jane,
I have a new scan open. I'm in the Advanced user mode>tools>view report. I am unable to find your requested "SpybotSD.results.txt".
Appreciate your patience with me. 
Jack |
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire | What happens when you click View report button?
Cudni |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| reply to JackCam614
Ok, hit *view Previous report* at the top and then you should get a choice of logs to pick from.
Choose *Spybot.results.txt* |
|
JackCam614
Premium
join:2000-08-24
New Hyde Park, NY
| Jane,
I had tried that. I'm not seeing what you are?
Jack |
|
JackCam614
Premium
join:2000-08-24
New Hyde Park, NY
| reply to Cudni
said by Cudni  :What happens when you click View report button? Cudni Cudni,
I get a "Full Report" that is very extensive. Methinks to big to post? 3.2/MBs to be exact. I've got it, but I doubt if I should try and post it?
Jack |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| reply to JackCam614
Rats! Where, oh, where is Bubba when I need him here?
Running a scan again to see why you don't have that one. |
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire | reply to JackCam614
try deselecting everything except Include results of last check and Startup list
Cudni |
|
JackCam614
Premium
join:2000-08-24
New Hyde Park, NY
| said by Cudni :try deselecting everything except Include results of last check and Startup list Cudni Cudni,
Thanks. Here ya go.
Jack |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL | reply to JackCam614
Hang on Jack! I've requested a few Spybot experts - we're not getting the reports/info we need here. And thanks for YOUR patience |
|
tashi
Premium
join:2005-03-14
| reply to JackCam614
Hello
This may be false positive.
[*]Close all browsers
[*]Open SpyBot
[*]Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except
[*]Uncheck[ ] do not report disabled or known legitimate Items.
[*]Uncheck[ ] Include a list of services in report.
[*]Uncheck[ ] Include uninstall list in report.
[*]Uncheck[ ] Include list of Winsock LSPs in report
[*]Now select (near the top) view report.
[*]Click export and in the 'save in' box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and post that report.
It may take more than one post.
Regards.
tashi
Team Spybot |
|
JackCam614
Premium
join:2000-08-24
New Hyde Park, NY | reply to CalamityJane
Jane,
Will do. I'll be poppin in and out, have some work to take care of. Be back shortly.
And Thanks Again, Jane.
Jack |
|
