JackCam614
Premium
join:2000-08-24
New Hyde Park, NY
|  SpyBot S&D Scan result...
Would I be safe in letting S&D remove this registry key?
Possible False Positive?...
Please advise.
TIA | |
|
 |
 | JackCam614
Premium
join:2000-08-24
New Hyde Park, NY
| Re: SpyBot S&D Scan result... Hey koma3504,
Thanks for the reply. (The first, and extremely thorough to boot) 
I'll run those online scans you suggested. I think I will do so prior to deleting it. I'm curious to determine if it is a false positive. My search prior to posting indicates it should be a 'Browser Hijacker' or 'Browser Redirect'. My IE7 has exhibited no such behavior.
I have to take care of a business commitment first, but I'll get to it ASAP and get back to you.
Thanks again for the assistance.
Jack | |
|
| JackCam614
Premium
join:2000-08-24
New Hyde Park, NY
| Hey koma3504,
I ran full scans of ewido and Kaspersky online scanners and came up clean.
More info to Calamity Jane for analysis as posted above.
Thanks NanDog for the link. At least I'm not alone.
Jack | |
|
| | 
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
1 edit | Re: SpyBot S&D Scan result... Darn! That sure isn't much to go on. Let me see if I can find any TeamSpybot member to take a look.
If it is a FP they would want to know.
{And I know you keep your PC clean, so I kinda think it might be if nothing else is finding it} 
--
It takes a disaster to make a woman out of a femaleMicrosoft MVP/Windows Security 2003-2007Proud Member of ASAP (Alliance of Security Analysis Professionals) | |
|
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
1 edit | That isn't enough information to determine whether it is or isn't a false or true detection. I rather doubt it is real if your machine has been clean up until the update and nothing else was found. If was really coolwebsearch you would likely have a LOT more found than that one item in the registry.
Could you right click on it and copy the results (not the full report) to clipboard so we can see exactly what is being found.
--
It takes a disaster to make a woman out of a femaleMicrosoft MVP/Windows Security 2003-2007Proud Member of ASAP (Alliance of Security Analysis Professionals) | |
|
| JackCam614
Premium
join:2000-08-24
New Hyde Park, NY
| Re: SpyBot S&D Scan result... Hey CalamityJane,
Results from clipboard----->
CoolWWWSearch.GonnaSearch: User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Classes\CLSID
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-06-04 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-11-17 Includes\Cookies.sbi (*)
2006-10-13 Includes\Dialer.sbi (*)
2006-11-17 Includes\DialerC.sbi (*)
2006-11-03 Includes\Hijackers.sbi (*)
2006-11-17 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2006-11-17 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-10-13 Includes\Malware.sbi (*)
2006-11-17 Includes\MalwareC.sbi (*)
2006-10-20 Includes\PUPS.sbi (*)
2006-11-17 Includes\PUPSC.sbi (*)
2006-11-17 Includes\Revision.sbi (*)
2006-10-13 Includes\Security.sbi (*)
2006-11-17 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi (*)
2006-11-17 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-11-17 Includes\Trojans.sbi (*)
2006-11-17 Includes\TrojansC.sbi (*)
I hope I did this correctly, and this is what you were looking for? I've not used this feature prior to this.
Thanks for the help,
Jack | |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| Jack, could you open Spybot, in the Advanced user mode,
choose *tools* then
*view report*
Choose *previous report* (unless you still have the current one open)
Then choose the one that says SpybotSD.results.txt
Copy that back here please:
--
It takes a disaster to make a woman out of a femaleMicrosoft MVP/Windows Security 2003-2007Proud Member of ASAP (Alliance of Security Analysis Professionals) | |
|
| JackCam614
Premium
join:2000-08-24
New Hyde Park, NY
| Re: SpyBot S&D Scan result... Jane,
I have a new scan open. I'm in the Advanced user mode>tools>view report. I am unable to find your requested "SpybotSD.results.txt".
Appreciate your patience with me. 
Jack | |
|
| | 
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire | Re: SpyBot S&D Scan result... What happens when you click View report button?
Cudni | |
|
| | | JackCam614
Premium
join:2000-08-24
New Hyde Park, NY
| Re: SpyBot S&D Scan result... said by Cudni  :What happens when you click View report button? Cudni Cudni,
I get a "Full Report" that is very extensive. Methinks to big to post? 3.2/MBs to be exact. I've got it, but I doubt if I should try and post it?
Jack | |
|
| | | |
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire | Re: SpyBot S&D Scan result... try deselecting everything except Include results of last check and Startup list
Cudni | |
|
| | | | | JackCam614
Premium
join:2000-08-24
New Hyde Park, NY
| Re: SpyBot S&D Scan result... said by Cudni :try deselecting everything except Include results of last check and Startup list Cudni Cudni,
Thanks. Here ya go.
Jack | |
|
| | | | | | 
tashi
Premium
join:2005-03-14
| Re: SpyBot S&D Scan result... Hello
This may be false positive.
[*]Close all browsers
[*]Open SpyBot
[*]Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except
[*]Uncheck[ ] do not report disabled or known legitimate Items.
[*]Uncheck[ ] Include a list of services in report.
[*]Uncheck[ ] Include uninstall list in report.
[*]Uncheck[ ] Include list of Winsock LSPs in report
[*]Now select (near the top) view report.
[*]Click export and in the 'save in' box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and post that report.
It may take more than one post.
Regards.
tashi
Team Spybot | |
|
| | | | | | | JackCam614
Premium
join:2000-08-24
New Hyde Park, NY | Re: SpyBot S&D Scan result... Hello tashi1,
Sorry for the delay. We 'cross posted', and I didn't see your post until my return. I'll follow your directions and post back ASAP.
Jack | |
|
| | | | | | | JackCam614
Premium
join:2000-08-24
New Hyde Park, NY
| Hello tashi1,
As per your request:
Regards,
Jack | |
|
| | | | | | | | |
| | | | | | | | | JackCam614
Premium
join:2000-08-24
New Hyde Park, NY
| Re: SpyBot S&D Scan result... Hello LonnyRjones,
You're very welcome. I'll keep an eye on that thread.
Jack | |
|
| |
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| Ok, hit *view Previous report* at the top and then you should get a choice of logs to pick from.
Choose *Spybot.results.txt* | |
|
| | | JackCam614
Premium
join:2000-08-24
New Hyde Park, NY
| Re: SpyBot S&D Scan result... Jane,
I had tried that. I'm not seeing what you are?
Jack | |
|
| | | |
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| Re: SpyBot S&D Scan result... Rats! Where, oh, where is Bubba when I need him here?
Running a scan again to see why you don't have that one. | |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL | Hang on Jack! I've requested a few Spybot experts - we're not getting the reports/info we need here. And thanks for YOUR patience | |
|
| JackCam614
Premium
join:2000-08-24
New Hyde Park, NY | Re: SpyBot S&D Scan result... Jane,
Will do. I'll be poppin in and out, have some work to take care of. Be back shortly.
And Thanks Again, Jane.
Jack | |
|
|
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire | Re: SpyBot S&D Scan result... what if it wasn't anything to do with CoolWWW but rather it was identified in error and on deletion something breaks?
Cudni | |
|
| | JackCam614
Premium
join:2000-08-24
New Hyde Park, NY | Re: SpyBot S&D Scan result... What Cudni said.
Jack | |
|
tyscoj
join:2002-06-17
Fort Pierce, FL | Then do a system restore...or let S&D restore the last fix for you?!
I'm in the same boat, anything that S&D finds gets deleted...never had a problem either! | |
|
Window Man
join:2002-06-11
Hayward, CA | I have always deleted anything from coolwww and never had any problems | |
|
| JackCam614
Premium
join:2000-08-24
New Hyde Park, NY
| Re: SpyBot S&D Scan result... said by Window Man :I have always deleted anything from coolwww and never had any problems Hey Window Man, tyscoj, and cork1958....
I addition to being in agreement with Cudni, I'm also just trying to be a good 'netizen'.
CalamityJane said....
"...Darn! That sure isn't much to go on. Let me see if I can find any TeamSpybot member to take a look.
If it is a FP they would want to know."
If TeamSpybot were not interested, they would not have sent 2 members over here to check this out.
Regards,
Jack | |
|
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| Yesterday, when I read this thread, I didn't know there were new definitions so I went and got them and did a scan. No problems. But Spybot used between 65-100% of CPU for 30 minutes while scanning!  I couldn't really use my computer during the scan. That hasn't been the case in the past with Spybot. What is going on with them?
It sounds to me like you have a FP but I would, like you, want to know before I acted. System Restore doesn't always work nor does restore from Spybot ....better be prudent from the get-go.
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"
»www.msfirefox.com/ | |
|
|
See 20 replies to this post |
|
Swoop0
join:2005-11-20
Colchester, VT
| Don't know why all the thought behind this thread is. All spyware/adaware/anti-virus programs will not find the same things. Here is some general info on this malware you have. »www.pcanswers.co.uk/tips/default···onid=616 Some are not kept updated, some are good, and some are excellent. This particular coolwebsearch is just junk. DELETE IT with Spybot if it will in fact delete it. If not do a google search and find a specific proggie that will get rid of it. Here's a list from Spybot of what they have targeted. See anything familiar?
here is the list of hijackers from spybot S&D:
"// 322 products on list:
180Search.Solutions
2020Search
7FaSSt
ActualNames.AdvSearch
AdGoblin
Adpowerzone
AdRoar.Cpr
AdsStore
Adtomi.YahooStocks
AdultLinks.QaBar
AdultLinks.QcBar
AdultStore
Adware.Syslibie
Agent-BR2
Agobot
AllCyberSearch
Allwebsearcher
Anal-Oral.WinMain
ATLEvents.ATLEvents
Avenue A, Inc.
BDHelper
BeateUhse
BestHomepage
Bestsearch.Scvhost
BestTo
olBars
BlazeFind.Bridge
BlazeFind.SearchBarCash
BlazeFind.SearchEnhancer.ISTbar
Blazefind.SearchRelevancy
BrowserAid.INetP
C2.lop
Celebrita
ClearSearch.Net
CleverIEHooker.Jeired
CNetAdd
CnsMin
CnsMin.EasyService
CnsMin.mm
CommanderNet
CoolWWWSearch
CoolWWWSearch.008k
CoolWWWSearch.Aboutblank
CoolWWWSearch.Addclass
CoolWWWSearch.Aff.Iedll
CoolWWWSearch.Aff.Madfinder
CoolWWWSearch.Aff.Winshow
CoolWWWSearch.Alfasearch
CoolWWWSearch.AllCyberSearch
CoolWWWSearch.BadZoneMap
CoolWWWSearch.BlowSearch
CoolWWWSearch.Bootconf
CoolWWWSearch.Botnet
CoolWWWSearch.CameUp
CoolWWWSearch.Control
CoolWWWSearch.Ctfmon32
CoolWWWSearch.Datanotary
CoolWWWSearch.Dnsrelay
CoolWWWSearch.Dreplace
CoolWWWSearch.Feat2DLL
CoolWWWSearch.Feat2Installer
CoolWWWSearch.Feat2Installer.ADS
CoolWWWSearch.Gonnasearch
CoolWWWSearch.Googlems
CoolWWWSearch.HomeSearch
CoolWWWSearch.HTMLEdit
CoolWWWSearch.ICOO Loader
CoolWWWSearch.IEFeatInst
CoolWWWSearch.IEFeatSL
CoolWWWSearch.Leftovers
CoolWWWSearch.Loadbat
CoolWWWSearch.Msconfd
CoolWWWSearch.Msconfig
CoolWWWSearch.mshp
CoolWWWSearch.Msinfo
CoolWWWSearch.Msoffice
CoolWWWSearch.Msspi
CoolWWWSearch.Mupdate
CoolWWWSearch.Oemsyspnp
CoolWWWSearch.OleHelp
CoolWWWSearch.Oslogo
CoolWWWSearch.PopupBlocker
CoolWWWSearch.Qttasks
CoolWWWSearch.SearchHook
CoolWWWSearch.SearchKlick
CoolWWWSearch.Service
CoolWWWSearch.SlawSearch
CoolWWWSearch.SmallM
CoolWWWSearch.Smartfinder
CoolWWWSearch.SmartSearch
CoolWWWSearch.SmartSearch-Gal
CoolWWWSearch.Svchost32
CoolWWWSearch.Svcinit
CoolWWWSearch.SVCPack
CoolWWWSearch.Tapicfg
CoolWWWSearch.TheRealSearch
CoolWWWSearch.Toolband
CoolWWWSearch.ToonComics
CoolWWWSearch.Vrape
CoolWWWSearch.WCADW
CoolWWWSearch.WinProc32
CoolWWWSearch.WinRes
CoolWWWSearch.WinSearch
CoolWWWSearch.Xmlmimefilter
CoolWWWSearch.Xplugin
CoolWWWSearch.XPlugin
CoolWWWSearch.Xxxvideo
CoolWWWSearch.Yexe
CoolWWWSearch.Zonealarm
Cool-XXX
Copiloto
Crackspider
CyberSearch
Da Hang Ji Ye
DailyToolbar
DaRu.Revolto
DatingSearch
DesktopSearch
DeskwareSearchAddon
DotcomToolbar.LinkSummary
Duolaimi
Dynamic Desktop Media
eStart
eUniverse.IncrediFind
eUniverse.SearchBar
eUniverse.UpdMgr
E-Ventures N.V.
Evirgola
eXact Advertising.BargainsBuddy
ExPup
EZ-Searching
FastFinder BHO
FastSeeker
FCB
Ferret
Fizzlebar
Flashtrack Flashenhancer
FreeHQMovies
FreeScratchAndWin
FunWebProducts
German Porn Hijack
GIGAsearch
GlobalWebSearch
GoCyberSearch
GrandVirtualCasinoLoader
Grokster.Install
Grokster.Mayan
GTDownloader
Gwtbob
Hastalavista
HotAndSexy
HotsearchBar
Hyperlinker
IAGold
IEMonit.Adult
IEPlugin.Search
Iesar
IGetNet
IGetNet.ClearSearch
I-Lookup
I-Lookup.abeb
I-Lookup.GWS
I-Lookup.SpiderSearch
I-Lookup.Windec
Inet Delivery
ISearchTech.CSearch
ISearchTech.Glophone
ISearchTech.ISTbar
ISearchTech.ISTsvc
ISearchTech.Netscape Plugin
ISearchTech.PowerScan
ISearchTech.Qidion
ISearchTech.SideFind
ISearchTech.Slotch
iSearchToolbar
IStartHere
IVolti
Iwantsearch
Jethomepage
KEXplorer
LoadFonts
LoadHTML.BHOPopup
Lolita4All
Look2Me.BM2
LookThru
LoudMarketing.WinFavorites
Lycos.SideSearch
MafiaPics
MarketDart
Masterbar
Matrix
Matrix Technology Network.Search Engine
MBKW-Bar
Media Access
MediaLoads
MediaTickets
Mirar
Moncher
MoneyGainer
MSInfoSys
MSN Messenger Polygamy
MTC.MakeMeSearch.com
MT-Dials
Munga_Bunga
Muul.SiteHistory
MySoft
MyToolBar
MyTotalSearchBar
Naupoint
NavExcel Websearch
NavFailure
Network Essentials.Search-Exe
Network Essentials.WindowEnhancer
NetzAny
Newspopupper
OnlyVirgins.Reg32
Outwar
PassThisOn
PlanColumbia
PlugInAccessPorn
Popmonster
PopMonster
Porn Hijacker
Possible hijacker
PowerSearch
PrimeSoft.SafeSearch
PrizeSurfer.RSync
Process Guard Killer 2
Prolivation
ProWeb
QHosts
RapidBlaster
RapidBlaster.LiveGirls
RedSheriff
RegistryOptimizer
Roar
RocketSearch
Roings
RSLocal
SafeguardProtect.Veevo
Scheo.com
Search4All
SearchAccurate
SearchALot
SearchAndBrowse
SearchAndClick
SearchBy
SearchCentrix
SearchDotCom
SearchEx
SearchForge
SearchForIt
Searchingall
SearchLocate/SideBar
SearchOMatic
Search-System
SearchV.WinShow
SearchWWW.IEToolbar
SearchXL
SecondPower
Secret-Crush
SeekSeek
SexArena
SexBeastsDoItOnline
SexOcean
Sexy
ShareDocs
ShopAtHome
ShopNav
Shorty-BHO
Simplenter
SmileyWorld
Special Offers Network
SpeedPhrase
Spex
StartPage.IG.
StartSurfing
Stickypops.com
SubSearch
Superlogy.com
SuperSexPass
SuperSpider
SurferBar
System1060
Tango
TargetSearch
Teenshowering
Teenslook
TinyBar.A
TinyBar.C
TinyBar.Generic
TLIEFlash
TNS-Search
ToolbarCC
TopSearcher
TV Media
TX4.BrowserAd
UCSearch.ArmBender
UnderageHost
Unosearch
Virtual Grub
VisiCom.SearchCentric
W3adv
WebAssist.MyFreeInternetUpdate
WebEntrance
WebRebates.TopRebates
WebResponseAttachments
WhazIt
Wild Media
WindowsIE
Windowssearch
WinEssential.Jraun.Kanhaiya
Winsecure
WonWebLauncherControl
Wow Access
xshanghai.com
Xupiter
Xupiter.BrowserWise
Xupiter.OrbitExplorer
Xupiter.Sqwire
XXSWare Inc.
XXXToolbar.com
Zoo" | |
|
|
JackCam614
Premium
join:2000-08-24
New Hyde Park, NY | SpyBot Updated 2006-11-24. False Positive Fixed.
Thanks Team Spybot.
Jack | |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| I posted again Tuesday morning and thought I wrote a nice post. I did get a reply finally which I just read and replied to.
I'm not keeping Spybot as I am convinced something is wrong and I see no reason to put such a load on my computer for over 30 minutes especially seeing that one CPU is taxed a lot more than the other and that the kernel access is so high during the scan. But that team member who replied tried to tell me that the small increase in scan times that he has seen is the same as the huge increase I have seen. He ignored my questions about the heavy kernel access and one CPU being accessed much more than the other during the scan. Maybe that is normal but I sure doubt it and he could have alleviated my concern if that activity is normal but he didn't.
He also said that something must have changed in my system. Not true. He also intimated that the longer scan times are because I have more files. I actually have 5GB MORE SPACE now because I uninstalled MS Office Beta and Vista beta that I never tried but did download when it first was made available. I ran another scan after I uninstalled those programs and the scan was still at 30 minutes.
He also criticized me for waiting so long to report this and then being "impatient". Gee...I wasn't sure I had a problem until these last definitions! He was rude to me.
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"
»www.msfirefox.com/ | |
|
|
See 22 replies to this post |
|
claudeo
join:2000-02-23
Redmond, WA
| There is a simple way to delete the temporary internet files and the infamous .dat file without running into the "file in use" problem, as long as you know where to look for those files and you are careful enough not to delete stuff that should not be deleted. You just need to have two accounts with administrator privileges defined on the system. As admin, you can go into the local settings for another user and delete anything you want. Just don't try this with fast user switching (even if your configuration allows fast switching), because you need to actually be logged off as a user in order for another user with admin rights to be able to clean up your mess. | |
|
| JackCam614
Premium
join:2000-08-24
New Hyde Park, NY | Re: SpyBot S&D Scan result... Hey claudeo,
Thanks for your input. Good info.
Jack | |
|
|
|
|
·
·
·