Spybot finds Registry keys on scan...delete???

[97tbird]

Spybot finds these on my wife's laptop...
are these safe to delete? what are they anyway?

XP pro sp3 Thinkpad

I also noticed that the status bar on the bottom of spybot shows scanning: virtumonde.dll
does that mean that her laptop has it? or is it spybot scanning FOR it?

http://en.wikipedia.org/wiki/Vundo_trojan
is this something dangerous? what is the best way to get rid of this?

 

[aquariuscsm]

Yep,spyware. Get rid of it. Anything called "toolbar","couponbar",etc is just adware/spyware. Worthless [censored] that`ll slow down your computer.

 

[aquariuscsm]

On a desktop,you can boot up in safe mode,run a search for the said virus/trojan,and delete it. Some viruses/worms/trojans feed off of your operating system,and regenerate every time you boot up in normal mode. On a laptop,not sure if it`s different or not. I`ve never had one.

Once you delete it in safe mode,reboot your computer in normal mode and the virus should be gone.

 

[ToyotaNSaturn]

virtuomonde is a bear to get rid of. Spybot by itself won't rid your system of it. You'll need to Google for more specific directions to clean your system manually.

 

[OVERKILL]

Unless Virtumonde is actually picked up and shows in the main window, it means Spybot didn't find it. What you see at the bottom is what it's looking FOR. As you seemed to surmise.

Delete anything Spybot finds.

 

[97tbird]

Thanks a lot guys.
so even if those are "registry keys", it's ok to delete them, right?

anyone know of Malware bytes software?
I saw it rcommended several times, when I was reading about virtuomonde...
I know I don't have it, like you guys said, but was wondering if I should do a scan with it anyway...

 

[sprintman]

Get CCleaner, a-squared free and SUPERAntiSpyware and scan with those. Spybot is old technology.

 

[ZZman]

The registry is not something to play with unless you or the program you are using knows what it is doing. But most of these programs are usually safe. Once in a while they will give a false positive that may label a safe program file as bad when it is not. Then when you delete or quarantine the file the program will not work. It is always safer to quarantine first and then if things run fine to delete the files.

I agree that SUPERantispyware and A-Squared are ones I like better and both have free versions.

** I have also heard good things about Malwarebytes. http://www.download.com/Malwarebytes-Ant...cdlPid=10878968

 

[ZZman]

Coupon bar I believe is a shopping thing to get coupons and find good deals.

http://couponbar.coupons.com/CBInstall2.asp

I don't know if I would really call it adware or spyware but.....

 

[ZZman]

Status bar at bottom shows all the threats it is scanning for.

Best way to get rid of Vundo infections: Vundofix
http://vundofix.atribune.org/

Best way to get rid of Smitfraud infections: Smitfraud fix or Roguefix
http://www.internetinspiration.co.uk/roguefix.htm
http://siri.geekstogo.com/SmitfraudFix.php

 

[97tbird]

Originally Posted By: sprintman
Get CCleaner, a-squared free and SUPERAntiSpyware and scan with those. Spybot is old technology.


have been using CCleaner and SAS for the last 3 yrs. Thanks.
don't have A^2 free yet...
SAS never found these things that spybot found...that's what surprised me a bit.

 

[97tbird]

wow; this Malware byte thing is not bad: installed it just now, and did quick scan and found some kkrrapp: it removed all of it.

Here's the log:
---------------------------------------------
Scan type: Quick Scan
Objects scanned: 51039
Time elapsed: 3 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dw4 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
---------------------------------------------------------------
NOW; IS IT IN ANYWAY "WRONG" OR OVERKILL TO HAVE A SQUARED FREE AND MALWARE BYTES TOGETHER?
(i ALREADY HAVE CCLEANER, AND SAS, AND SPYBOT)
[color:#3333FF][/color]

 

[OVERKILL]

Originally Posted By: sprintman
Get CCleaner, a-squared free and SUPERAntiSpyware and scan with those. Spybot is old technology.


Spybot is still effective and works fine. There is nothing wrong with the product.

 

[OVERKILL]

Originally Posted By: 97tbird
wow; this Malware byte thing is not bad: installed it just now, and did quick scan and found some kkrrapp: it removed all of it.

Here's the log:
---------------------------------------------
Scan type: Quick Scan
Objects scanned: 51039
Time elapsed: 3 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dw4 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
---------------------------------------------------------------
NOW; IS IT IN ANYWAY "WRONG" OR OVERKILL TO HAVE A SQUARED FREE AND MALWARE BYTES TOGETHER?
(i ALREADY HAVE CCLEANER, AND SAS, AND SPYBOT)
[color:#3333FF][/color]


One question:

Did you actually have the Weather Channel Desktop thing installed intentionally?

 

[97tbird]

yeah at some point I did. I think it's still there..
should I get rid of it?

 

[OVERKILL]

No, but the point is, it's not really "malware" if you installed it.... And I have a hard time picturing The Weather Network deploying software with the intent to be malicious.

So while their program might have something in common with Hotbar... I think there may be a reason Spybot didn't pick it up.

This is sort of the catch-22 of running these programs on your system; sometimes they find things that aren't necessarily bad and it is up to the user to decipher which is the bad and which is not from the list that is presented to them.... Making the wrong, or misinformed choice can often break things.

 

[97tbird]

I forgot to mention:

The spybot scan was from my wife's laptop.
The Malware Bytes scan is from MY laptop.
(the Malware byte scan on WIFE"S laptop didn't pick anything up; but remember that spybot had already deleted the registry key stuff before MWB scan was run)

we BOTH have SAS, it never picked up ANY of the things that SB and MWB picked up, on neither laptop.

 

[sprintman]

Possibly false positive? Also a great idea to have SpywareBlaster running (free) which blocks spyware/malware in realtime.

 

[OVERKILL]

Originally Posted By: sprintman
Possibly false positive? Also a great idea to have SpywareBlaster running (free) which blocks spyware/malware in realtime.


Using Firefox or Opera prevents the (typical) Active-X control-based installers from infecting somebody to begin with. I am not an advocate of having a million "real time" protection programs running in the background when using a better browser and not being an idiot typically works just as well and doesn't bog your system down......

Different strokes for different folks..... Part of the joys of browsing from a Linux box.... No risk.......

 

[97tbird]

yep. have been running SWB for the last 2-3 yrs.

so my full package has always been for the last 2-3 yrs:
SAS
SWB
AVG FREE 8.0 (a/v)
SPYBOT
CCLEANER

and today I added Malware Bytes antimalware.

is this overkill?
if yes, what would you keep? what would you get rid of?