False positives with SpyCatcher?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by ScottyM, Jan 26, 2006.

  1. ScottyM

    ScottyM Private E-2

    Hi everyone, I'm new to the forum and am wondering if anyone else is experiencing false positives with SpyCatcher. I have spent the last two day trying to get rid of CW.HomeSearchAssistent and ABetterInternet, After following the instructions on this site to get rid of Malware, I still according to SpyCatcher have the spyware on my computer. I am not seeing any evidence of this but am using Firefox so probable I would not see it anyway. Just wondering what to do next. My hijackthis log file is posted below. Thanks

    Edit by chaslang: Inline log attached
     

    Attached Files:

    Last edited by a moderator: Jan 26, 2006
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    What version of SpyCatcher are you using? Is it a paid version? If not, then why are you using it. Many programs do have issues with false positives. A long of what it is find would be more useful.

    You have not run our all of our cleaning steps which also specify how HJT should be installed and also indicate that no logs should be posted inline.

    You are also running multiple firewalls (Sygate & Zonealarm). You must uninstall one now. Using two software firewalls can cause problems.

    Why do you still have a a toolbar from McAfee when you are using Symantec.
    O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL


    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

    Downloading, Installing, and Running HijackThis

    .
    You have not run our all of our cleaning steps which also specify how HJT should be installed and also indicate that no logs should be posted inline.
     
  3. ScottyM

    ScottyM Private E-2

    Sorry about not getting it right. I'll try to do better next time. I am only running one firewall and only using Norton so I see I already have some items to clean up.
    Thanks
     
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No you are not running one firewall (unless you just uninstalled one now). You log showed the below:

    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

    The first is Sygate's firewall and the second is ZoneLab's ZoneAlarm firewall.

    You forgot to answer my questions about SpyCatcher?
     
  5. ScottyM

    ScottyM Private E-2

    I am using the trial version of spycatcher. I had zone alarm disabled while I was trying Sygate out and forgot to remove it. It is gone now.
    Thanks
     
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    A trial version Spycatcher is probably not worth having around. It will be of no use after the trial period. I would just use the tools we give you here and we should be able to fix your problems.

    Are you working on completing the steps I gave you?
     
    Last edited: Jan 27, 2006
  7. ScottyM

    ScottyM Private E-2

    I have followed all the directions using the "simple" removal of malware and ran scans in safe mode with CCleaner, Microsoft malicious software removal tool, Spybot, Adware and Microsoft Antispyware. Aside from the usual stuff that is picked up by Adware and Spybot nothing was found. I then rebooted and ran a scan with Spycatcher and it popped up with abetterinternet and the CWHome SearchAssistent. Attached is my HiJack file. Thanks for your help.
     
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please read step 6 again! Those logs must be attached and those scans must be run before getting and attaching a HJT log. (Note: you did not attach anything yet).

    Post a log of exactly what SpyCatcher is telling you.
     
  9. ScottyM

    ScottyM Private E-2

    I think I am one of the non-binary people. Here goes another try at attaching the file.
     

    Attached Files:

  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I repeat my previous message:

    You have not completed all of the READ & RUN ME!
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds