Continuation of "Spysheriff -Flashing Wallpaper"

When I run Panda it detects and disinfects "secure32". None of my other programs detect "secure32". (Spysweeper, Norton, Spybot, Adaware, Microsoft)

However, "secure32" returns and is detected and disinfected by Panda only.

Another symptom is: Webroot Spysweeper has been selected to turn on automatically with windows. Sometimes the "Load at windows start-up" function is disabled by itself.

Otherwise the computer runs fine.

 

Run the panda scan once more and attach the log.

 

Ok, I believe that I have attached the Panda scan file correctly...

Thank you for your help....

 

Download Pocket KillBox
(Don't run it yet)

Please download HOSTER and then follow the below steps.

• Unzip HOSTER to a convenient folder such as C:\Hoster

• Run Hoster.exe, click Restore Original Hosts and then click OK.

• Click the X to exit the program.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\WINDOWS\system32\ldr408.dll into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

 

I followed your directions. I ran Panda again and attached the log....

 

First, open Spy Sweeper and uncheck the HOSTS file in Shields. After you have unchecked it run HOSTER as previously requested again.

Then delete the directory "C:\!KillBox". Afterwards reboot and run another Panda scan to confirm they are gone.

 

Spysweeper is fixed; it now will automatically start with windows. There seems to be no other functional problems with the computer. However, I ran Panda and "secure32" came back again. I have attached the Panda log.

 

Your HOSTS file is locked by SS, if you didnt purchase Spy Sweeper uninstall it and run HOSTER again. If you did purchase it you must uncheck the HOSTS file shield in order to remove this.

Navigate to the following folder, attach the file HOSTS to your next post as a ZIP file.

C:\WINDOWS\system32\drivers\etc

 

It looks like you nailed it!

Yes, I have a legal copy of WebRoot SpySweeper installed.

It appears that the "Common Ad Sites" shield of Spysweeper loads the host file with references to the local host as a blocking tactic.

I was able to remove the virus indicated by Panda, as you suggested, by disabling the "Common Ad Sites" shield of SpySweeper. As a test, I was able to reverse the process by enabling the "Common Ad Sites Shield".

Presently, I left the "Common Ad Site" shield on. (Zip file of Host attached)

I believe that this OK even though Panda reports the host file as infected?

 

Does it still show in the Panda log?

 

Panda indicates an infection when I activate the "Common Ad Sites Shield" in SpySweeper. (Panda Logfile attached)

Panda shows no infection if I turn off the "Common Ad Shield" in SpySweeper" and run Hoster. Hoster removes all the files with the SpySweeper reference. I also rebooted the computer to make sure the Host file remained the same.

The attached Host file is with the SpySweeper "Common Ads Shield" activated.

 

I don't think the files from the previous note were attached....

I am getting this error when I try to attach the files,"You have already attached this file in thread ". (I even renamed the files) Since it is a small file here they are:

Panda
Adware:adware/secure32 Not disinfected C:\WINDOWS\system32\drivers\etc\hosts

The host file looks like the one I previously attached.

 

Exit Spy Sweeper completely, then run HOSTER as requested in post #4. This will take care of the Panda detection. Spy Sweeper is locking the HOSTS file not allowing anything to be written or modified in any way.

After you exit Spy Sweeper and then run HOSTER it will take care of this Panda detection.

 

Yes, what you said is true. I have already tried this experiment. Turning off Spysweeper unlocks the Host file and allows Hoster to change the file. At this point Panda shows no infections. (Problem solved)

If you look at the present Host file (SpySweeper on) it appears that SpySweeper inserts commonly known Hijacked IP addresses and diverts them to the local host file (127.0.0.1) so that they are ignored. In my uninformed opinion, it appears that Panda is giving a false positive when SpySweeper alters the Host file.

Thanks again for sticking with this. This is a very informative site; I've learned a lot reading the sticky's. You guys are doing a great service....

 

What version of Spy Sweeper do you have? Spy Sweeper does not alter the HOSTS file, it protects it from being modified in any way. Under the HOSTS file shield, you should only have "Hosts File Shiled" enabled, nothing else.

 

I have version 4.5.7 (Build 656)

Under the heading of Host File Shield in Spysweeper. I have 3 boxes to check, (i) Common Ads Shield, (ii) Hosts File Shield, and (iii) Edit Hosts File. The box (ii) Common Ads Shield is the culprit. When this box is checked, Panda shows an infection in the Host file.

 

Ok, it sounds like I'm all set.

Thank you BJ and Chaslang for all of your help and sticking with this.

I'm am now much more knowledgeable on the subject of Spyware.....

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!