Panda identified: Adware:adware/securityerror

Hi,

I have followed the first steps after being unsuccessful using a number of different utilities. (Window Washer, Ace Utilities, Spy Catcher) I suspect I still have malware or at least some fragments. I used AVG Anti-Spyware as I could not run CounterSpy. Spy Catcher had previously removed Spyware Falcon, at least partially I think.

Panda identified: Adware:adware/securityerror - no idea what this is.

Thanks for your help

 

The other logs are:

 

Both ShowNew and GetRunKey are improperly installed. Put them is a folder such as MGTOOLS in teh root directory of your boot drive, i.e. C:\MGTOOLS. Post fresh Shown and GetRunKey logs.

 

I was thinking when I should have been taking direction.
Here are the resulting files after putting the files in c:\MGTools

Thanks,

 

Does anyone have any suggestions?

Thanks

 

Download
- Pocket Killbox

Using Add or Remove Programs in the Control Panel; uninstall the following:

Install Java Runtime Environment (JRE) 6 available from Sun Microsystems.

Install the current version of FireFox from: Mozilla Firefox

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*).

Close Notepad.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

Now Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click Delete Selected Temp Files
Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post fresh logs for the following:
1. ShowNew
2. GetRunKey
3. HijackThis

 

Hi,

I removed apps and installed as requested. FixReg appeared to add the specified keys. HijackThis fixed the line requested. I had no troubles until I attempted to delete files with Pocket Killbox. I followed the entire proceedure at least twice, and I still have

"C:\Documents and Settings\Ivana\Local Settings\Temp\"
fnm5a.tmp Jan 20 2007 9121350 "fnm5A.tmp"
fnm5b.tmp Jan 20 2007 5355000 "fnm5B.tmp"

These files appear after reboot into normal mode. They are NOT there while in safe mode.

C:\Documents and Settings\Ivana\Local Settings\Temp\fnm5B.tmp
C:\Documents and Settings\Ivana\Local Settings\Temp\fnm5A.tmp
C:\Documents and Settings\Ivana\Local Settings\Temp\~DF5B34.tmp
C:\Documents and Settings\Ivana\Local Settings\Temp\jusched.log

At different times I also saw these files in that same directory, which I added to the delete files of Pocket Killbox.

~DF39D3.tmp
~DF5B34.tmp
~DF3DBC.tmp
fnm66.tmp

I've reposted the requested files.
Thanks so much for your support and patience.

 

~DF5B34.tmp these are created by Windows. The ones with the current date can't be deleted, as they are being used by the OS.

I'm more concerned about what program is creating these files: fnm5A.tmp.

Follow the instructions for Using Sophos Anti-Rootkit. Post the Sophos log when finished.

 

This probably isn't good news, the Sophos Anti-Rootkit found nothing. I've attached a copy of the log anyway.

This seems to be proving to be a nasty one.

Thanks

 

Sorry, here's the missing log file:

 

One thing about the install. The last step stated
"Once it finishes copying files, exit the installer" ... it installed without prompting me further. There were no windows to close or anything. There are a total of 17 files in the install directory. This is probably nothing, but I'd rather you tell me that then let it go.

 

OK, after having done some research. It appears that SpyCatcher is creating these files and not deleting the old ones. Your HDD will fill up pretty quickly, if you chose to continue to use SpyCatcher.