Problem with Spybot S & D v1.3

Spybot Search & Destroy version 1.3 keeps finding a "possible extension hijack" in my Registry.
Shows as default command file handler.
It is in HKEY_CLASSES_ROOT\cmdfile\shell\open\command\!="%1"%x.
Registry entry, at the end of that path, only shows (default) Data as ""

It happens around about botcheck 12517/14632. Can't catch the number exactly but it is close to that one. probably 1 or 2 earlier than that number.

It does not appear to be causing any problems in the running of my PC.

I have used "Fix selected problems" in Spybot S&D and it is back again, despite saying that the, <quote>, "1 problems is fixed". Spybot is obviously NOT fixing it.

As well, as I have manually edited my Registry, using regedit, at various times, to delete the entire entry.

After the manual edit I run Spybot again and it is gone.
Get the message <"Congratulations! No Immediate threats were found">.

Just done it again to prove it is gone, according to Spybot.

The next time I run Spybot, it is back again, irrespective of whether I have been on the net or not.

Anyone got any clues on where else it may be hiding?

I have not contacted Spybot creator, yet. That will be the next step if MG can't help.

I run Spybot (latest version, I think), AdAware, CrapCleaner, Cleanup!, Zone Alarm (latest version), Avast (automatically updated), Bazooka, EmpTemp, empty Norton protected files, defrag my C drive using Norton Speed Disk. Norton WinDoctor. Manually delete my index.bat files regularly, as well. I run regcleaner 4.3 and JV-16 Power Tools version 1.3. They don't find it.

I know that some of these will not detect the problem, but have listed them to show that I regularly keep my system as clean as possible. Most of them are run on a daily basis. Usually all of them are run at least twice a week.

I log my daily cleaning efforts in an Excel spreadsheet (keepclean.xls) to remind me what I have run, when and how recent the various updates are.

Specs are:-

Gateway Solo 9300 laptop, W98SE, P2/400, 288mb RAM (maxed out) IE6, AOL UK V7.0, Internal V90 dialup modem, 30gig hard drive and 10 gig hard drive, DVD/CD player internal, optional 120mb and 1.44 mb floppies, plenty of room on hard drives. Mostly irrelevant to the problem.

Here's a challenge. I'm out of ideas. Any ideas, folks? Bazza

 

I no it is of no help to you, but on my Windows 98 system I don't have this entry in my registry. I have a shellex but not a shell under cmdfile.

However, it could be a false positive and there appear to be some nasties out there that you this registry entry, Google search on the registry got these hits:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=Pe_Appix.B
http://hq.mcafeeasap.com/dispVirus.asp?virus_k=100758
http://www.helpmij.info/index.php?option=content&task=view&id=24&Itemid=2

Have you tried other Virus Scanners, e.g., on-line at TrendMicro, etc.?

 

Spybot does not find everything and fix everything, I am learning this through experience. When dealing with Spyware, you will undoubtedly need more than one program.

Download Ad-aware, install and update, don't run it yet.
Do the same for CW Shredder

Than boot into Safe Mode with Networking.

Run Ad-aware, run CW Shredder, even run Spybot once again if you wish.

See how things are from here. If you still have issues, try Hijack This! as well, only not in Safe Mode.

Good luck.

 

Maxwell. thanks for the quick reply. I delete the entire entry from my Registry manually and it still comes back. I haven't tried an on-line scan recently but will give it a go.

Will check out those other links as well. Bazza

====

 

Thanks krazykrl. I run AdAware and update it often as well as lots of other stuff as per my original post. Will run CWS when I log off as it has been a week or so since I last ran it.

Haven't tried HiJackThis for ages but they are all worth a try. Bazza

=====

 

In the CCleaner Thread you posted this:
"... Whenever I have run CC in the past I have never bothered with other than the Windows tab. Reading this post I clicked on Issues and tried to run it. It got through to 81% and stayed there for ages. Eventually I bombed it off. Now I gotta run this when I log off today to find out what is happening. More stuff to run as part of my daily cleanup procedure. bazza"

Have you gotten any further than 81%? Something is wrong somewhere here too.

I was wondering if the "problems" are related in any way?

 

Ethan is what we like to call "inexperienced".

Come back and post when you have actually come face to face with Spyware/Adware issues.

Norton Anti-virus is hardly "all you need". Sometimes we're even better without!

 

Well - let's not be that cruel to wish THAT upon him. All he has to do is READ a bunch of posts for awhile and he'll see... that's all

@Ethan -- WELCOME to Major Geeks. We got some of the best stuff, the best people, and the best advice there is.

 

I need a straitjacket, you need a muzzle. Don't be rude. No one likes a Know-it-all, especially those in here who really do (and I do know I have a long way to go) so lighten up and enjoy life. You and everyone around you will be happier for it.

 

Pegg, Ran CC offline. Got to 81% again, waited longer this time. It finished with acouple of Issues. Nothing significant to my problem, I think. Fixed the 2 Issues. Just impatience on my part (the 81% bit). baz

====

 

No, final release of v1.3, if you remember the "hogging of resources exercise" I did with Spybot. Better update my definitions, though, as the date is 2004-06-16 ( a month old). Baz

====

 

Thanks guys and gals for coming to my defence while I was offline. Newbies (we were all at one time) think we know more than we do (me included). We soon find out via MG, that we are not as smart as we think we are. MG 'ers soon set us straight, normally in a friendly way.

Maybe I am paranoid running the stuff I do as often as I do but it keeps my computer humming along ( as much as a P2, W98 can). I don't wear belt and braces but like more than 1 option to get at the nasties than invade the net. I also make sure the stuff I run doesn't conflict with each other. If they do, one gets the flick. Bazza

 

Halo, thanks mate. Bullyseye. Not all I gotta do is read it over and over until it sinks in and then apply the fix. Don't dare attempt it at 7am in the morning without more study. Bazza

====

 

What? impatience? with a computer? who would have thought?

OK - another lesson learned.

 

Huh? Thank you for the biggest laugh I have had all day

Not to be rude but someone with your obvious lack of experience and common sense should not be posting in a tech help forum, unless it is to ask for help.

 

Agree with Major Attitude

It is usually best to sit back, take a deep breath & try to learn. That is the driving factor behind my membership & participation in the MG message board. This forum is a major source of information & a fantastic learning tool.

Personally, I deeply appreciate the time & effort that the various members undertake for "newbies" such as myself.

Slim

 

Halo, Now 24 hours later. I edited my Registry as per your link's suggestion. Worked like a charm. Simple fix and it's gone. thanks again. Bazza

=====