Spyware

It's just a cookie which is no big deal. I'm surprised that Panda still found it after you ran Ewido. Or did you run Ewido after running Panda.

 

You're welcome. You should look at your Ewido log if you have it because I'm sure I have seen Ewido remove this cookie during scans. The log from Ewido normally would have a line similar to below:

C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup

 

You're welcome! Is your version of Ewido current and does it have the current reference list?

 

Strange! That line I gave in message # 4 was right out of a real Ewido log which showed that it found this cookie and removed it.

 

Spy Sweeper is at the top of our list of programs to use but you must pay for it to keep it updated. This is recommended. Don't drive yourself crazy with miscellaneous components of malware being found. There are probably 20 to 30 different valids tools you can run and each will more than likely pickup items not found by the others. In many cases, items that are being found can just be stray benign registry keys or some files that relate to the malware but are actually not really a problem since they are not the ones that cause the malware to become active or allow it to spread.

 

No problem! Surf safely!

 

Those are due to a Wareout infection! Follow the steps below.

Look in Add/Remove programs for UnSpyPC and uninstall if found.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

• Save it to your desktop and then run it by double clicking on it. It creates a folder named c:\fixwareout.
• Click Next, then Install.
• Then make sure Run fixit is checked (this runs C:\fixwareout\fixit.bat). And then click Finish.
• The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so.
• Your system may take longer than usual to load; this is normal.
• When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items if they still exist:

O17 - HKLM\System\CCS\Services\Tcpip\..\{3E6E6310-FACE-4AA8-96E3-A4ECE40F6D5E}: NameServer = 85.255.116.101,85.255.112.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{89774BE4-D37E-49AF-8042-5FE607DBED65}: NameServer = 85.255.116.101,85.255.112.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{975B6B0C-30AC-4A42-B7CA-444E5A5D9048}: NameServer = 85.255.116.101,85.255.112.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{CACE4C17-FB25-4A5F-8C1E-6A9A84C37CFF}: NameServer = 85.255.116.101,85.255.112.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC038B97-C0E0-4F98-AD6A-363B8BF5AD36}: NameServer = 85.255.116.101,85.255.112.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9017B64-E093-4BD5-B700-A95D1EFA9923}: NameServer = 85.255.116.101,85.255.112.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA9FC384-05D9-47EA-AFB5-D6A4847560B6}: NameServer = 85.255.116.101,85.255.112.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAE0B26D-39EE-4FD9-8D1F-0FF2F9348B3D}: NameServer = 85.255.116.101,85.255.112.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE3D5E22-4671-442F-8D0C-EE0DD81CD406}: NameServer = 85.255.116.101,85.255.112.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7B4FC76-0249-43BF-AB67-9017E7E5327C}: NameServer = 85.255.116.101,85.255.112.168

After clicking Fix Checked, close HijackThis, and click OK to proceed.

At the end of the fix, reboot into safe mode and use Windows Explorer to double check for the below files and delete if found:
C:\Program Files\UnSpyPC <--- delete the whole folder if found

Now reboot into normal mode and please attach the contents of the logfile C:\fixwareout\report.txt

There could be additional cleanup to do from Wareout and it the log will let us know.

Also attach a new HijackThis log.

 

Okay! Your clean now. Is everything working OK!

If so, make sure you have completed the steps in the below:

How to Protect yourself from malware!

 

You're welcome!