Xoft Alert

Hi all (again)!

I did all the things (every single one) as suggested in detect spyware etc thread. Everything comes back as negative. The only thing that worries me is that the programme called xoft spy still finds the trojan AdminCash. Problem being is that it does not fix the problem unless you purchase their software, which I can ill afford at the moment. I suppose my question is, can I delete this manually and how come NONE of the other programmes (ie all the ones suggested) have not picked up on that one? Should I just ignore their log? Here is the whole run down on what xoft have found:

Trojan AdminCash; Registry Key; Trojan; SOFTWARE\Microsoft\ActiveSetup\InstalledComponents\{08B0E5CO-4FCB-11CF-AAA5-00401C608500

Any suggestions?

Thanks

 

This could be a False Positive . . . . I'm not a big fan of Xoft Spy. There are better tools out there. Did you scan with Microsoft Windows Anti-Spyware? The reason I ask is that the particular baddie you mention is related (I think) to the recent isrvs nasty that has been floating around. M$ Anti-Spy should catch it - Be sure to Internet Update the definitions first and then run it in Safe Mode 2 times!!

Try that and then send us a HijackThis Log. Please be sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.99.1) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis ! Should you need a Fresh Download of HJT, get it HERE: HijackThis v1.99.1

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

PP

 

I hope I have done everything as instructed. I have run Microsoft Windows AntiSpyware twice in safe mode with nothing detected. I then ran hijack this, with the log attached (I hope).

 

Hi lilmissnumpty,

You should extract HijackThis to its own safe folder - C:\Program Files\HijackThis - This is VERY important, should you need to use HJT!

That said, I do not see anything particularly evil in your HJT log. There are a few very minor issues that would probably land in the realm of "Personal Preference," but nothing that would be cause for alarm.

If you so desire, you could probably use regedit to remove that nagging registry entry.

PP

 

My apologies for doing this wrong. I am not very good with the workings of pcs. Thank you very much for analysing the log for me. You mentioned a few minor issues and a registry entry. Could you please tell me how to do it and sort it all out? Or do you reckon it can be safely ignored?

Thank you very much for all your time. It is greatly appreciated.

 

Actually, it really is not too bad! A bit busy with lots of stuff running, but not bad. Some people might take issue with http://www.dell.co.uk/myway, but I don't think it's a big deal.

The registry entry I refer to is the one getting flagged by your scanner:
SOFTWARE\Microsoft\ActiveSetup\InstalledComponents\{08B0E5CO-4FCB-11CF-AAA5-00401C608500}

If it really bothers you, you can remove it via regedit.

PP