Jump to content


Photo

spybot not fixing a bug


  • Please log in to reply
5 replies to this topic

#1 Song

Song

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 03 June 2004 - 01:23 AM

hi, i need help :D

i used spybot but a bug cannot be fixed. a popo-up window says that i should restart my computer, so the bug can be fixed. but after i restarted my computer, the bug still exists. spybot still can detect the bug, but still cannot fix it. why? :wtf: pls help!

below is my hijackthis log:

Logfile of HijackThis v1.97.7
Scan saved at AM 01:23:00, on 2004/6/3
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\QuickLink Desktop\QuickLink Desktop.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Documents and Settings\chingwan\桌面\HijackThis.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\chingwan\Application Data\Mozilla\Profiles\default\fdly0d5d.slt\prefs.js)
O2 - BHO: (no name) - {8969CBD1-C4F6-470C-9B22-71C7138E724A} - C:\WINDOWS\System32\dbdg.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: UrlTracking.dat
O4 - Startup: lastopen.ini
O4 - Startup: KKman.ini
O4 - Startup: ntuser.pol
O4 - Startup: AD.html
O4 - Global Startup: ntuser.pol
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\Software\..\Telephony: DomainName = ads.iu.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ads.iu.edu

#2 Song

Song

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 03 June 2004 - 01:28 AM

it's me again. just wanna let you know that the bug is :

AE Covert Operation Monitor

i wonder if it is this bug that hijacked my ie browser, so that's why i cannot change my homepage setting.

#3 Song

Song

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 03 June 2004 - 12:47 PM

i downloaded adware but the bug was not detected. however, spyware can find the bug but cannot fix it. what can i do to kill the bug?

#4 Song

Song

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 03 June 2004 - 06:09 PM

i also found another problem. whenever i use spybot, the bug--webdialer--will be found next time i use spybot.

#5 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,305 posts

Posted 03 June 2004 - 09:37 PM

I am not sure what is going on with Spybot, but it can't remove everything that it encounters and this may simply be an example of this....

These items are not normal and I cannot identify them... I suggest using HJT to fix them and we will see if that fixes the problem. If it does not, I suggest downloading the trial version of TrojanHunter (from my links) and see if that will fix it...

Close all windows and browsers, open HJT and mark/fix:

O2 - BHO: (no name) - {8969CBD1-C4F6-470C-9B22-71C7138E724A} - C:\WINDOWS\System32\dbdg.dll
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: UrlTracking.dat
O4 - Startup: lastopen.ini
O4 - Startup: KKman.ini
O4 - Startup: ntuser.pol
O4 - Startup: AD.html
O4 - Global Startup: ntuser.pol

After you finish, please reboot and post a fresh log so we can see how it looks. Please note how thing are working as well....
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#6 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,305 posts

Posted 05 June 2004 - 06:31 AM

I have just been told by HJT's author that these items are due to a glitch in HJT which is getting fixed in the next version... Please DO NOT fix them:

O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: UrlTracking.dat
O4 - Startup: lastopen.ini
O4 - Startup: KKman.ini
O4 - Startup: ntuser.pol
O4 - Startup: AD.html
O4 - Global Startup: ntuser.pol

Sorry for giving you the wrong information before... You can still fix this:

O2 - BHO: (no name) - {8969CBD1-C4F6-470C-9B22-71C7138E724A} - C:\WINDOWS\System32\dbdg.dll

It would also be appropriate to run TrojanHunter and see if it finds anything...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button