Jump to content

MichaW

Members
  • Content Count

    20
  • Joined

  • Last visited

Posts posted by MichaW


  1. You can manually delete this txt file by navigating to C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\XPD8C61E.txt

    Hello,

    i deleted the cookie several times from the above mentioned folder and the recycle bin as well but after having restarted the pc again, this cookie comes back, now with the name "656JPF1H.txt [ /xiti.com ]" and SAS is not able to delete this cookie. There must be any application which brings with this kind of cookie.

    Michael

    EDIT:

    Meanwhile, i found out, where the problem comes from. Several days ago i updated due to security issues IE 10 to IE 11. Now i blocked all cookies within IE 11 and the problem with xiti.com has gone.

    Thank you guys for your assistance and excuse me for my bad english language.


  2. Hi MichaW,

     

    As its a tracking cookie you will have to close down your browser to remove that cookie. Xiti.com is part of a Marketing/Web analyzing company.

     

    Hi,

     

    meanwhile i restarted my pc several times, deleted this ccokie via SAS, but the same cookie always comes up after each restart although i haven't used internet. I have no idea, where this cookie comes from.

     

    Michael


  3. Hello,

     

    above mentioned file is recognized by SAS as Tracking Cookie which cannot be deleted.

     

    Scan report by SAS:

     

    SUPERAntiSpyware Scan Log
    https://www.superantispyware.com

    Generated 11/14/2013 at 05:06 PM

    Application Version : 5.6.1042

    Core Rules Database Version : 10889
    Trace Rules Database Version: 8701

    Scan type       : Quick Scan
    Total Scan Time : 00:00:11

    Operating System Information
    Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC Off - Administrator

    Memory items scanned      : 145
    Memory threats detected   : 0
    Registry items scanned    : 53022
    Registry threats detected : 0
    File items scanned        : 5338
    File threats detected     : 1

    Adware.Tracking Cookie
        C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\XPD8C61E.txt [ /xiti.com ]

     

    Nevertheless, the same file, checked with Virustotal, is only recognized by PANDA and not by SAS.

     

    Scan report by Virustotal:

     

    SHA256: 40ab26aefe7c341e22db5a46beb090f8556cb2b1040d3be6552862cdb7782ac4 Dateiname: XPD8C61E.txt Erkennungsrate: 1 / 45 Analyse-Datum: 2013-11-14 16:08:05 UTC ( vor 1 Minute )
     
    0
     
    0
     
    Antivirus Ergebnis Aktualisierung Agnitum   20131113 AhnLab-V3   20131114 AntiVir   20131114 Antiy-AVL   20131114 Avast   20131114 AVG   20131114 Baidu-International   20131114 BitDefender   20131114 Bkav   20131114 ByteHero   20131111 CAT-QuickHeal   20131114 ClamAV   20131114 Commtouch   20131114 Comodo   20131114 DrWeb   20131114 Emsisoft   20131114 ESET-NOD32   20131114 F-Prot   20131114 F-Secure   20131114 Fortinet   20131114 GData   20131114 Ikarus   20131114 Jiangmin   20131114 K7AntiVirus   20131114 K7GW   20131114 Kaspersky   20131114 Kingsoft   20130829 Malwarebytes   20131114 McAfee   20131114 McAfee-GW-Edition   20131114 Microsoft   None MicroWorld-eScan   20131114 NANO-Antivirus   20131114 Norman   20131114 nProtect   20131114 Panda Cookie/Xiti 20131114 Rising   20131114 Sophos   20131114 SUPERAntiSpyware   20131114 Symantec   20131114 TheHacker   20131114 TotalDefense   20131114 TrendMicro   20131114 TrendMicro-HouseCall   20131114 VBA32   20131114 VIPRE   20131114 ViRobot   20131114

     


     

    XPD8C61E.txt


  4. Hello Michael:

     

    The free version neither automatically updates the definitions nor does it update the program.  These features are available in the Professional version though.

     

    https://www.superantispyware.com/superantispywarefreevspro.html

     

    HTH

     

    Sorry, you are totally right, but the manual update only shows the updated virus definitions but not the programm update itself. And actually the latest version of SAS is 5.6.1040 and i'm still working with 5.6.1032 !

     

    "Automatic Updates check for program and definition updates every 8 hours. Manual Only"

     

    Best regards

     

    Michael


  5. Hello,

    pls check attached registry entries which seem to be F/P's

    Nothing was found by:

    NIS 2011

    MBAM

    A2

    Spyware Terminator

    Spybot

    Windoes Defender

    Virus Total

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BACKITUP.EXE

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BACKITUP.EXE#Debugger

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CDSPEED.EXE

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CDSPEED.EXE#Debugger

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\COVERDES.EXE

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\COVERDES.EXE#Debugger

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRIVESPEED.EXE

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRIVESPEED.EXE#Debugger

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GOOGLEUPDATER.EXE

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GOOGLEUPDATER.EXE#Debugger

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMAGEDRIVE.EXE

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMAGEDRIVE.EXE#Debugger

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INFOTOOL.EXE

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INFOTOOL.EXE#Debugger

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NERO.EXE

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NERO.EXE#Debugger

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NEROHOME.EXE

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NEROHOME.EXE#Debugger

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NEROMEDIAHOME.EXE

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NEROMEDIAHOME.EXE#Debugger

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NEROSCOUTOPTIONS.EXE

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NEROSCOUTOPTIONS.EXE#Debugger

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NEROSTARTSMART.EXE

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NEROSTARTSMART.EXE#Debugger

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NEROVISION.EXE

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NEROVISION.EXE#Debugger

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PHOTOSNAP.EXE

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PHOTOSNAP.EXE#Debugger

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PHOTOSNAPVIEWER.EXE

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PHOTOSNAPVIEWER.EXE#Debugger

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RECODE.EXE

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RECODE.EXE#Debugger

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUPX.EXE

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUPX.EXE#Debugger

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHOWTIME.EXE

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHOWTIME.EXE#Debugger

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SOUNDTRAX.EXE

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SOUNDTRAX.EXE#Debugger

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WAVEEDIT.EXE

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WAVEEDIT.EXE#Debugger

    Thanks

    Michael


  6. Hello,

    would you please check, if this is a F/P. Attached pls find the scan results and the file

    SUPERAntiSpyware Scan Log

    https://www.superantispyware.com

    Generated 08/02/2010 at 07:04 PM

    Application Version : 4.41.1000

    Core Rules Database Version : 5302

    Trace Rules Database Version: 3114

    Scan type : Quick Scan

    Total Scan Time : 00:00:02

    Memory items scanned : 0

    Memory threats detected : 0

    Registry items scanned : 0

    Registry threats detected : 0

    File items scanned : 6

    File threats detected : 1

    Trojan.Agent/Gen-SVC[Fake]

    F:\MICHAEL\GARMIN\MAPSOURCE REGISTRY FIX\GARMIN_MAPSOURCE_FIX_0.2E\MAPSOURCEFIX.EXE

    Virustotal

    Antivirus Version Last Update Result

    AhnLab-V3 2010.08.01.00 2010.07.31 -

    AntiVir 8.2.4.32 2010.08.02 -

    Antiy-AVL 2.0.3.7 2010.08.02 -

    Authentium 5.2.0.5 2010.08.02 -

    Avast 4.8.1351.0 2010.08.02 -

    Avast5 5.0.332.0 2010.08.02 -

    AVG 9.0.0.851 2010.08.02 -

    BitDefender 7.2 2010.08.02 -

    CAT-QuickHeal 11.00 2010.08.02 -

    ClamAV 0.96.0.3-git 2010.08.02 -

    Comodo 5620 2010.08.02 -

    DrWeb 5.0.2.03300 2010.08.02 -

    Emsisoft 5.0.0.34 2010.07.30 -

    eSafe 7.0.17.0 2010.08.02 -

    eTrust-Vet 36.1.7756 2010.08.02 -

    F-Prot 4.6.1.107 2010.08.02 -

    F-Secure 9.0.15370.0 2010.08.02 Suspicious:W32/Malware!Gemini

    Fortinet 4.1.143.0 2010.08.02 -

    GData 21 2010.08.02 -

    Ikarus T3.1.1.84.0 2010.08.02 -

    Jiangmin 13.0.900 2010.08.01 -

    Kaspersky 7.0.0.125 2010.08.02 -

    McAfee 5.400.0.1158 2010.08.02 -

    McAfee-GW-Edition 2010.1 2010.08.02 -

    Microsoft 1.6004 2010.08.02 -

    NOD32 5335 2010.08.02 -

    Norman 6.05.11 2010.08.02 -

    nProtect 2010-08-02.02 2010.08.02 -

    Panda 10.0.2.7 2010.08.02 -

    PCTools 7.0.3.5 2010.08.02 -

    Prevx 3.0 2010.08.02 -

    Rising 22.59.00.04 2010.08.02 -

    Sophos 4.56.0 2010.08.02 -

    Sunbelt 6674 2010.08.02 -

    Symantec 20101.1.1.7 2010.08.02 -

    TheHacker 6.5.2.1.328 2010.07.30 -

    TrendMicro 9.120.0.1004 2010.08.02 -

    TrendMicro-HouseCall 9.120.0.1004 2010.08.02 -

    VBA32 3.12.12.7 2010.08.02 -

    ViRobot 2010.7.31.3965 2010.08.02 -

    VirusBuster 5.0.27.0 2010.08.02 -

    Many thanks

    Michael

    MapSourceFix.exe


  7. I updated Malwarebytes and ran it today and it found the virus in the 6to4 files in two locations. It deleted them but when I ran SuperAntiSpyware again the 15 entries showed up again, so it did not delete them. I am still having trouble opening new tab links in my browsers, both, Firefox and IE. So, these are not false positives. There is definitely something new and unwanted attached to my computer files, registry.

    I am going to run Malwarebytes again after I reboot and see what happens.

    Hi,

    i also check my system with Malwarebytes and nothing was found! The only program which has found Hugipon is SAS.

    Is someone from SAS able to give us a sufficient feedback, please?

    Many thanks

    Michael

    PS: my system is working very fine, no problems having occured. I have also no problems with new tab links in IE8, FF & Opera. During the weekend i did several full system scans with NIS2009, Spybot, Adaware, A-squared, yahoo anti-spy, nothing was found, only by SAS


  8. Hello all,

    i am also confused here about this issue which possibly came up with the latest update of SAS.

    I checked my whole system with NIS2009, Ad-Aware, Malwarebytes, Spybot, A-Squared and Windows tool, but nothing was found from each programm. Also, i haven't installed any program in the last couple of weeks, therefore i do not know, why this issue has arisen. Also my system (XP SP3)is working very fine!

    Thanks

    Michael


  9. Hello all,

    since yesterday, i have the same problem, too. 32 bit version

    SUPERAntiSpyware Scan Log

    https://www.superantispyware.com

    Generated 06/04/2009 at 07:29 PM

    Application Version : 4.26.1004

    Core Rules Database Version : 3923

    Trace Rules Database Version: 1867

    Scan type : Custom Scan

    Total Scan Time : 00:14:12

    Memory items scanned : 0

    Memory threats detected : 0

    Registry items scanned : 8218

    Registry threats detected : 60

    File items scanned : 0

    File threats detected : 0

    Trojan.Hugipon

    HKLM\System\CONTROLSET001\SERVICES\6TO4

    HKLM\System\CONTROLSET001\SERVICES\6TO4#Type

    HKLM\System\CONTROLSET001\SERVICES\6TO4#Start

    HKLM\System\CONTROLSET001\SERVICES\6TO4#ErrorControl

    HKLM\System\CONTROLSET001\SERVICES\6TO4#ImagePath

    HKLM\System\CONTROLSET001\SERVICES\6TO4#DisplayName

    HKLM\System\CONTROLSET001\SERVICES\6TO4#DependOnService

    HKLM\System\CONTROLSET001\SERVICES\6TO4#DependOnGroup

    HKLM\System\CONTROLSET001\SERVICES\6TO4#ObjectName

    HKLM\System\CONTROLSET001\SERVICES\6TO4\Config

    HKLM\System\CONTROLSET001\SERVICES\6TO4\Enum

    HKLM\System\CONTROLSET001\SERVICES\6TO4\Enum#0

    HKLM\System\CONTROLSET001\SERVICES\6TO4\Enum#Count

    HKLM\System\CONTROLSET001\SERVICES\6TO4\Enum#NextInstance

    HKLM\System\CONTROLSET001\SERVICES\6TO4\Interfaces

    HKLM\System\CONTROLSET001\SERVICES\6TO4\Parameters

    HKLM\System\CONTROLSET001\SERVICES\6TO4\Parameters#ServiceDll

    HKLM\System\CONTROLSET001\SERVICES\6TO4\Security

    HKLM\System\CONTROLSET001\SERVICES\6TO4\Teredo

    HKLM\System\CONTROLSET001\SERVICES\6TO4\Teredo#Type

    HKLM\System\CONTROLSET003\SERVICES\6TO4

    HKLM\System\CONTROLSET003\SERVICES\6TO4#Type

    HKLM\System\CONTROLSET003\SERVICES\6TO4#Start

    HKLM\System\CONTROLSET003\SERVICES\6TO4#ErrorControl

    HKLM\System\CONTROLSET003\SERVICES\6TO4#ImagePath

    HKLM\System\CONTROLSET003\SERVICES\6TO4#DisplayName

    HKLM\System\CONTROLSET003\SERVICES\6TO4#DependOnService

    HKLM\System\CONTROLSET003\SERVICES\6TO4#DependOnGroup

    HKLM\System\CONTROLSET003\SERVICES\6TO4#ObjectName

    HKLM\System\CONTROLSET003\SERVICES\6TO4\Config

    HKLM\System\CONTROLSET003\SERVICES\6TO4\Enum

    HKLM\System\CONTROLSET003\SERVICES\6TO4\Enum#0

    HKLM\System\CONTROLSET003\SERVICES\6TO4\Enum#Count

    HKLM\System\CONTROLSET003\SERVICES\6TO4\Enum#NextInstance

    HKLM\System\CONTROLSET003\SERVICES\6TO4\Interfaces

    HKLM\System\CONTROLSET003\SERVICES\6TO4\Parameters

    HKLM\System\CONTROLSET003\SERVICES\6TO4\Parameters#ServiceDll

    HKLM\System\CONTROLSET003\SERVICES\6TO4\Security

    HKLM\System\CONTROLSET003\SERVICES\6TO4\Teredo

    HKLM\System\CONTROLSET003\SERVICES\6TO4\Teredo#Type

    HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4

    HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#Type

    HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#Start

    HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#ErrorControl

    HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#ImagePath

    HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#DisplayName

    HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#DependOnService

    HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#DependOnGroup

    HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#ObjectName

    HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Config

    HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Enum

    HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Enum#0

    HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Enum#Count

    HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Enum#NextInstance

    HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Interfaces

    HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Parameters

    HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Parameters#ServiceDll

    HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Security

    HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Teredo

    HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Teredo#Type

    Michael


  10. Hi guys from Superantispyware,

    what's happening with the updates in the moment?????

    I am using SAS Version : 4.25.1014 with core 3789. If i press the update button it shows, that core 3793 is available but it remains with 3789. I downloaded the update file "Database Version 3793 - 03-12-2009" and made a manually update but this update shows core 3791 instead of core 3793, and also core 3791 was installed. I opened Superantispyware again, pressed the update button, information seen, that core 3793 is available, but, core 3789 was installed again.

    What's that please???? It makes me crazy!!!

    Database Version 3793 - 03-12-2009 includes core 3791!!!!

    core update to 3793 installs core 3789.

    I have several times repaired Superantispyware, but nothing has happened, the same bug exists.

    The final solution will be, to deinstall Superantispyware, isn't it????

    Nevertheless, Superantispyware seems to have a problem with updates generally!!

    May i / we have a solution please:

    Many thanks

    Michael

×
×
  • Create New...