LoranK Posted June 24, 2010 Has anyone that has used the Super anti spyware program had trouble with it recognizing the IP address as a spyware program? three weeks ago I had this Happen. I had the program doing a routine scan and it gave me a odd message about my Lan cable being unplugged. I started by ending the program short of scanning and closed all my programs. then I tried to get back online (after checking connections)the message came up that said Registry file missing Contact Microsoft. I had no way to contact microsoft because I couldn't even get my computer online. I went into comand promt to see if I could configure the IP address Manually because I couldn't ping any other computers. when I type in the IP Config command the promt read IP address 00000 Submask Net 00000 and the Gatway Default 00000. I tried everything I could think of until I finally realized that I had to rollback my computer to the last time I downloaded new definitions from Superantispyware. Just to see what would happen I ran a scan and same as always it came back with the same spyware to be deleted. I deleted it then I was prompted to get a definiton update. I was a little worried about it so I declined. then went to the website directly to see if there were in fact updates there were and so I downloaded them. I ran a scan and in about the same place throughout the scan I had the samething happen to me. to no avail I had to roll back the computer again to fix the problem. I contacted a local computer store they told me that a lot of times spyware companies will insert there own spyware and virus so you can't run two spyware programs on your computer at once thats why when you get a new spyware program the instructions tell you to remove all previous spyware programs. that makes sense because I forgot about one once and they both came up with each Identifing the other as a virus. He recommeded I uninstall the program and get a better one. I unistalled it and have not been using it since. I have had no other problems yet. I didn't want to stop using Superantispyware because it seemed to catch alot of tracking cookies. It does put the seed of wonder into my head that the superantispyware site will (when updating insert its own harmless adwares to find)I was wondering if anyone had thoughts on this? I only know enough about computers to be dangerous when trying to fix my problems. Sometimes I can and sometimes I make it worse. would someone please clarify this for me? I would like to re download Superantispyware again On my computer because I thought it really worked. I can't afford to pay a yearly fee to keep people off my computer and I can't afford not to be protected. Thanks in advance to any pros out there with advice. Loran Share this post Link to post Share on other sites
rmlake13 Posted June 24, 2010 I was wondering if anyone had thoughts on this? Install SAS Free edition on your machine, update it, and run another scan with it. At the end of it if it still shows the same item that you explained don't have it remove anything just hit cancel. Once the scanner is closed, right click on the bug icon in your tray and go into the control center and click on the Statistics/Log page. Select the log that corresponds with the scan you just ran and click view log. Copy the contents of the log and paste it in a reply here. Here is a link to the Free edition download SAS Free Some other things that might help if we knew it would be what Operating system you are running and whether it's 32-bit or 64-bit Share this post Link to post Share on other sites
Seth Posted June 24, 2010 Welcome to the SAS forum Loran. I contacted a local computer store they told me that a lot of times spyware companies will insert there own spyware and virus. That's ludicrous. The only exception is rogue antispyware/antivirus products. He recommeded I uninstall the program and get a better one. I recommend he educates himself on internet security. Feel free to mention this thread to him, as I wouldn't mind having a discussion with him. Anyway, rmlake is correct. We need to see the log before proceeding. Share this post Link to post Share on other sites
LoranK Posted June 26, 2010 Welcome to the SAS forum Loran. That's ludicrous. The only exception is rogue antispyware/antivirus products. I recommend he educates himself on internet security. Feel free to mention this thread to him, as I wouldn't mind having a discussion with him. Anyway, rmlake is correct. We need to see the log before proceeding. Share this post Link to post Share on other sites
LoranK Posted June 26, 2010 Thank you for your replies I have downloaded the program to scan it. I don't know what to think when I get diffrent information from diffrent sources. I'm unsure myself how the internet security works. Sorry I didn't add the system information in the post it is windows xp home edition sp3 nfts system 32bit I'm pretty sure. The program that I was refering to that labeled the other program as a virus was Norton antivirus. the program that it said was a virus was named (ZLTO28TM) That was a couple years ago the only reason I can even remember that is because it was my first experience with having to remove it mannually from the hard drive. Like I said sometimes I make it worse. I didn't know at the time that it was a crucial part of the frame work. even though norton thought it was a virus.That was the first time I had to get help reloading the system with recovery disks. what you are saying to do by cancelling the scan will it still keep everything in Quarrantine? The reason i was asking is there are a lot of programs that SAS is catching and they look like they could be harmful to the system. this time SAS finished the scan So I really dont' know what was happening. After looking over the scan log it looks like there is a lot of personal information in it about my computer. I really don't at this time feel comfortable putting this infmation into a public board. I will copy some of it. However I know it doesn't give you the whole picture and I do appreciate the advice and help. I will post more when I can figure out more of it and run a couple more tests on it myself. one positive thing is my faith in SAS has been mostly restored.::::::::::SUPERAntiSpyware Scan Log https://www.superantispyware.com Generated 06/26/2010 at 02:26 AM Application Version : 4.39.1002 Core Rules Database Version : 5122 Trace Rules Database Version: 2934 Scan type : Complete Scan Total Scan Time : 00:55:45 Memory items scanned : 497 Memory threats detected : 0 Registry items scanned : 8099 Registry threats detected : 113 File items scanned : 34334 File threats detected : 186 Adware.MyWebSearch HKU\S-1-5-21-3618631481-395094298-1503050598-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D :::::::::::this is the first section that I pasted this below is the next section Note the Colons are the breaks that I put in so you can tell what is my typing and what was pasted. I skipped a small section with my sons information in it ::::::::::::::::: C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115605.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115606.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115607.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115608.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115609.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115610.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115611.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115612.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP542\A0116105.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP542\A0116106.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP542\A0116107.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP542\A0116108.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP542\A0116109.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP542\A0116285.DLL Adware.Tracking Cookie C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt C:\Documents and Settings\Owner\Cookies\owner@imrworldwide[2].txt C:\Documents and Settings\Owner\Cookies\owner@ad.wsod[2].txt C:\Documents and Settings\Owner\Cookies\owner@media6degrees[2].txt C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt C:\Documents and Settings\Owner\Cookies\owner@adserver.adtechus[1].txt C:\Documents and Settings\Owner\Cookies\owner@interclick[2].txt C:\Documents and Settings\Owner\Cookies\owner@a1.interclick[1].txt C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt C:\Documents and Settings\Owner\Cookies\owner@pointroll[2].txt C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt C:\Documents and Settings\Owner\Cookies\owner@ru4[2].txt C:\Documents and Settings\Owner\Cookies\owner@aws.112.2o7[1].txt C:\Documents and Settings\Owner\Cookies\owner@invitemedia[1].txt;:::::::::::::::::::::::there is a small break of a few lines again below is the rest::::::::::::::::::::HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.8 HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuPosDeleted HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#LastHTMLMenuURL HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuRevision HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#ETag HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#msn.exe.pos HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn#LastHTMLMenuURL HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn#HTMLMenuRevision HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn#ETag HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn#msn.exe.pos HKU\S-1-5-21-3618631481-395094298-1503050598-1003\SOFTWARE\FunWebProducts HKU\S-1-5-21-3618631481-395094298-1503050598-1003\SOFTWARE\MyWebSearch HKLM\SOFTWARE\MyWebSearch HKLM\SOFTWARE\MyWebSearch\bar HKLM\SOFTWARE\MyWebSearch\bar#UseFWB HKLM\SOFTWARE\MyWebSearch\bar#pid HKLM\SOFTWARE\MyWebSearch\bar#fwp HKLM\SOFTWARE\MyWebSearch\bar#mwsask HKLM\SOFTWARE\MyWebSearch\bar#tiec HKLM\SOFTWARE\MyWebSearch\bar#Dir HKLM\SOFTWARE\MyWebSearch\bar#UninstallString HKLM\SOFTWARE\MyWebSearch\bar#RegHookPath HKLM\SOFTWARE\MyWebSearch\bar#Id HKLM\SOFTWARE\MyWebSearch\bar#CurInstall HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir HKLM\SOFTWARE\MyWebSearch\bar#CacheDir HKLM\SOFTWARE\MyWebSearch\bar#sr HKLM\SOFTWARE\MyWebSearch\bar#pl HKLM\SOFTWARE\MyWebSearch\bar#HTMLMenuRevision HKLM\SOFTWARE\MyWebSearch\bar#sscLabel HKLM\SOFTWARE\MyWebSearch\bar#sscURL HKLM\SOFTWARE\MyWebSearch\bar#Flags HKLM\SOFTWARE\MyWebSearch\bar#HistoryDir HKLM\SOFTWARE\MyWebSearch\bar#AutocompleteURL HKLM\SOFTWARE\MyWebSearch\SearchAssistant HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fwp HKLM\SOFTWARE\MyWebSearch\SearchAssistant#mwsask HKLM\SOFTWARE\MyWebSearch\SearchAssistant#esh HKLM\SOFTWARE\MyWebSearch\SearchAssistant#lsp HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ie8h HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ABS HKLM\SOFTWARE\MyWebSearch\SearchAssistant#DES HKLM\SOFTWARE\MyWebSearch\SkinTools HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E} HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0 HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0 HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32 HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\FLAGS HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32 HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32 HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32 HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP530\A0113765.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP530\A0113766.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP532\A0115059.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP532\A0115060.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115562.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115577.SCR C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115580.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115581.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115582.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115583.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115584.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115585.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115586.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115587.SCR C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115589.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115590.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115591.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115592.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP547\A0116651.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP547\A0116652.DLL Trojan.DNS-Changer (Hi-Jacked DNS) HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS#NAMESERVER HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS#NAMESERVER HKLM\SYSTEM\CONTROLSET005\SERVICES\TCPIP\PARAMETERS#NAMESERVER Share this post Link to post Share on other sites
rmlake13 Posted June 27, 2010 Thank you for your replies I have downloaded the program to scan it. I don't know what to think when I get diffrent information from diffrent sources. I'm unsure myself how the internet security works. Sorry I didn't add the system information in the post it is windows xp home edition sp3 nfts system 32bit I'm pretty sure. The program that I was refering to that labeled the other program as a virus was Norton antivirus. the program that it said was a virus was named (ZLTO28TM) That was a couple years ago the only reason I can even remember that is because it was my first experience with having to remove it mannually from the hard drive. Like I said sometimes I make it worse. I didn't know at the time that it was a crucial part of the frame work. even though norton thought it was a virus.That was the first time I had to get help reloading the system with recovery disks. what you are saying to do by cancelling the scan will it still keep everything in Quarrantine? The reason i was asking is there are a lot of programs that SAS is catching and they look like they could be harmful to the system. this time SAS finished the scan So I really dont' know what was happening. After looking over the scan log it looks like there is a lot of personal information in it about my computer. I really don't at this time feel comfortable putting this infmation into a public board. I will copy some of it. However I know it doesn't give you the whole picture and I do appreciate the advice and help. I will post more when I can figure out more of it and run a couple more tests on it myself. one positive thing is my faith in SAS has been mostly restored. It looks like the stuff that you posted from your scan log can be safely deleted. There were a few entries listing stuff about Proxy configurations and at the end the one about hi-jacked DNS. These and some of the other files may be causing what you are seing with your IP address. I would say go ahead and run another full scan after updating your definitions again and remove all the things it finds. It will most likely have you restart your computer after cleaning it, then let us know if it helped. Share this post Link to post Share on other sites
LoranK Posted June 27, 2010 It looks like the stuff that you posted from your scan log can be safely deleted. There were a few entries listing stuff about Proxy configurations and at the end the one about hi-jacked DNS. These and some of the other files may be causing what you are seing with your IP address. I would say go ahead and run another full scan after updating your definitions again and remove all the things it finds. It will most likely have you restart your computer after cleaning it, then let us know if it helped. Share this post Link to post Share on other sites
LoranK Posted June 27, 2010 Yes It does want me to reboot however if I let it get rid of the control set it will remove the Ip Address and the submask net and default gateway. If I knew where and what I was looking for I could delete the virus manually. It seems to either have change the way the program is reading it or is imbedded in the program it self. SAS can't distingush between the virus and the needed. until I can figure it out a little bit more I will have to leave the DNS hijacker there and hope it doesn't cause damage. otherwise I wouldn't have a internet link. Share this post Link to post Share on other sites
Seth Posted June 27, 2010 Yes It does want me to reboot however if I let it get rid of the control set it will remove the Ip Address and the submask net and default gateway. If I knew where and what I was looking for I could delete the virus manually. It seems to either have change the way the program is reading it or is imbedded in the program it self. SAS can't distingush between the virus and the needed. until I can figure it out a little bit more I will have to leave the DNS hijacker there and hope it doesn't cause damage. otherwise I wouldn't have a internet link. Hi Loran. Please submit a Customer Support Request: https://www.superantispyware.com/csrcreateticket.html Share this post Link to post Share on other sites
LoranK Posted June 28, 2010 Hi Loran. Please submit a Customer Support Request: https://www.superantispyware.com/csrcreateticket.html Thanks, I did tonight. I was sending one of the logs to microsoftt as well. Because my Dr,Watson Postmortum debugger keeps having errors when I have more than 3 tabs open. they are registry items Microsoft may be able to have me rewrite the controlset. Unless you know? I have been browsing around this fourm and have had some of these same experiances as some of the other members. I like the fact that you guys that are good at computers are willing to help the novices like me without replies dripping in sarcasm. thanks, Loran Share this post Link to post Share on other sites
Lee Rain Posted June 29, 2010 The program that I was refering to that labeled the other program as a virus was Norton antivirus. the program that it said was a virus was named (ZLTO28TM) That was a couple years ago the only reason I can even remember that is because it was my first experience with having to remove it mannually from the hard drive. Like I said sometimes I make it worse Share this post Link to post Share on other sites