Jump to content
LoranK

False Positive crippling the IP address

Recommended Posts

Has anyone that has used the Super anti spyware program had trouble with it recognizing the IP address as a spyware program? three weeks ago I had this Happen. I had the program doing a routine scan and it gave me a odd message about my Lan cable being unplugged. I started by ending the program short of scanning and closed all my programs. then I tried to get back online (after checking connections)the message came up that said Registry file missing Contact Microsoft. I had no way to contact microsoft because I couldn't even get my computer online. I went into comand promt to see if I could configure the IP address Manually because I couldn't ping any other computers. when I type in the IP Config command the promt read IP address 00000 Submask Net 00000 and the Gatway Default 00000. I tried everything I could think of until I finally realized that I had to rollback my computer to the last time I downloaded new definitions from Superantispyware. Just to see what would happen I ran a scan and same as always it came back with the same spyware to be deleted. I deleted it then I was prompted to get a definiton update. I was a little worried about it so I declined. then went to the website directly to see if there were in fact updates there were and so I downloaded them. I ran a scan and in about the same place throughout the scan I had the samething happen to me. to no avail I had to roll back the computer again to fix the problem. I contacted a local computer store they told me that a lot of times spyware companies will insert there own spyware and virus so you can't run two spyware programs on your computer at once thats why when you get a new spyware program the instructions tell you to remove all previous spyware programs. that makes sense because I forgot about one once and they both came up with each Identifing the other as a virus. He recommeded I uninstall the program and get a better one. I unistalled it and have not been using it since. I have had no other problems yet. I didn't want to stop using Superantispyware because it seemed to catch alot of tracking cookies. It does put the seed of wonder into my head that the superantispyware site will (when updating insert its own harmless adwares to find)I was wondering if anyone had thoughts on this? I only know enough about computers to be dangerous when trying to fix my problems. Sometimes I can and sometimes I make it worse. would someone please clarify this for me? I would like to re download Superantispyware again On my computer because I thought it really worked. I can't afford to pay a yearly fee to keep people off my computer and I can't afford not to be protected. Thanks in advance to any pros out there with advice. Loran

Share this post


Link to post
Share on other sites

I was wondering if anyone had thoughts on this?

Install SAS Free edition on your machine, update it, and run another scan with it. At the end of it if it still shows the same item that you explained don't have it remove anything just hit cancel. Once the scanner is closed, right click on the bug icon in your tray and go into the control center and click on the Statistics/Log page. Select the log that corresponds with the scan you just ran and click view log. Copy the contents of the log and paste it in a reply here. Here is a link to the Free edition download SAS Free Some other things that might help if we knew it would be what Operating system you are running and whether it's 32-bit or 64-bit

Share this post


Link to post
Share on other sites

Welcome to the SAS forum Loran.

I contacted a local computer store they told me that a lot of times spyware companies will insert there own spyware and virus.

That's ludicrous.

The only exception is rogue antispyware/antivirus products.

He recommeded I uninstall the program and get a better one.

I recommend he educates himself on internet security. Feel free to mention this thread to him, as I wouldn't mind having a discussion with him.

Anyway, rmlake is correct. We need to see the log before proceeding.

Share this post


Link to post
Share on other sites

Welcome to the SAS forum Loran.

That's ludicrous.

The only exception is rogue antispyware/antivirus products.

I recommend he educates himself on internet security. Feel free to mention this thread to him, as I wouldn't mind having a discussion with him.

Anyway, rmlake is correct. We need to see the log before proceeding.

Share this post


Link to post
Share on other sites

Thank you for your replies I have downloaded the program to scan it. I don't know what to think when I get diffrent information from diffrent sources. I'm unsure myself how the internet security works. Sorry I didn't add the system information in the post it is windows xp home edition sp3 nfts system 32bit I'm pretty sure. The program that I was refering to that labeled the other program as a virus was Norton antivirus. the program that it said was a virus was named (ZLTO28TM) That was a couple years ago the only reason I can even remember that is because it was my first experience with having to remove it mannually from the hard drive. Like I said sometimes I make it worse. I didn't know at the time that it was a crucial part of the frame work. even though norton thought it was a virus.That was the first time I had to get help reloading the system with recovery disks. what you are saying to do by cancelling the scan will it still keep everything in Quarrantine? The reason i was asking is there are a lot of programs that SAS is catching and they look like they could be harmful to the system. this time SAS finished the scan So I really dont' know what was happening. After looking over the scan log it looks like there is a lot of personal information in it about my computer. I really don't at this time feel comfortable putting this infmation into a public board. I will copy some of it. However I know it doesn't give you the whole picture and I do appreciate the advice and help. I will post more when I can figure out more of it and run a couple more tests on it myself. one positive thing is my faith in SAS has been mostly restored.::::::::::SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 06/26/2010 at 02:26 AM

Application Version : 4.39.1002

Core Rules Database Version : 5122

Trace Rules Database Version: 2934

Scan type : Complete Scan

Total Scan Time : 00:55:45

Memory items scanned : 497

Memory threats detected : 0

Registry items scanned : 8099

Registry threats detected : 113

File items scanned : 34334

File threats detected : 186

Adware.MyWebSearch

HKU\S-1-5-21-3618631481-395094298-1503050598-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}

HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D :::::::::::this is the first section that I pasted this below is the next section Note the Colons are the breaks that I put in so you can tell what is my typing and what was pasted. I skipped a small section with my sons information in it ::::::::::::::::: C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115605.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115606.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115607.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115608.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115609.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115610.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115611.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115612.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP542\A0116105.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP542\A0116106.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP542\A0116107.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP542\A0116108.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP542\A0116109.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP542\A0116285.DLL

Adware.Tracking Cookie

C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt

C:\Documents and Settings\Owner\Cookies\owner@imrworldwide[2].txt

C:\Documents and Settings\Owner\Cookies\owner@ad.wsod[2].txt

C:\Documents and Settings\Owner\Cookies\owner@media6degrees[2].txt

C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt

C:\Documents and Settings\Owner\Cookies\owner@adserver.adtechus[1].txt

C:\Documents and Settings\Owner\Cookies\owner@interclick[2].txt

C:\Documents and Settings\Owner\Cookies\owner@a1.interclick[1].txt

C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt

C:\Documents and Settings\Owner\Cookies\owner@pointroll[2].txt

C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt

C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt

C:\Documents and Settings\Owner\Cookies\owner@ru4[2].txt

C:\Documents and Settings\Owner\Cookies\owner@aws.112.2o7[1].txt

C:\Documents and Settings\Owner\Cookies\owner@invitemedia[1].txt;:::::::::::::::::::::::there is a small break of a few lines again below is the rest::::::::::::::::::::HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.8

HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn

HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuPosDeleted

HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#LastHTMLMenuURL

HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuRevision

HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#ETag

HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#msn.exe.pos

HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn

HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn#LastHTMLMenuURL

HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn#HTMLMenuRevision

HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn#ETag

HKLM\SOFTWARE\Fun Web Products\Settings\WebfettiBtn#msn.exe.pos

HKU\S-1-5-21-3618631481-395094298-1503050598-1003\SOFTWARE\FunWebProducts

HKU\S-1-5-21-3618631481-395094298-1503050598-1003\SOFTWARE\MyWebSearch

HKLM\SOFTWARE\MyWebSearch

HKLM\SOFTWARE\MyWebSearch\bar

HKLM\SOFTWARE\MyWebSearch\bar#UseFWB

HKLM\SOFTWARE\MyWebSearch\bar#pid

HKLM\SOFTWARE\MyWebSearch\bar#fwp

HKLM\SOFTWARE\MyWebSearch\bar#mwsask

HKLM\SOFTWARE\MyWebSearch\bar#tiec

HKLM\SOFTWARE\MyWebSearch\bar#Dir

HKLM\SOFTWARE\MyWebSearch\bar#UninstallString

HKLM\SOFTWARE\MyWebSearch\bar#RegHookPath

HKLM\SOFTWARE\MyWebSearch\bar#Id

HKLM\SOFTWARE\MyWebSearch\bar#CurInstall

HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir

HKLM\SOFTWARE\MyWebSearch\bar#CacheDir

HKLM\SOFTWARE\MyWebSearch\bar#sr

HKLM\SOFTWARE\MyWebSearch\bar#pl

HKLM\SOFTWARE\MyWebSearch\bar#HTMLMenuRevision

HKLM\SOFTWARE\MyWebSearch\bar#sscLabel

HKLM\SOFTWARE\MyWebSearch\bar#sscURL

HKLM\SOFTWARE\MyWebSearch\bar#Flags

HKLM\SOFTWARE\MyWebSearch\bar#HistoryDir

HKLM\SOFTWARE\MyWebSearch\bar#AutocompleteURL

HKLM\SOFTWARE\MyWebSearch\SearchAssistant

HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid

HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fwp

HKLM\SOFTWARE\MyWebSearch\SearchAssistant#mwsask

HKLM\SOFTWARE\MyWebSearch\SearchAssistant#esh

HKLM\SOFTWARE\MyWebSearch\SearchAssistant#lsp

HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ie8h

HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ABS

HKLM\SOFTWARE\MyWebSearch\SearchAssistant#DES

HKLM\SOFTWARE\MyWebSearch\SkinTools

HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath

HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}

HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs

HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}

HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs

HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}

HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0

HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0

HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32

HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\FLAGS

HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR

HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid

HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32

HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib

HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version

HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid

HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32

HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib

HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version

HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}

HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid

HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32

HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib

HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP530\A0113765.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP530\A0113766.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP532\A0115059.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP532\A0115060.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115562.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115577.SCR

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115580.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115581.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115582.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115583.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115584.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115585.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115586.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115587.SCR

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115589.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115590.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115591.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP539\A0115592.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP547\A0116651.DLL

C:\SYSTEM VOLUME INFORMATION\_RESTORE{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP547\A0116652.DLL

Trojan.DNS-Changer (Hi-Jacked DNS)

HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS#NAMESERVER

HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS#NAMESERVER

HKLM\SYSTEM\CONTROLSET005\SERVICES\TCPIP\PARAMETERS#NAMESERVER

Share this post


Link to post
Share on other sites

Thank you for your replies I have downloaded the program to scan it. I don't know what to think when I get diffrent information from diffrent sources. I'm unsure myself how the internet security works. Sorry I didn't add the system information in the post it is windows xp home edition sp3 nfts system 32bit I'm pretty sure. The program that I was refering to that labeled the other program as a virus was Norton antivirus. the program that it said was a virus was named (ZLTO28TM) That was a couple years ago the only reason I can even remember that is because it was my first experience with having to remove it mannually from the hard drive. Like I said sometimes I make it worse. I didn't know at the time that it was a crucial part of the frame work. even though norton thought it was a virus.That was the first time I had to get help reloading the system with recovery disks. what you are saying to do by cancelling the scan will it still keep everything in Quarrantine? The reason i was asking is there are a lot of programs that SAS is catching and they look like they could be harmful to the system. this time SAS finished the scan So I really dont' know what was happening. After looking over the scan log it looks like there is a lot of personal information in it about my computer. I really don't at this time feel comfortable putting this infmation into a public board. I will copy some of it. However I know it doesn't give you the whole picture and I do appreciate the advice and help. I will post more when I can figure out more of it and run a couple more tests on it myself. one positive thing is my faith in SAS has been mostly restored.

It looks like the stuff that you posted from your scan log can be safely deleted. There were a few entries listing stuff about Proxy configurations and at the end the one about hi-jacked DNS. These and some of the other files may be causing what you are seing with your IP address. I would say go ahead and run another full scan after updating your definitions again and remove all the things it finds. It will most likely have you restart your computer after cleaning it, then let us know if it helped.

Share this post


Link to post
Share on other sites

It looks like the stuff that you posted from your scan log can be safely deleted. There were a few entries listing stuff about Proxy configurations and at the end the one about hi-jacked DNS. These and some of the other files may be causing what you are seing with your IP address. I would say go ahead and run another full scan after updating your definitions again and remove all the things it finds. It will most likely have you restart your computer after cleaning it, then let us know if it helped.

Share this post


Link to post
Share on other sites

Yes It does want me to reboot however if I let it get rid of the control set it will remove the Ip Address and the submask net and default gateway. If I knew where and what I was looking for I could delete the virus manually. It seems to either have change the way the program is reading it or is imbedded in the program it self. SAS can't distingush between the virus and the needed. until I can figure it out a little bit more I will have to leave the DNS hijacker there and hope it doesn't cause damage. otherwise I wouldn't have a internet link.

Share this post


Link to post
Share on other sites

Yes It does want me to reboot however if I let it get rid of the control set it will remove the Ip Address and the submask net and default gateway. If I knew where and what I was looking for I could delete the virus manually. It seems to either have change the way the program is reading it or is imbedded in the program it self. SAS can't distingush between the virus and the needed. until I can figure it out a little bit more I will have to leave the DNS hijacker there and hope it doesn't cause damage. otherwise I wouldn't have a internet link.

Hi Loran.

Please submit a Customer Support Request:

https://www.superantispyware.com/csrcreateticket.html

Share this post


Link to post
Share on other sites

Hi Loran.

Please submit a Customer Support Request:

https://www.superantispyware.com/csrcreateticket.html

Thanks, I did tonight. I was sending one of the logs to microsoftt as well. Because my Dr,Watson Postmortum debugger keeps having errors when I have more than 3 tabs open. they are registry items Microsoft may be able to have me rewrite the controlset. Unless you know? I have been browsing around this fourm and have had some of these same experiances as some of the other members. I like the fact that you guys that are good at computers are willing to help the novices like me without replies dripping in sarcasm. thanks, Loran

Share this post


Link to post
Share on other sites

The program that I was refering to that labeled the other program as a virus was Norton antivirus. the program that it said was a virus was named (ZLTO28TM) That was a couple years ago the only reason I can even remember that is because it was my first experience with having to remove it mannually from the hard drive. Like I said sometimes I make it worse

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...