Jump to content
jm0307

SpywareQuaked - HTML icons

Recommended Posts

Hello,

I scanned today with SAS and it found SpywareQuaked in the following path:

HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SpywareQuaked.exe

After quarantining the item all my saved HTML pages changed their icon from the usual Internet Explorer icons to something which looks like a blank Word doc tile with a gold-framed mirror in the bottom left corner. Is this a remnant of the infection? What does SpywareQuaked do?

I have not noticed any other strange behaviour of my pc.

Incidentally, yesterday's SAS scan was clean, and so were scans by NOD and AVG Antispyware.

Any advice would be greatly appreciated.

Thanks and best wishes,

jm0307

Share this post


Link to post
Share on other sites
Hello,

I scanned today with SAS and it found SpywareQuaked in the following path:

HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SpywareQuaked.exe

After quarantining the item all my saved HTML pages changed their icon from the usual Internet Explorer icons to something which looks like a blank Word doc tile with a gold-framed mirror in the bottom left corner. Is this a remnant of the infection? What does SpywareQuaked do?

I have not noticed any other strange behaviour of my pc.

Incidentally, yesterday's SAS scan was clean, and so were scans by NOD and AVG Antispyware.

Any advice would be greatly appreciated.

Thanks and best wishes,

jm0307

SpywareQuaked could have registered itself as the HTML opening item. You can reset this with your browser.

Share this post


Link to post
Share on other sites

Hello SUPERAntiSpy,

How do I reset the HTML opening item?

Also, I have noticed that all documents which were previously saved as HTML are now MHTML docs. !!! Is this something to worry about?

Thank you for your help, and best wishes,

jm0307

Share this post


Link to post
Share on other sites
Hello SUPERAntiSpy,

How do I reset the HTML opening item?

Also, I have noticed that all documents which were previously saved as HTML are now MHTML docs. !!! Is this something to worry about?

Thank you for your help, and best wishes,

jm0307

You may be able to use the Reset Web Settings in the Internet Explorer->Tools->Options.

Share this post


Link to post
Share on other sites

Hello SUPERAntiSpy,

I have a follow-up question. Could this have been a false positive?

I have searched Wilders and your program is reputed to produce few false positives, but, in the unlikely event, how can I make sure? I am a very safe surfer and do not execute unknown attachments, programs or files. Thus, I wonder how malware could have found itsway onto my pc. How can I upload the identified file to Jotti or VirusTotal?

I am asking because the change from HTML to MHTML only appeared after removal of what SAS identified as SpywareQuaked. After your last reply, I performed scans in safe mode with SAS, AVG AS, and NOD - all clean. When I subsequently rebooted into normal mode, Prevx froze and has not functioned since.

Thanks

Share this post


Link to post
Share on other sites
Hello SUPERAntiSpy,

I have a follow-up question. Could this have been a false positive?

I have searched Wilders and your program is reputed to produce few false positives, but, in the unlikely event, how can I make sure? I am a very safe surfer and do not execute unknown attachments, programs or files. Thus, I wonder how malware could have found itsway onto my pc. How can I upload the identified file to Jotti or VirusTotal?

I am asking because the change from HTML to MHTML only appeared after removal of what SAS identified as SpywareQuaked. After your last reply, I performed scans in safe mode with SAS, AVG AS, and NOD - all clean. When I subsequently rebooted into normal mode, Prevx froze and has not functioned since.

Thanks

Post your SUPERAntiSpyware scan log here and I can see what was detected.

Share this post


Link to post
Share on other sites

Hello SUPERAntiSpy,

I appreciate your patient support!

I tried to revert the appearance of my HTML files by resetting the Web Settings, as you had suggested, but it didn't work. Also, as mentioned, Prevx froze after SAS removed 'SpywareQuaked.exe'. I was advised by their support to uninstall and reinstall the program. Prevx could not be shut down so I had to use their special removal tool in safe mode.

Amazingly, upon the first normal reboot after having removed Prevx, all my HTML files reverted to their normal former appearance. Doesn't this point to a connection between SAS' cleaning, the changes of my HTML files, and Prevx's paralysis? Prevx hasn't made its way back onto my pc....

Thanks for your help, and best wishes,

jm0307

SAS Log:

SUPERAntiSpyware Scan Log

Generated 08/24/2007 at 03:14 AM

Application Version : 3.6.1000

Core Rules Database Version : 3291

Trace Rules Database Version: 1302

Scan type : Quick Scan

Total Scan Time : 00:42:08

Memory items scanned : 383

Memory threats detected : 0

Registry items scanned : 753

Registry threats detected : 1

File items scanned : 15047

File threats detected : 0

Malware.SpywareQuake

HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SpywareQuaked.exe

Scan the night before:

SUPERAntiSpyware Scan Log

Generated 08/23/2007 at 04:39 PM

Application Version : 3.6.1000

Core Rules Database Version : 3291

Trace Rules Database Version: 1302

Scan type : Complete Scan

Total Scan Time : 01:08:59

Memory items scanned : 384

Memory threats detected : 0

Registry items scanned : 5844

Registry threats detected : 0

File items scanned : 40935

File threats detected : 0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...