Register Members List Social Groups Search Today's Posts Mark Forums Read  
Computer Forums

Member Login

Remember Me? Sign Up! | Forgot Password
 
Slogan
 
Computer Forums > The World Wide Web > Virus - Spyware Protection / Detection » Mother's comp is infected with spyware/malware
Closed Thread
Page 2 of 2 1 2
LinkBack Thread Tools Display Modes
 
Old 07-04-2007, 02:51 PM   #11 (permalink)
 
Newb Techie

Join Date: Jun 2007

Posts: 8

viralmalice is on a distinguished road
Default Re: Mother's comp is infected with spyware/malware
OK, I think we might have a problem.

She deleted the Spy Sweeper log unfortunately, but she said it looked kind of suspicious. It seems to happen in the wee hours of the morning while she's sleeping. I think I have an old log that looks kind of similar. I'll post it today and post a fresh log of Spy Sweeper tomorrow.

Is this something to be alarmed about? I actually have similar lines in my own Spy Sweeper log in the morning as well, but my computer isn't experiencing any problems and all my scans and logs are clean.

This is bits from her old log (as an example for the log she deleted today):

Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:22 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:22 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:22 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:22 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:22 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:22 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:22 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:22 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:22 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:22 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:22 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:22 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000 \LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:22 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000 \LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:22 AM: Tamper Detection
Operation: Registry Access

etc etc

The real reason I'm posting here mostly is because we noticed a few things in Registry edit.

Here are the images of what I found:
http://i208.photobucket.com/albums/b...regeditwin.jpg - Winantispyware2007

http://i208.photobucket.com/albums/b...tviewpoint.jpg - Viewpoint

http://i208.photobucket.com/albums/b...geditouter.jpg - Outerinfo

Do we just need a registry cleaner or is that stuff still there?
viralmalice is offline  
Old 07-04-2007, 05:03 PM   #12 (permalink)
ECTech's Avatar
 
Neowin.net

Join Date: Jul 2005

Posts: 633

ECTech

Default Re: Mother's comp is infected with spyware/malware
your log is clean

you can try running Rootkit Revealer. just do a scan, then save the log as a text file and post it.

Rootkit Revealer - http://download.sysinternals.com/Fil...itRevealer.zip

a good registry cleaning is always a plus - Download CCleaner 1.40.520 - filehippo.com
ECTech is offline  
Old 07-05-2007, 12:27 PM   #13 (permalink)
 
Newb Techie

Join Date: Jun 2007

Posts: 8

viralmalice is on a distinguished road
Default Re: Mother's comp is infected with spyware/malware
We already have CCleaner. What would be a good program to safely remove the files I print-screened in my previous post?

Also, every time she restarts she says the default wallpaper for XP immediately shows up before her set wallpaper. It's a slower boot than it use to be.

HKLM\SECURITY\Policy\Secrets\SAC* 8/16/2005 1:01 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 8/16/2005 1:01 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\webcal\URL Protocol 5/17/2006 1:01 AM 13 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 2/2/2007 8:14 PM 0 bytes Access is denied.
viralmalice is offline  
Old 07-05-2007, 12:41 PM   #14 (permalink)
 
Newb Techie

Join Date: Jun 2007

Posts: 8

viralmalice is on a distinguished road
Default Re: Mother's comp is infected with spyware/malware
^ Sorry for posting again.

Here's that fresh Spy Sweeper log I said I'd post yesterday...

It exceeds the characters limit so I cut off quite a bit. If it ends up not being anything serious, for curiosity's sake, can someone tell me what is going on?

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000 \LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000 \LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000 \LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000 \LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000 \LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000 \LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000 \LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000 \LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000 \LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000 \LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000 \LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000 \LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000 \LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000 \LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000 \LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000 \LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000 \LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000 \LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000 \LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000 \LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000 \LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000 \LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000 \LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000 \LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000 \LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:35 AM: Tamper Detection
viralmalice is offline  
 
Closed Thread
Page 2 of 2 1 2

« Very weird virus | can i get infected by an swf file? »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help Building a CAD Comp =] GopherBallz Building, Buying, or Upgrading High Performance PC Systems 12 05-19-2007 03:45 PM
What to use to get video on comp? dario03 Building, Buying, or Upgrading High Performance PC Systems 4 05-15-2007 09:50 PM
How Do The Professionals Remove Viruses From Infected Computer? BKSinAZ Virus - Spyware Protection / Detection 5 05-13-2007 09:27 PM

Contact Us - Computer Technology Forums - Archive - Top

 

All times are GMT -5. The time now is 12:31 PM.
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.3.2 Copyright ©2002-2009, Tech-Forums.net
vBulletin skin created by Baez & Baez Computers Inc.   |   Contact Management Software and AAOutlook 		Log Out Unregistered