Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

Spyware called "Desktop.Active Desktop" can't get ride of it.

This is a discussion on Spyware called "Desktop.Active Desktop" can't get ride of it. within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. Spybots been finding something it calls "desktop.active desktop" I tell it to fix it, its back the very next scan.


 
 
Thread Tools Search this Thread
Old 11-22-2005, 10:13 PM   #1
Registered Member
 
Join Date: Nov 2005
Posts: 10
OS: XP


Cry

Spybots been finding something it calls "desktop.active desktop" I tell it to fix it, its back the very next scan. Ad-Aware doesn't see it. I tried googling it but couldn't find any spyware named that through all the links related to the windows feature and how to disable it. (unlike when I had spysheriff on my PC, I found loads of webpages on getting ride of it)

Spywares been reappearing on my computer here and there for no particular reason, though usually not nearly this hard to get ride of. I just recently discovered all this time XP system restores been enabled. I'm afraid to disable it because what if a better restore is found somewhere among there. But I don't know how to use it or if any particular restore would be clean. I seriously need some help.


Scan saved at 12:15:21 AM, on 11/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\System32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\System\AVG7\avgamsvr.exe
E:\System\AVG7\avgupsvc.exe
E:\System\AVG7\avgemc.exe
E:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\system\ewido security suite\ewidoctrl.exe
E:\System\ZoneAlarm\zlclient.exe
E:\System\AVG7\avgcc.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\WINDOWS\system32\ZONELABS\vsmon.exe
E:\System\Opera\Opera.exe
E:\System\Spybot - Search & Destroy\SpybotSD.exe
E:\Program Files\Real\RealPlay.exe
E:\System\AVG7\avgwb.dat
E:\HijackThis\HijackThis.exe
E:\System\Ad-Aware SE Personal\Ad-Aware.exe
E:\Program Files\Windows NT\Accessories\WORDPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\System\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] E:\System\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\System\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SNInstall] C:\winstall.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ieSpell Options - res://E:\System\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://E:\System\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - E:\System\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - E:\System\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - E:\System\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - E:\System\ieSpell\iespell.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - E:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\System32\Shdocvw.dll
O15 - Trusted Zone: http://V4.Windowsupdate.microsoft.com
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1118979107576
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1118979065716
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O20 - Winlogon Notify: style32 - E:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\System\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\System\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\System\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - E:\system\ewido security suite\ewidoctrl.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - E:\system\diagnostics\Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZONELABS\vsmon.exe

__________________
hobbes1 is offline  
Old 11-23-2005, 02:34 AM   #2
Management Team, Security Center
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 26,478
OS: N/A


Hello and Welcome to TSF!

Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Please download these additional files/programs. Do not run them unless instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

smitRem.exe - extract it to it's own folder.

Ewido Security Suite
  • Install Ewido Security Suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.


'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING


This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you are using Notepad. It may lead to some confusion should you choose to do otherwise.

If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


With HiJackThis & place a check next to these items and select "Fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O4 - HKCU\..\Run: [SNInstall] C:\winstall.exe
O15 - Trusted Zone: http://V4.Windowsupdate.microsoft.com
O15 - Trusted Zone: http://Download.Windowsupdate.com
O20 - Winlogon Notify: style32 - E:\WINDOWS\


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Next, reboot your computer in SafeMode :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click Complete System Scan to begin scanning.
  • Click OK when prompted to clean files
With the first file it prompts to clean, select the option:
  • "Perform action on all infections"
  • .Choose clean and click OK.
Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Next go to Control Panel click Display>Desktop>Customize Desktop>Website>Uncheck "Security Info" if present.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


REBOOT TO NORMAL MODE


Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan



* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


In your next post, please include fresh copies of:
  • HiJackThis log
  • Online scan
  • Smitfiles.txt
  • Ewido's log
Let us know if any problems persist.

__________________

sUBs is offline  
Old 11-23-2005, 02:34 PM   #3
Registered Member
 
Join Date: Nov 2005
Posts: 10
OS: XP


Question

As one might see from my HJT log, I already have ewido on on PC. But I find it has a tendancy to false positives. If I took your advice and auto"fixed" everything ewido found, my PC would be really messed up. It finds many of my video cards driver components suspicious for example. If I remember correctly, it doesn't like my antivirus software (AVG) either. Is there alternatives to ewido for those of us who don't want to have to study every item it finds to screen out false positives? (and there are alot of them, and it forces you to deal with them one at a time) Isn't ad-aware &/or spybot just as good except without the false positives?

As far as the two safe zone items, I put them there in an attempt to get windows update working. Do you still feel I should remove them?

Is trend micro just as good as panda? What about hdd AV like AVG or norton?

The first two items you want me to remove, what are they? IE is set to about: blank.
__________________
hobbes1 is offline  
Old 11-23-2005, 02:44 PM   #4
Management Team, Security Center
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 26,478
OS: N/A


Please do a search of this forum. There are plenty of users with Ewido running in their machines with healthy video displays. If you're concerned about Ewido, you may set it to ignore all that it detects. I'll sift through the reports whenI see it.

Windows update would work equally as well without being placed in the trusted zone. Microsoft had some issues previously which necessitated those entries. It has long been since patched.

If your IE is set to about:blank, it would not appear like that in Hijackthis.

If you delay a bit longer with the fix, I can assure you that the infection would result in a new desktop background.
__________________

sUBs is offline  
Old 11-23-2005, 02:58 PM   #5
Registered Member
 
Join Date: Nov 2005
Posts: 10
OS: XP


Isn't ad-aware &/or spybot just as good as ewido except without the false positives?

Is trend micro just as good as panda? Panda has a nasty habit of not cleaning the stuff it finds. What about hdd AV like AVG or norton?

Also if you would please, try to help me with the system restore issue that I mentioned in the first post. Thank you :)

As far as the infection. I've already removed a majority of those items (researched my HJT log last night via a guide) But the items spybot was finding were still there, I got ride of them by having spybot take me to their location and removed them myself. Which stopped them from coming back (but one wonders about any underlying infection so I'll try the other stuff anyways)
__________________
hobbes1 is offline  
Old 11-23-2005, 03:07 PM   #6
Management Team, Security Center
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 26,478
OS: N/A


It's not to say that Ad-aware or Spybot is less effective than Ewido but some applications are more effective against certain infections.

In my opinion & that of many other analysts, trend is not as good as Panda whereas spyware is concerned.

With regards to System Restore, I do not see you as having problems with it. You did mention that it is ENABLED. Is there something wrong with it?
__________________

sUBs is offline  
Old 11-23-2005, 03:26 PM   #7
Registered Member
 
Join Date: Nov 2005
Posts: 10
OS: XP


Quote:
With regards to System Restore, I do not see you as having problems with it. You did mention that it is ENABLED. Is there something wrong with it?
Besides it gobbling up resources? I also have a sneaking suspicion that its resurrected some of the infections I've previously cleared up.

I did say I wanted to disable it in my first post, as well as ask you how to use it [please see first post]

As suspected, panda found stuff but refused to clean it up in any way
Code:
Adware:adware/savenow   Not disinfected     E:\WINDOWS\SYSTEM32\baur5s9q.dat                                                                                                                                                                       
Adware:adware/sahagent   Not disinfected    E:\WINDOWS\SYSTEM32\bqrufs5f.dat                                                                                                                                                                                                                                
Adware:adware/comet    Not disinfected   E:\WINDOWS\DOWNLOADED PROGRAM FILES\dm.inf  (I couldn't find a file by that name there)                                                                                                                                                                                                                   
Adware:adware/secure32   Not disinfected   E:\WINDOWS\secure32.html                                                                                                                                                                                                                                        
Adware:adware/wupd      Not disinfected    E:\PROGRAM FILES\DeskAd Service  (deleted by me)                                                                                                                                                                                                                          
Adware:adware/gator     Not disinfected     Windows Registry                                                                                                                                                                                                                                                
Possible Virus.         Not disinfected         C:\RECYCLED\Q330995.exe
Any of those system files of the type that I can safely delete?
__________________
hobbes1 is offline  
Old 11-23-2005, 03:34 PM   #8
Management Team, Security Center
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 26,478
OS: N/A


Whatever that lurks in System Restore will not hurt you unless you perform a restore. But if you're seeking to disable it, here are the instructions...

Go to Start >> Run - type control sysdm.cpl,,4 & press Enter
  • Tick on the checkbox - Turn off System Restore on all drives
  • Click Apply
Please bear in mind that any changes that's made after System Restore is disabled cannot be undone. You no longer have a safety net.



Delete these manually:

E:\WINDOWS\SYSTEM32\baur5s9q.dat
E:\WINDOWS\SYSTEM32\bqrufs5f.dat
E:\WINDOWS\secure32.html




Start HiJackThis & go to Config>Misc.Tools> Delete a file on reboot...
  1. In the popup box that appears, type in E:\WINDOWS\DOWNLOADED PROGRAM FILES\dm.inf
  2. Click the Open button.
  3. Click YES when prompted to restart your computer.
__________________

sUBs is offline  
Old 11-23-2005, 04:25 PM   #9
Registered Member
 
Join Date: Nov 2005
Posts: 10
OS: XP


Turns out at least one of those system32 files was completely empty, must have been previously cleaned out. Or perhaps a dummy file by spybot for "immunizing"

As far as disabling system restore, can't I simply do so in system properties? Or is your method better? Or just quicker?

Will you please answer the questions I asked about system restore in my first post? How to I use system restore? How do I know whats in any particular restore?
__________________
hobbes1 is offline  
Old 11-23-2005, 06:37 PM   #10
Registered Member
 
Join Date: Nov 2005
Posts: 10
OS: XP


I have gamespyarcade installed. So are these spyware or false positives?

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/gsda.dll\\.Owner -> Spyware.GameSpyArcade : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/Downloaded Program Files/gsda.dll\\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Ignored
__________________
hobbes1 is offline  
Old 11-23-2005, 11:59 PM   #11
TSF Security Team, Emeritus
 
MicroBell's Avatar
 
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,964
OS: Windows 7


Send a message via ICQ to MicroBell Send a message via MSN to MicroBell
The gamespyarcade entrys are Spyware...REMOVE them...
http://sarc.com/avcenter/venc/data/p...spyarcade.html

Quote:
As far as disabling system restore, can't I simply do so in system properties? Or is your method better? Or just quicker?
Either way. Both do the same thing.

Quote:
Will you please answer the questions I asked about system restore in my first post? How to I use system restore? How do I know whats in any particular restore?
http://www.microsoft.com/windowsxp/u...emrestore.mspx
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!



MicroBell is offline  
Old 11-29-2005, 01:31 PM   #12
Registered Member
 
Join Date: Nov 2005
Posts: 10
OS: XP


Question

Is there any way to know whats in any particular restore?

If I remove those gamespy arcade entries, won't that disable so named program?
__________________
hobbes1 is offline  
Old 11-29-2005, 01:48 PM   #13
TSF Security Team, Emeritus
 
MicroBell's Avatar
 
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,964
OS: Windows 7


Send a message via ICQ to MicroBell Send a message via MSN to MicroBell
Did you read the links I provided???

Removing those entrys may either disable the program or part of it. I know it's a useful program but it's also spyware.

Quote:
Is there any way to know whats in any particular restore?
NO. When Windows backs up the files and entrys...it takes a "Snapshot" of the system and then holds it in the SystemVolume folder as a restore point. If you read that link I posted...it tells you how system restore works, what locations and file extentions....it backs up...etc.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!



MicroBell is offline  
Old 12-02-2005, 11:55 AM   #14
Registered Member
 
Join Date: Nov 2005
Posts: 10
OS: XP


Yes I did read the links you provided. No the microsoft page does not tell you "what locations and file extensions....it backs up" or even how it works for that matter. Just the basics on how to use it. Got a better source of info that you could please link me to or directly explain? (like what files registry entries it backs up exactly for starters)

Also, what exactly do these gamespy arcade entries do thats so bad? Are they required to run the program? Please help me weigh the pros and cons.

oh and other people have said its not spyware. (google search result)
http://www.forumplanet.com/gamespyar...53&tid=1489833
__________________
hobbes1 is offline  
Old 12-04-2005, 02:04 PM   #15
Registered Member
 
Join Date: Nov 2005
Posts: 10
OS: XP


:bump
__________________
hobbes1 is offline  
Old 12-05-2005, 01:19 AM   #16
BartS
Guest
 
Posts: n/a
OS:


It's amazing what answers Google comes up with..

http://msdn.microsoft.com/library/de...extensions.asp
__________________
 
Old 12-06-2005, 04:57 PM   #17
TSF Team, Emeritus
 
greyknight17's Avatar
 
Join Date: Jul 2004
Location: New York
Posts: 14,312
OS: Windows 98 & Windows XP Home/Pro

My System

The site that MicroBell posted should explain what you need to know. But to sum it up, it basically backs up ("takes a snapshot") of the whole registry information every time you create a restore point. If you need more details (don't know what else you want to know...) ask in the Windows Forum instead.

GameSpy according to the Symantec site is definitely not a good program to have on your machine. Once it runs it creates a bunch of files and other registry changes that will bring more "advertisement" to your computer. It might not be spyware per se, but it's definitely adware. Talking about not being spyware, the SAME source/forum from a member says it is spyware (see here) Also that's a more recent post and the link MicroBell gave you is FROM NORTON...which means that GameSpy didn't get this resolved with Norton/Symantec because it's still being classified as being adware...
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it.
greyknight17 is offline  
Old 12-07-2005, 06:18 PM   #18
Registered Member
 
Join Date: Nov 2005
Posts: 10
OS: XP


Quote:
Once it runs it creates a bunch of files and other registry changes that will bring more "advertisement" to your computer.
You mean when the program is running right? Thats the point, its a program supported by advertisement. Now if it caused advertisement when it wasn't running, or outside of the program, or gathered PC info or anything else.. thats another matter. But I couldn't find any evidence of any of that in my google search. Are you saying it does? Can you show me?
__________________
hobbes1 is offline  
Old 12-08-2005, 04:37 AM   #19
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,340
OS: WinXP Home, Vista, Windows 7 64bit


hobbes1, we have provided you with information regarding GamesSpy. Ultimately, the decision of whether to keep the program is up to you.

Please post another HijackThis log so we can verify if the original infection has been removed.

__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 04:13 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts