Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Scan Report help please.


championskill

Recommended Posts

Posted

Hi championskill

If you save the report, then zip it I am sure it will be easy to attach to your post.

Take a look at the information about attachments in Usage of IObit Products

Link provided in my signature

 

Cheers and welcome

solbjerg

 

 

Hi,

 

I would like to know if there's any thing I should have in this report. I can't post it all because the forum saids its too long. Therefore, I've attached it to my message. Thanks for you time in advance.

Posted

@Mongoose : HijackThis automated analyzers should be avoided. They cannot truely reflect the nature of some lines, can throw false positives, but the usual problems we have with them is the absence of detections on some real malware that they miss entirely. When you suspect the presence of malware on your machine, it's always best to ask real people for advice.

 

=============

 

Something's weird in the HijackScan. It's either a bug with the program, or...

 

Running processes:

-

-

-

C:\Program Files\Spybot

-

-

C:\Program Files\Spybot

-

-

That's not right. The list is for active processes, and we're seeing what appears to be a folder here ("Spybot") and not a process (executable file). Either HijackScan is reporting it wrong, or that "Spybot" is really a sneaky executable file.

 

And this one :

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Unknown - C:\Program Files\Spybot.dll

 

Again, this isn't right. "Spybot.dll" isn't a Spybot file, as far as I know.

The Service "SBSDWSCService" does exist, but should point to the following file :

 

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

 

http://www.systemlookup.com/O23/2808-SDWinSec_exe.html

 

======

 

So... we either have a misread from HijackScan, or a nasty.

 

championskill : can you have that Spybot.dll analyzed at VirusTotal for us please ? It's really easy. Just go here :

 

http://www.virustotal.com

 

> Once there, click on "Browse" and look for this file :

 

C:\Program Files\Spybot.dll

 

> Double-click on it to select it, then click on "Send File"

> If the servers are busy, you might be put in a queue ; please wait for your turn

> They may say your file has already been analyzed and offer you two choices : choose to have the file analyzed again.

> Once done, just copy/paste the link (URL) from the VirusTotal page here on the forum.

 

===

===

Posted

Aye Enoskype!

 

The article is two years old. XPsp2 and vista (no sp, at the time vista was beleagured).

 

There are excessive svc files in that log. More than appears are called for (there are apparent replications in a couple of services). As we cannot see what came on at startup, and what was started later, or how long the machine was run without being cleansed, (put our hands on the system), I hope the secondary apps will be shutdown, reboot, and then we can compare the fresh logs with the old ones.

 

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

 

There are more.

 

If you find the softwares previously mentioned to be useful today, then by all means continue! I cannot second guess!

 

-Mel

 

 

 

Thank you So_Sad. It is Weird.

Posted

@Mel :

 

I'm not sure, but I think you mentionned there seems to be too many svchost.exe showing in the log ; it's normal to see 6 or 7 on XP boxes, and 9 or more on Vista / Win7 boxes.

 

Those Spybot entries may not even be related to SpyBot Search & Destroy ; they could be fake, so let's wait for our friend championskill to tell us if he has SpyBot on the machine and then we can look at the VirusTotal report.

 

Perhaps HijackScan cannot list the .dll extension in the list of active processes so that could explain the lines :

 

C:\Program Files\Spybot (no extension)

 

No SpyBot Search & Destroy files would sit directly in %ProgramFiles%, because the program has its own sub directory (folder).

%ProgramFiles% is a parent directory for programs, not a direct "home" for them.

 

My gut tells me this could be a sneaky program, designed to elude detection by using familiar file names, not typical malware. Monitoring software perhaps ? Wouldn't suprise me...

 

===

 

I hope our member comes back.

 

===

===

Posted

Hi jelrikj ;

 

Hello

 

i think there is nothing wrong with your computer

and about Spybot KEEP IT The Very New! Version 2.0 is coming soon :mrgreen:

 

Do you know what "C:\Program Files\Spybot.dll" is ?

If you do, I'm all ears ;-)

 

===

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...