What To Do?

Hi i am using bitdefender total sec. 2008 at windows xp sp2.I run ca antispyware from yahoo toolbar and it says that i am infected with KoolyNoody downloader.I have spybot search & destroy 1.6 but doesn't find anything.Then i run bitdefender and finds nothing.What should i do?That downloader appears every 5-7 days.

(All programs have the newest updates)

Please help!!!

Find more posts tagged with

Comments

alexcrist

Hello,

Could you post the location of the infected file?

Cris.

mafia1

Hello,

Could you post the location of the infected file?

Cris.

If i find it again i will post.It hasn't appeared yet

mafia1

I have it right now.Here is what ca yahoo antispy says: key:hkey_current_user \software\microsoft\windows\currentversion\internet settings\zonemap\domains\koolynoody.net

I searched registry and I found it .

alexcrist

Hello,

SpyBot Search and Destroy has a feature called Imunization.

This feature works like this: it creates in the registry some bogus entries (which, by name, belong to known malware infections). The idea behind this "fake" infections made by SpyBot is exactly like a vaccine for humans: offer the computer a small dose of the virus, so it won't get infected

In other words, if a real infection should arise, the real malware will find the registry entries in the registry and it will "believe" that the system is already infected, so it won't proceed with infecting the system (thus it will remain clean).

So, practically, YahooAntispy (which I'd remove, if I were you, since I never heard that it has a good detection rate) detects a real, but totally harmless, thing.

Because it's not a real infection, BitDefender will not add a signature for this, so it will remain undetected.

It's your choice what you do next:

either keep using SpyBot's Imunization, and remove YahooAntispy from your system
either quit using SpyBot Imunization

Personally, I'd go with the first choice: remove Y!ASpy.

Cris.

mafia1

Thank you Cris!

Ghis1964

Hello,

SpyBot Search and Destroy has a feature called Imunization.

This feature works like this: it creates in the registry some bogus entries (which, by name, belong to known malware infections). The idea behind this "fake" infections made by SpyBot is exactly like a vaccine for humans: offer the computer a small dose of the virus, so it won't get infected

In other words, if a real infection should arise, the real malware will find the registry entries in the registry and it will "believe" that the system is already infected, so it won't proceed with infecting the system (thus it will remain clean).

So, practically, YahooAntispy (which I'd remove, if I were you, since I never heard that it has a good detection rate) detects a real, but totally harmless, thing.

Because it's not a real infection, BitDefender will not add a signature for this, so it will remain undetected.

It's your choice what you do next:

either keep using SpyBot's Imunization, and remove YahooAntispy from your system

either quit using SpyBot Imunization

Personally, I'd go with the first choice: remove Y!ASpy.

Cris.

Hi,

And thank you, I had to subscribe just to be able to thank you on that one. I've been having CA major problem with all their software a while back, and I'm having it again since the yahoo toolbar is install(there were a lot of other install done that same day, so it was hard to guess which was wrong). I knew of spy-bot's way to work, but never thought it would be the responsable for this(way to speak). No wonder avast and all other scan were all saying my PC was safe. CA was the real "party-downer"

Thanks again

Peace

Ghis