What To Do?

mafia1
edited November 2008 in Malware talk

Hi i am using bitdefender total sec. 2008 at windows xp sp2.I run ca antispyware from yahoo toolbar and it says that i am infected with KoolyNoody downloader.I have spybot search & destroy 1.6 but doesn't find anything.Then i run bitdefender and finds nothing.What should i do?That downloader appears every 5-7 days.


(All programs have the newest updates)


Please help!!!

Comments

  • Hello,


    Could you post the location of the infected file?


    Cris.

  • Hello,


    Could you post the location of the infected file?


    Cris.


    If i find it again i will post.It hasn't appeared yet

  • mafia1
    edited November 2008

    I have it right now.Here is what ca yahoo antispy says: key:hkey_current_user \software\microsoft\windows\currentversion\internet settings\zonemap\domains\koolynoody.net



    I searched registry and I found it .

  • Hello,


    SpyBot Search and Destroy has a feature called Imunization.


    This feature works like this: it creates in the registry some bogus entries (which, by name, belong to known malware infections). The idea behind this "fake" infections made by SpyBot is exactly like a vaccine for humans: offer the computer a small dose of the virus, so it won't get infected :P


    In other words, if a real infection should arise, the real malware will find the registry entries in the registry and it will "believe" that the system is already infected, so it won't proceed with infecting the system (thus it will remain clean).


    So, practically, YahooAntispy (which I'd remove, if I were you, since I never heard that it has a good detection rate) detects a real, but totally harmless, thing.


    Because it's not a real infection, BitDefender will not add a signature for this, so it will remain undetected.


    It's your choice what you do next:


    • either keep using SpyBot's Imunization, and remove YahooAntispy from your system
    • either quit using SpyBot Imunization


    Personally, I'd go with the first choice: remove Y!ASpy.


    Cris.

  • Thank you Cris!

  • Hello,


    SpyBot Search and Destroy has a feature called Imunization.


    This feature works like this: it creates in the registry some bogus entries (which, by name, belong to known malware infections). The idea behind this "fake" infections made by SpyBot is exactly like a vaccine for humans: offer the computer a small dose of the virus, so it won't get infected :P


    In other words, if a real infection should arise, the real malware will find the registry entries in the registry and it will "believe" that the system is already infected, so it won't proceed with infecting the system (thus it will remain clean).


    So, practically, YahooAntispy (which I'd remove, if I were you, since I never heard that it has a good detection rate) detects a real, but totally harmless, thing.


    Because it's not a real infection, BitDefender will not add a signature for this, so it will remain undetected.


    It's your choice what you do next:


    • either keep using SpyBot's Imunization, and remove YahooAntispy from your system
    • either quit using SpyBot Imunization


    Personally, I'd go with the first choice: remove Y!ASpy.


    Cris.


    Hi,


    And thank you, I had to subscribe just to be able to thank you on that one. I've been having CA major problem with all their software a while back, and I'm having it again since the yahoo toolbar is install(there were a lot of other install done that same day, so it was hard to guess which was wrong). I knew of spy-bot's way to work, but never thought it would be the responsable for this(way to speak). No wonder avast and all other scan were all saying my PC was safe. CA was the real "party-downer"


    Thanks again


    Peace


    Ghis