Last scan: | Today at 2:16 AM. (Full system scan). |
Scan schedule: | Daily around 2:00 AM. |
Real-time protection: | On |
Definition version: | 1.43.309.0 created on 9/11/2008 at 1:38 AM. |
I downloaded and isntalled CA Anti-Spyware 2008 LE. The Free CA Anti-Spyware 2008 LE trial only detects spyware threats; it does not remove them. To remove threats, full version activation is required. CA Anti-Spyware 2008 currently costs $39.99 for a 3-user download. Alterntatively you can buy CA's Internet Security Suite, which contains the anti-spyware software for $49.99.
CA Anti-Spyware 2008 found the following malware:
CouponBar | Spyware Location |
Cutwail GF | Spyware Location |
Busky DQ | Spyware Location |
Cutwail NN | Spyware Location: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run cpl32ver |
CouponBar
CA Anti-Spyware detected the following registry keys associated with
CouponBar
:
I deleted all of those keys.
Cutwail GF
CA Anti-Spyware detected the registry key
hkey_local_machine\system\currentcontrolset\services\tcpsr
for Cutwail GF. The file C:\WINDOWS\System32\drivers\tcpsr.sys
was listed in the registry under that subkey, but I didn't see the file
in that directory. I deleted the tcpsr
registry key.
Type Location
key hkey_local_machine\system\currentcontrolset\services\tcpsr
Value name: Imagepath
Value data: \??\C:\WINDOWS\System32\drivers\tcpsr.sys
Busky DQ
CA Anti-Spyware detected the registry key
HKEY_USERS\S-1-5-21-1922275950-1779413670-3725303808-1144\Software\wkey
.
I deleted the key.
Cutwail NN
CA Anti-Spyware detected the following in
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
:
Type Location
key hkey_local_machine\software\microsoft\windows\currentversion\run
Value name: Cpl32ver
Value data: C:\WINDOWS\System32\Cpl32ver.exe
I found the file on the system, but it was zero bytes in size. I deleted the registry entry and the file.
On September 16, I performed a Google search. I noticed that, when I clicked on links provided by Google, the first time I clicked on the links they did not take me to the relevant webpage, but would take me to another page. The system was running Internet Explorer 6. I upgraded it to Internet Explorer 7, but after the upgrade saw the same behavior.