Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Unclassified.Spyware.57

Posted on 2005-04-09
20
Medium Priority
?
730 Views
Last Modified: 2010-04-11
Windows XP Home Edition OS

Is there a fix for Unclassified.Spyware.57?  This is found by the Microsoft Antispyware Beta program.
I ran all of the Standard Virus Removal tools and Malware tools.  This computer had tons of everything on it.

I can't find any reference using the Experts Exhange Search function.

Thanks, MetroGeek
0
Comment
Question by:metrogeeks
  • 7
  • 4
  • 3
  • +5
20 Comments
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 13743196
Only MS Antispyware is picking this spyware, or other tools also?
Did you disable your system restore before cleaning the system?
and did you run the tools in safemode?
if no then try like this, this time, and post back if this spyware is still present on your system?
0
 

Author Comment

by:metrogeeks
ID: 13744095
System Restore - Yes
Safemode - yes

I always use the standard procedures and tools.  MS Antispyware is the only tool picking up this.  However, the computer is still not running as it should.  I have been using the Hijackthis Log posting site  ( http://www.hijackthis.de/index.php?langselect=english)  to analyze the log file.  Is this adequate?

Thanks,
MetroGeek
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 13744449
metrogeeks

Post a LINK to your HijackThis log back here -
we'll take a look at it.
After you have it analyzed - at the bottom is a button "Save Analysis"
Click on that and a page will be generated -
Post a LINK to that page.

Good luck!
RF
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Author Comment

by:metrogeeks
ID: 13744825
Thanks...

These same two entries come up every time.  I cannot find either one on the computer.

http://www.hijackthis.de/logfiles/02dbeef2625af587740d822f57b470c7.html

MetroGeek
0
 

Author Comment

by:metrogeeks
ID: 13745003
I found ipivar.exe and others *ipivar.pf.

Is it safe to delete these files?

Many thanks, MetroGeek
0
 
LVL 2

Assisted Solution

by:-dev-
-dev- earned 600 total points
ID: 13745728
ipivar.exe is not related to windows so it would be safe to delete it...however it could be used for some other program you are running but odds are its a bad file and should be killed.
0
 
LVL 12

Accepted Solution

by:
rossfingal earned 300 total points
ID: 13745729
hi!

ipivar.exe is running -
right-click on your TaskBar and choose "Task Manager" -
in the list of running processes - choose it -
then "Kill" it
Search your computer for all instances of it (*ipivar.pf) is in your "Prefetch" folder -
delete them! - and also, check your "dllcache" folder
You may have to go into "Safe" mode to do this.
Just to make sure - ANYTHING that you find that relates to ipivar.exe or ipivar.pf -
delete it.
Clean out your "temp" files
Empty your "Recycle Bin"

RF
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 13746474
>> However, the computer is still not running as it should
can you tell us some symptoms? and do they occur in safemode also?
0
 

Author Comment

by:metrogeeks
ID: 13747608
I did what you suggested and I slaved the hard drive and removed ipivar.exe and another supicious file named nsvsvc.exe.

I rebooted, ran hijackthis and there it was "ipivar.exe".

Any other suggestions?

Thanks, MetroGeeks
0
 

Author Comment

by:metrogeeks
ID: 13747716
I have tried over an over to remove, rename, move, etc., this file or folder from the recycler folder.  It continues to reinstall.

S-1-5-21-103540028-1987043716-118972706-1006

Thanks, Metrogeeks
0
 
LVL 65

Assisted Solution

by:SheharyaarSaahil
SheharyaarSaahil earned 600 total points
ID: 13748317
Did you ever installed\used Kaspersky Anti-Virus on this system?
0
 

Author Comment

by:metrogeeks
ID: 13752097
The computer belongs to a friend.  I suppose it's possible that he tried Kaspersky.

Would this generate the "unclassified.spyware.57" in Microsoft Spyware Beta?

Can it be removed?

Many thanks, MetroGeek
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 13759612
>> I suppose it's possible that he tried Kaspersky
i asked coz this process, O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\ipivar.exe "can be" be related to Kaspersky

>> Would this generate the "unclassified.spyware.57" in Microsoft Spyware Beta?
see.... MS Antispyware is still under Beta version.... may be its just a bug in it..... like we have seen many in case of Spybot...... even after cleaning the system, they keep picking them up!
are you facing "problems" in your system.... like popups, adds etc etc???
0
 

Expert Comment

by:jlinden7
ID: 13761037
MetroGeek & SheharyaarSaahil,

I am having the exact same problem on my XP SP2 system.  If I run a full system scan in MS AS B1 it finds it and removes it.  Now here is where things get weird... After removing it A-S moves it to the quarantied items even though I ask for it to be removed. If I leave it in the quarantined items, I will not see any realtime agents blocking it trying to reinstall itself for a couple of hours.  However, if I permanently remove it from the quarantined items I get a block message from A-S immediately.  I then run a full system scan it finds two items, inizkk.exe and the same KavSvc registry entry except for it is inizkk.exe instead of ipivar.exe.

As for problems I am seeing lots of popup ads...

Hope this helps us find a solution!

-jason
0
 

Expert Comment

by:kewljoe
ID: 13762862
A good tool to keep all this stuff from being added to your registry is Spybot do a full install, update it. When anything tries to be modified on your registry spybot will alert you asking wether you want to allow the change or reject them. This has saved me many times from spyware being added to my system, also from stupid software that runs silently in the background consuming resources.
0
 

Expert Comment

by:CPR4COMPUTERS
ID: 13777955
This one is killing me, I have ran Spybot, MSAS, Symantec AV 2005, and Adaware with the latest updates.  This is a Windows 2000 Pro and all scans were done in safe mode.  All three ran without finding anything then rebooted into normal mode and MSAS popped up a message asking if I wanted to remove Unclassified.Spyware.57 I said yes and it said it was removed but then i start getting tons of popups.  Is this a new adware threat and does anyone know how to get rid of it for good!!!  Thanks in advance.
www.cpr4computers.com 
0
 

Author Comment

by:metrogeeks
ID: 13798578
I give up!!!

Maybe it is bug in MS Spyware Beta, or a new "Unclassifted" spyware.

Unclassified.Spyware.57

0
 
LVL 12

Expert Comment

by:rossfingal
ID: 13798593
Hi!

Run HijackThis again -
Run your log through the Analysis site -
and post a LINK to your new HJT log back here.

Let's take another look.
RF
0
 

Expert Comment

by:krazy57wagon
ID: 13813504
I seem to have the same problem. One thing i dont think it is a file because i noted the date that it happened, and deleted just about everyfile there was from that date to the present. and it somehow still came back.  I used Microsoft Antispyware after ad aware wasnt helping, didnt do much, but i noticed something in MS Antispyware. Under the Advanced tools, System Explorers, Windows Hosts File. There were quite a few Items in that Category that shouldnt be there. First one is the only one i think should and the list goes as follows

localhost
www.igetnet.com
code.ignphrases.com
clear-search.com
r1.clsch.com
sds.clrsch.com
status.clrsch.com
www.clrsch.com
sds-qckads.com
status.qckads.com


All of them having the destination address of 127.0.0.1

Maybe nothing but may be the cause i dont know but i thought this may help out on finding the cause and end to this problem many of us are having.
0
 

Expert Comment

by:krazy57wagon
ID: 13813521
Also MS Antispyware doesnt give the option to permenently remove the host, and if i attempt to block the host if i am normal mode it will just unblock itself right away and when i am in safe mode it allows me to block it but as soon as i log back in normally, It unblocks itself again.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
Securing your business data in current era should be your biggest priority. Numerous people are unaware of the fact that insiders commit more than 60 percent of security breaches. You need to figure out the underlying cause and invoke your potential…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question