• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 736
  • Last Modified:

Unclassified.Spyware.57

Windows XP Home Edition OS

Is there a fix for Unclassified.Spyware.57?  This is found by the Microsoft Antispyware Beta program.
I ran all of the Standard Virus Removal tools and Malware tools.  This computer had tons of everything on it.

I can't find any reference using the Experts Exhange Search function.

Thanks, MetroGeek
0
metrogeeks
Asked:
metrogeeks
  • 7
  • 4
  • 3
  • +5
3 Solutions
 
SheharyaarSaahilCommented:
Only MS Antispyware is picking this spyware, or other tools also?
Did you disable your system restore before cleaning the system?
and did you run the tools in safemode?
if no then try like this, this time, and post back if this spyware is still present on your system?
0
 
metrogeeksAuthor Commented:
System Restore - Yes
Safemode - yes

I always use the standard procedures and tools.  MS Antispyware is the only tool picking up this.  However, the computer is still not running as it should.  I have been using the Hijackthis Log posting site  ( http://www.hijackthis.de/index.php?langselect=english)  to analyze the log file.  Is this adequate?

Thanks,
MetroGeek
0
 
rossfingalCommented:
metrogeeks

Post a LINK to your HijackThis log back here -
we'll take a look at it.
After you have it analyzed - at the bottom is a button "Save Analysis"
Click on that and a page will be generated -
Post a LINK to that page.

Good luck!
RF
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
metrogeeksAuthor Commented:
Thanks...

These same two entries come up every time.  I cannot find either one on the computer.

http://www.hijackthis.de/logfiles/02dbeef2625af587740d822f57b470c7.html

MetroGeek
0
 
metrogeeksAuthor Commented:
I found ipivar.exe and others *ipivar.pf.

Is it safe to delete these files?

Many thanks, MetroGeek
0
 
-dev-Commented:
ipivar.exe is not related to windows so it would be safe to delete it...however it could be used for some other program you are running but odds are its a bad file and should be killed.
0
 
rossfingalCommented:
hi!

ipivar.exe is running -
right-click on your TaskBar and choose "Task Manager" -
in the list of running processes - choose it -
then "Kill" it
Search your computer for all instances of it (*ipivar.pf) is in your "Prefetch" folder -
delete them! - and also, check your "dllcache" folder
You may have to go into "Safe" mode to do this.
Just to make sure - ANYTHING that you find that relates to ipivar.exe or ipivar.pf -
delete it.
Clean out your "temp" files
Empty your "Recycle Bin"

RF
0
 
SheharyaarSaahilCommented:
>> However, the computer is still not running as it should
can you tell us some symptoms? and do they occur in safemode also?
0
 
metrogeeksAuthor Commented:
I did what you suggested and I slaved the hard drive and removed ipivar.exe and another supicious file named nsvsvc.exe.

I rebooted, ran hijackthis and there it was "ipivar.exe".

Any other suggestions?

Thanks, MetroGeeks
0
 
metrogeeksAuthor Commented:
I have tried over an over to remove, rename, move, etc., this file or folder from the recycler folder.  It continues to reinstall.

S-1-5-21-103540028-1987043716-118972706-1006

Thanks, Metrogeeks
0
 
SheharyaarSaahilCommented:
Did you ever installed\used Kaspersky Anti-Virus on this system?
0
 
metrogeeksAuthor Commented:
The computer belongs to a friend.  I suppose it's possible that he tried Kaspersky.

Would this generate the "unclassified.spyware.57" in Microsoft Spyware Beta?

Can it be removed?

Many thanks, MetroGeek
0
 
SheharyaarSaahilCommented:
>> I suppose it's possible that he tried Kaspersky
i asked coz this process, O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\ipivar.exe "can be" be related to Kaspersky

>> Would this generate the "unclassified.spyware.57" in Microsoft Spyware Beta?
see.... MS Antispyware is still under Beta version.... may be its just a bug in it..... like we have seen many in case of Spybot...... even after cleaning the system, they keep picking them up!
are you facing "problems" in your system.... like popups, adds etc etc???
0
 
jlinden7Commented:
MetroGeek & SheharyaarSaahil,

I am having the exact same problem on my XP SP2 system.  If I run a full system scan in MS AS B1 it finds it and removes it.  Now here is where things get weird... After removing it A-S moves it to the quarantied items even though I ask for it to be removed. If I leave it in the quarantined items, I will not see any realtime agents blocking it trying to reinstall itself for a couple of hours.  However, if I permanently remove it from the quarantined items I get a block message from A-S immediately.  I then run a full system scan it finds two items, inizkk.exe and the same KavSvc registry entry except for it is inizkk.exe instead of ipivar.exe.

As for problems I am seeing lots of popup ads...

Hope this helps us find a solution!

-jason
0
 
kewljoeCommented:
A good tool to keep all this stuff from being added to your registry is Spybot do a full install, update it. When anything tries to be modified on your registry spybot will alert you asking wether you want to allow the change or reject them. This has saved me many times from spyware being added to my system, also from stupid software that runs silently in the background consuming resources.
0
 
CPR4COMPUTERSCommented:
This one is killing me, I have ran Spybot, MSAS, Symantec AV 2005, and Adaware with the latest updates.  This is a Windows 2000 Pro and all scans were done in safe mode.  All three ran without finding anything then rebooted into normal mode and MSAS popped up a message asking if I wanted to remove Unclassified.Spyware.57 I said yes and it said it was removed but then i start getting tons of popups.  Is this a new adware threat and does anyone know how to get rid of it for good!!!  Thanks in advance.
www.cpr4computers.com 
0
 
metrogeeksAuthor Commented:
I give up!!!

Maybe it is bug in MS Spyware Beta, or a new "Unclassifted" spyware.

Unclassified.Spyware.57

0
 
rossfingalCommented:
Hi!

Run HijackThis again -
Run your log through the Analysis site -
and post a LINK to your new HJT log back here.

Let's take another look.
RF
0
 
krazy57wagonCommented:
I seem to have the same problem. One thing i dont think it is a file because i noted the date that it happened, and deleted just about everyfile there was from that date to the present. and it somehow still came back.  I used Microsoft Antispyware after ad aware wasnt helping, didnt do much, but i noticed something in MS Antispyware. Under the Advanced tools, System Explorers, Windows Hosts File. There were quite a few Items in that Category that shouldnt be there. First one is the only one i think should and the list goes as follows

localhost
www.igetnet.com
code.ignphrases.com
clear-search.com
r1.clsch.com
sds.clrsch.com
status.clrsch.com
www.clrsch.com
sds-qckads.com
status.qckads.com


All of them having the destination address of 127.0.0.1

Maybe nothing but may be the cause i dont know but i thought this may help out on finding the cause and end to this problem many of us are having.
0
 
krazy57wagonCommented:
Also MS Antispyware doesnt give the option to permenently remove the host, and if i attempt to block the host if i am normal mode it will just unblock itself right away and when i am in safe mode it allows me to block it but as soon as i log back in normally, It unblocks itself again.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 7
  • 4
  • 3
  • +5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now