Link to home
Start Free TrialLog in
Avatar of jana
janaFlag for United States of America

asked on

Help in understanding Spyware or Malware results file contents

We have 'SpyBot Search & Destroy', 'SUPERAntiSpyware' and 'Malwarebytes Anti-Malware' that we run periodically.  Where we would like EE experience in some understanding is on the results that is displayed in their logs.

Example of scanning result Log Files:

SUPERAntiSpyware:
Malware.Trace
      (x86) HKU\S-1-5-21-3012510640-2571002566-197990960-500\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

Adware.Tracking Cookie
      C:\USERS\RIO2BB\AppData\Roaming\Microsoft\Windows\Cookies\Low\rio2@m.webtrends[2].txtC:\USERS\RIO2BB\AppData\Roaming\Microsoft\Windows\Cookies\Low\rio2@m.webtrends[2].txt [ Cookie:rio2@m.webtrends.com/ ]

Malwarebytes:
Registry Keys: 1
PUP.Optional.OptimizerPro, HKU\S-1-5-21-3012510640-2572002366-197970960-1001\SOFTWARE\OPTIMIZER PRO, , [541dcfdbff8d2f07a6d21324742fea13],

SpyBot Search & Destroy:
[+]      15-12-28 04:36:53      Moving into quarantine      HKEY_USERS\S-1-5-21-3012530640-2571002566-197390960-500-{ED1FC765-E35E-4C3D-BF13-2C2B11260CE4}-0\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
[+]      15-12-28 04:36:53      Successfully cleaned      HKEY_USERS\S-1-5-21-3012510340-2531002366-197990960-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID


When we open the Registry address or the Text files or Ono-Text files, there are just garbage (or info we just don't understand).  So in essence, is there a way to identify what are in those files that we are being tracked or spied on?
SOLUTION
Avatar of Sean Plemons Kelly, CISSP
Sean Plemons Kelly, CISSP
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jana
jana
Flag of United States of America image

ASKER

Thanx for the info but what we are looking for is what is in those files, how can we read what they have or tracking.  You have anything on this?
ASKER CERTIFIED SOLUTION
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of btan
btan
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jana
jana
Flag of United States of America image

ASKER

Read your entries, we still would like to know what on those file or at least point us to where to read up on the "how-To"; as you said "disassemble the item in question".

Please advice.
SOLUTION
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of btan
btan
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jana
jana
Flag of United States of America image

ASKER

Definitely we don't skills required (we're with you on that) , but great info you guys supplied!!

Ok, to close the question and get a feel or direction on where to keep looking:

You mention "examine the dump in a debugger", any links based on your experience you can give us?
also "towards bruteforcing", any links based on your experience you can give us?
SOLUTION
Avatar of btan
btan
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jana
jana
Flag of United States of America image

ASKER

Thanx all!