1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Spyware that won't go away

Discussion in 'Virus & Other Malware Removal' started by thanhkim, Jan 11, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. thanhkim

    thanhkim Thread Starter

    Joined:
    May 28, 2007
    Messages:
    326
    Hey guys?

    My SUPERAntispyware keeps picking up 27 Tracking cookies, but when I click on next and finish and reboot to take care of them, they are there again right away, even without me looking at the internet. I have run it five times in a row now and pick up 27 adware every time.

    I think I got them from youtube.com. Or facebook applications. Do you know of a program, even one I could buy, that would get rid of them for good? They slow down my computer a bit, the browsing speed.

    Thanks.


    Kim
     
  2. thanhkim

    thanhkim Thread Starter

    Joined:
    May 28, 2007
    Messages:
    326
    I have tried a System Restore; however they still won't go away. I read somewhere else the only solution is to reformat my computer and reinstall the OS. Is that correct?
     
  3. Byteman

    Byteman Moderator Malware Specialist

    Joined:
    Jan 24, 2002
    Messages:
    17,727
    You do not need to format or reinstall anything. Tracking Cookies are normal to find......they can be persistent and hard to remove....

    Please post the log from the scan of Superantispyware that shows these items please....
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.

    We just need one log for now, that shows these "adware" items
     
  4. thanhkim

    thanhkim Thread Starter

    Joined:
    May 28, 2007
    Messages:
    326
    Here are my logs. Thanks.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 01/12/2011 at 09:54 PM

    Application Version : 4.44.1000

    Core Rules Database Version : 6187
    Trace Rules Database Version: 3999

    Scan type : Quick Scan
    Total Scan Time : 00:08:23

    Memory items scanned : 381
    Memory threats detected : 0
    Registry items scanned : 1958
    Registry threats detected : 0
    File items scanned : 17451
    File threats detected : 28

    Adware.Tracking Cookie
    cdn.insights.gravity.com [ C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PMFSJE4H ]
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@apmebf[1].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@atdmt[1].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@collective-media[1].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@doubleclick[1].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@fastclick[2].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@imrworldwide[2].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@insightexpressai[1].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@invitemedia[2].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@mediaplex[1].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@questionmarket[2].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@realmedia[2].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@revsci[1].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@serving-sys[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@atdmt[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@doubleclick[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@fastclick[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@interclick[2].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@lfstmedia[2].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@onlinerewardcenter[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
     
  5. thanhkim

    thanhkim Thread Starter

    Joined:
    May 28, 2007
    Messages:
    326
    Hey guys...

    I am going to be on vacation until Tuesday. So if I don't respond until then, that is why. Thanks for all your help.
     
  6. Byteman

    Byteman Moderator Malware Specialist

    Joined:
    Jan 24, 2002
    Messages:
    17,727
    Hi, Have a good time on the vacation!


    To do later:

    Download TFC by OldTimer to your desktop
    • Please double-click TFC.exe to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


    Next, check with Superantispyware again- do a scan, see if the same 28 cookies are still there, post this log if they are still showing please
     
  7. thanhkim

    thanhkim Thread Starter

    Joined:
    May 28, 2007
    Messages:
    326
    Ok. I did it. This time it picked up 27, not 28.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 01/18/2011 at 09:14 PM

    Application Version : 4.44.1000

    Core Rules Database Version : 6230
    Trace Rules Database Version: 4042

    Scan type : Complete Scan
    Total Scan Time : 00:28:05

    Memory items scanned : 372
    Memory threats detected : 0
    Registry items scanned : 8999
    Registry threats detected : 0
    File items scanned : 35403
    File threats detected : 27

    Adware.Tracking Cookie
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@apmebf[1].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@atdmt[1].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@collective-media[1].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@doubleclick[1].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@fastclick[2].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@imrworldwide[2].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@insightexpressai[1].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@invitemedia[2].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@mediaplex[1].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@questionmarket[2].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@realmedia[2].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@revsci[1].txt
    C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@serving-sys[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@atdmt[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@doubleclick[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@fastclick[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@interclick[2].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@lfstmedia[2].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\guest@onlinerewardcenter[1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
     
  8. Byteman

    Byteman Moderator Malware Specialist

    Joined:
    Jan 24, 2002
    Messages:
    17,727
    Hi,

    These persistent cookies do apparently get recreated after you delete them....here is an explanation. They are not harmful but people do
    worry about them....

    http://www.ghacks.net/2007/05/04/flash-cookies-explained/ <<You can delete them by following steps described here


    http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html <<<The flash player settings box that you will see at this page, will let you do what is described at the ghacks page, that is YOUR flash player settings box so do what it says to delete and to change how flash cookies are used on your computer!

    http://www.wired.com/epicenter/2009/08/you-deleted-your-cookies-think-again/ <<privacy settings for Firefox / zombie cookies

    http://en.wikipedia.org/wiki/Zombie_cookie

    In Superantispyware scan settings, you also will see a box that tells the scanner to look for Flash cookies
    "Scan For Tracking Cookies" you will still get flash cookies found even if UNchecked......until you set the flash player settings as above.

    http://www.bleepingcomputer.com/forums/topic372210.html <<<< Superantipsyware cookie settings discussion

    Superantipsyware is aware of this and promises in their next version to handle the issues in several browsers.
     
  9. thanhkim

    thanhkim Thread Starter

    Joined:
    May 28, 2007
    Messages:
    326
    I went to that Adobe site and changed settings. (I didn't dowload anything, just used the one on screen). And ran Superantispyware again and they were still there. Is that right?

    Do I need to reboot the computer first?
     
  10. Byteman

    Byteman Moderator Malware Specialist

    Joined:
    Jan 24, 2002
    Messages:
    17,727
    When you go here >>> http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

    You see the Website Storage Settings Panel that is, your settings for your flash player

    Hit the Delete Sites button, so that the list of sites providing the cookies is blank.

    That's it. They are supposed to be gone, but, you get new ones, pretty much as soon as you go to a site......you HAVE TO accept cookies to use a site. You can CHANGE how much information sites store on your computer etc. Do that part in the Global settings panel as it says.

    That is about all you can do. I emptied my list last night, but I see the sites I used today, like YouTube, back in there.
    I do not know if restarting makes any difference but it might.

    These Cookies are not really harmful.



    Also> are you sure that after you run a scan with SAS, that you are having the program delete what is found?

    Here are our standard directions to do a scan, that checks all files, and how to get rid of what it finds..........

    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".

    When you have restarted, open SAS again and check in the Quarantine area, delete the items it quarantined if any are there.

    Right after that would be a good time to go online and check in the Flash Player settings thing again......

    If they are STILL there, I have no further help for you.
     
  11. thanhkim

    thanhkim Thread Starter

    Joined:
    May 28, 2007
    Messages:
    326
    Hello Byteman...

    THank you for all your help. They aren't there when I set the SuperAntispyware to the settings you describe, but when I add the recommended settings, then I get them again.

    I was wondering... if I still want to get rid of them, should I just reformat my computer then? Do you think a Clean Install will do it? Or do you think I should do a military one?
     
  12. Byteman

    Byteman Moderator Malware Specialist

    Joined:
    Jan 24, 2002
    Messages:
    17,727
    I am not following you here...... the scan settings determine what is scanned for.

    Where are you seeing Reccomended settings?


    And no I do not advise you to wipe the computer over these simple tracking cookies. They do not identify you to anyone, they are used so that sites remember your computer....... they do pass site information on so that ads for one thing can be tailored toward those you are most likely to go look at.
     
  13. thanhkim

    thanhkim Thread Starter

    Joined:
    May 28, 2007
    Messages:
    326
    Well, when I went to Scanner Options? you said to only have those three checked and leave the others unchecked. WHen I scan it with only those three, it picks up no tracking cookies. When I scan it when I check the ones that they write (recommended) next to, then it picks up 27.

    I only have the free version installed.

    I guess I can leave these cookies, but they do make it so my mouse pointer is shaky for some reason, which makes it hard for me to play this card game I like.
     
  14. Byteman

    Byteman Moderator Malware Specialist

    Joined:
    Jan 24, 2002
    Messages:
    17,727
    Hi, I am SO glad I do not use Vista!

    I found a similar thread, at a different forum, using a different spyware scanner...but, the issue is what you are seeing>>>

    http://forums.pcpitstop.com/index.php?/topic/185985-low-security-threat-test-tracking-cookies-found/

    Here is more: http://social.answers.microsoft.com...r/thread/42b37c3c-2d03-487f-8dc1-eca76b5050d7

    And here>>> http://forums.majorgeeks.com/showthread.php?t=201406



    Try manually deleting them in Windows Explorer as if they were ordinary old pictures you wanted to delete. But be sure you are only deleting the tracking cookies or the text files....not the cookies folder itself.

    Our forum directions for using SAS for a scan are set that way, to find and remove the bad malware, but not take a ton of time to scan all files.....so we get the malware removed using Quick Scan, while maybe not catching every Cookie, since cookies are not that harmful.

    After you scan and remove the items, if the program asks you to restart, do so. Make sure you do not have SAS running in the background all the time, there is a checkmark you can remove, that tells the program to NOT start up when Windows does, the free version does not have any real time protection so it does no good for you to have it running in the system tray. Perhaps it is using system resources so your mouse acts funny.
     
  15. thanhkim

    thanhkim Thread Starter

    Joined:
    May 28, 2007
    Messages:
    326
    I will try them on Monday... again away here. But it is Windows 7 I am actually using.

    I wanted to ask you though... does it make a difference if I do this from my admin account vs the account I am picking up the cookies on?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/974159