Spyware that won't go away

[thanhkim]

Hey guys?

My SUPERAntispyware keeps picking up 27 Tracking cookies, but when I click on next and finish and reboot to take care of them, they are there again right away, even without me looking at the internet. I have run it five times in a row now and pick up 27 adware every time.

I think I got them from youtube.com. Or facebook applications. Do you know of a program, even one I could buy, that would get rid of them for good? They slow down my computer a bit, the browsing speed.

Thanks.


Kim

 

[thanhkim]

I have tried a System Restore; however they still won't go away. I read somewhere else the only solution is to reformat my computer and reinstall the OS. Is that correct?

 

[Byteman]

You do not need to format or reinstall anything. Tracking Cookies are normal to find......they can be persistent and hard to remove....

Please post the log from the scan of Superantispyware that shows these items please....

• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

We just need one log for now, that shows these "adware" items

 

[thanhkim]

Here are my logs. Thanks.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/12/2011 at 09:54 PM

Application Version : 4.44.1000

Core Rules Database Version : 6187
Trace Rules Database Version: 3999

Scan type : Quick Scan
Total Scan Time : 00:08:23

Memory items scanned : 381
Memory threats detected : 0
Registry items scanned : 1958
Registry threats detected : 0
File items scanned : 17451
File threats detected : 28

Adware.Tracking Cookie
cdn.insights.gravity.com [ C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PMFSJE4H ]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

 

[thanhkim]

Hey guys...

I am going to be on vacation until Tuesday. So if I don't respond until then, that is why. Thanks for all your help.

 

[Byteman]

Hi, Have a good time on the vacation!


To do later:

Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Next, check with Superantispyware again- do a scan, see if the same 28 cookies are still there, post this log if they are still showing please

 

[thanhkim]

Ok. I did it. This time it picked up 27, not 28.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/18/2011 at 09:14 PM

Application Version : 4.44.1000

Core Rules Database Version : 6230
Trace Rules Database Version: 4042

Scan type : Complete Scan
Total Scan Time : 00:28:05

Memory items scanned : 372
Memory threats detected : 0
Registry items scanned : 8999
Registry threats detected : 0
File items scanned : 35403
File threats detected : 27

Adware.Tracking Cookie
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

 

[Byteman]

Hi,

These persistent cookies do apparently get recreated after you delete them....here is an explanation. They are not harmful but people do
worry about them....

http://www.ghacks.net/2007/05/04/flash-cookies-explained/ <<You can delete them by following steps described here


http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html <<<The flash player settings box that you will see at this page, will let you do what is described at the ghacks page, that is YOUR flash player settings box so do what it says to delete and to change how flash cookies are used on your computer!

http://www.wired.com/epicenter/2009/08/you-deleted-your-cookies-think-again/ <<privacy settings for Firefox / zombie cookies

http://en.wikipedia.org/wiki/Zombie_cookie

In Superantispyware scan settings, you also will see a box that tells the scanner to look for Flash cookies
"Scan For Tracking Cookies" you will still get flash cookies found even if UNchecked......until you set the flash player settings as above.

http://www.bleepingcomputer.com/forums/topic372210.html <<<< Superantipsyware cookie settings discussion

Superantipsyware is aware of this and promises in their next version to handle the issues in several browsers.

 

[thanhkim]

I went to that Adobe site and changed settings. (I didn't dowload anything, just used the one on screen). And ran Superantispyware again and they were still there. Is that right?

Do I need to reboot the computer first?

 

[Byteman]

When you go here >>> http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

You see the Website Storage Settings Panel that is, your settings for your flash player

Hit the Delete Sites button, so that the list of sites providing the cookies is blank.

That's it. They are supposed to be gone, but, you get new ones, pretty much as soon as you go to a site......you HAVE TO accept cookies to use a site. You can CHANGE how much information sites store on your computer etc. Do that part in the Global settings panel as it says.

That is about all you can do. I emptied my list last night, but I see the sites I used today, like YouTube, back in there.
I do not know if restarting makes any difference but it might.

These Cookies are not really harmful.



Also> are you sure that after you run a scan with SAS, that you are having the program delete what is found?

Here are our standard directions to do a scan, that checks all files, and how to get rid of what it finds..........

• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".

When you have restarted, open SAS again and check in the Quarantine area, delete the items it quarantined if any are there.

Right after that would be a good time to go online and check in the Flash Player settings thing again......

If they are STILL there, I have no further help for you.

 

[thanhkim]

Hello Byteman...

THank you for all your help. They aren't there when I set the SuperAntispyware to the settings you describe, but when I add the recommended settings, then I get them again.

I was wondering... if I still want to get rid of them, should I just reformat my computer then? Do you think a Clean Install will do it? Or do you think I should do a military one?

 

[Byteman]

They aren't there when I set the SuperAntispyware to the settings you describe, but when I add the recommended settings, then I get them again.

I am not following you here...... the scan settings determine what is scanned for.

Where are you seeing Reccomended settings?


And no I do not advise you to wipe the computer over these simple tracking cookies. They do not identify you to anyone, they are used so that sites remember your computer....... they do pass site information on so that ads for one thing can be tailored toward those you are most likely to go look at.

 

[thanhkim]

Well, when I went to Scanner Options? you said to only have those three checked and leave the others unchecked. WHen I scan it with only those three, it picks up no tracking cookies. When I scan it when I check the ones that they write (recommended) next to, then it picks up 27.

I only have the free version installed.

I guess I can leave these cookies, but they do make it so my mouse pointer is shaky for some reason, which makes it hard for me to play this card game I like.

 

[Byteman]

Hi, I am SO glad I do not use Vista!

I found a similar thread, at a different forum, using a different spyware scanner...but, the issue is what you are seeing>>>

http://forums.pcpitstop.com/index.php?/topic/185985-low-security-threat-test-tracking-cookies-found/

Here is more: http://social.answers.microsoft.com...r/thread/42b37c3c-2d03-487f-8dc1-eca76b5050d7

I was able to remove those problem cookies by unchecking the "preserve favorite website data" box in the delete browsing history window under internet options from the tools menu drop down menu in Internet Explorer. I rechecked the box after a reboot and voila, no more irritating cookies

And here>>> http://forums.majorgeeks.com/showthread.php?t=201406



Try manually deleting them in Windows Explorer as if they were ordinary old pictures you wanted to delete. But be sure you are only deleting the tracking cookies or the text files....not the cookies folder itself.

Our forum directions for using SAS for a scan are set that way, to find and remove the bad malware, but not take a ton of time to scan all files.....so we get the malware removed using Quick Scan, while maybe not catching every Cookie, since cookies are not that harmful.

After you scan and remove the items, if the program asks you to restart, do so. Make sure you do not have SAS running in the background all the time, there is a checkmark you can remove, that tells the program to NOT start up when Windows does, the free version does not have any real time protection so it does no good for you to have it running in the system tray. Perhaps it is using system resources so your mouse acts funny.

 

[thanhkim]

I will try them on Monday... again away here. But it is Windows 7 I am actually using.

I wanted to ask you though... does it make a difference if I do this from my admin account vs the account I am picking up the cookies on?