A Windows 98 & ME forum. Win98banter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » Win98banter forum » Windows 98 » General
Site Map Home Authors List Search Today's Posts Mark Forums Read Web Partners

Spybot and BHO question, running 98-se



 
 
Thread Tools Display Modes
  #1  
Old August 21st 04, 10:01 PM
Star
external usenet poster
 
Posts: n/a
Default Spybot and BHO question, running 98-se

Hello,
Maybe I should go to IE newsgroup but I'm running 98-se. I have Spybot and
all new updates and Spybot finds only 1 problem which is a false positive
that I have already researched (SCC Technology).

I have **4 BHO's**, Adobe Acrobat, Yahoo Companion, (I choose to have this
toolbar), Pop This... pop-up blocker and my Spybot browser helper.

I ran Spybot moments ago, nothing new found.

I also ran Anti-Spy, feature of Yahoo toolbar and item found this...
*Download Accelerator Plus* w/11 entries in my registry!!

I've searched the puter and don't appear to have a program installed
associated to these entries??
I'm manually searched too w/view all files turned on, especially C:\Program
Files.

* Doing a Google search search for this item indeed gives me software and
sites for downloading.
* I have no entry in msconfig that is new, I can identify all running
processes showing up.
* I also looked at my add/remove s/w and I have only good programs that I'm
absolutely sure about, have been using them for a long time. I actually have
all my program installers either on CD or Iomega zip.

Is this Spyware, Malware??

I want all traces of it gone, I don't want this program.

My question.... How CAN I have 11 entries in my registry and not have a
program installed, doesn't make sense to me????

Star


  #2  
Old August 21st 04, 10:57 PM
Mostly Me (MM)
external usenet poster
 
Posts: n/a
Default

Star wrote:
snip
Is this Spyware, Malware??

No, but the free version is advertiser supported(displays banner ads),
thus it is adware. DAP is a download manager that speeds up file
downloads, you might find it listed as DAP in your programs files
folder, but it will be listed as Download Accelerator Plus in add/remove
programs.

It does not install itself on the sly as it is a legitimate program with
millions of users, so it would appear at one time it was (or still is)
installed on your system. Ad-Aware(anti-adware program) no longer even
classifies it as "adware" in the problematic sense as it is truly
installed voluntarily, unlike many programs such as the infamous
Gator\Gain crap.

I want all traces of it gone, I don't want this program.

Then you need to remove the entries that you don't want.

MM
  #3  
Old August 21st 04, 11:08 PM
PA Bear
external usenet poster
 
Posts: n/a
Default

You or someone else using your machine may have installed the 2-week trial
version. Uninstalling it does *not* change your Registry back to its
pre-installed state. (cf.
http://www.pestpatrol.com/pestinfo/d...rator_plus.asp)

At minimum, you'll need both Spybot and Ad-aware, kept fully up-to-date, to
identify and help remove most malware, Star. You should be running Spybot
v1.3 w/ 20 Aug-04 update installed and Ad-aware SE w/ reffile dated 16
Aug-04 installed.

But even they can't catch everything, 24/7. When all else fails, HijackThis
(http://www.spywareinfo.com/~merijn/files/HijackThis.exe) is the preferred
tool to use. It will help you to both identify and remove any
hijackware/spyware. **Post your files to http://forums.spywareinfo.com/ or
http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not here.**

Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm
--
IE6-specific newsgroup:
news://msnews.microsoft.com/microsof...er.ie6.browser

~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP

Are You Ready for WinXP SP2?
http://support.microsoft.com/default...r=windowsxpsp2

What You Should Know About Spyware
http://www.microsoft.com/athome/secu...ssoftware.mspx

AumHa Forums
http://forum.aumha.org

Star wrote:
Hello,
Maybe I should go to IE newsgroup but I'm running 98-se. I have Spybot and
all new updates and Spybot finds only 1 problem which is a false positive
that I have already researched (SCC Technology).

I have **4 BHO's**, Adobe Acrobat, Yahoo Companion, (I choose to have this
toolbar), Pop This... pop-up blocker and my Spybot browser helper.

I ran Spybot moments ago, nothing new found.

I also ran Anti-Spy, feature of Yahoo toolbar and item found this...
*Download Accelerator Plus* w/11 entries in my registry!!

I've searched the puter and don't appear to have a program installed
associated to these entries??
I'm manually searched too w/view all files turned on, especially
C:\Program Files.

* Doing a Google search search for this item indeed gives me software and
sites for downloading.
* I have no entry in msconfig that is new, I can identify all running
processes showing up.
* I also looked at my add/remove s/w and I have only good programs that
I'm absolutely sure about, have been using them for a long time. I
actually have all my program installers either on CD or Iomega zip.

Is this Spyware, Malware??

I want all traces of it gone, I don't want this program.

My question.... How CAN I have 11 entries in my registry and not have a
program installed, doesn't make sense to me????

Star


  #4  
Old August 21st 04, 11:24 PM
Star
external usenet poster
 
Posts: n/a
Default

Hi MM
"Mostly Me (MM)" wrote in message
...
Star wrote:
snip
Is this Spyware, Malware??

No, but the free version is advertiser supported(displays banner ads),
thus it is adware. DAP is a download manager that speeds up file
downloads, you might find it listed as DAP in your programs files
folder, but it will be listed as Download Accelerator Plus in add/remove
programs.


** Yahoo anti-spy said it was a BHO, I did more Google searches under BHO's
and I found this site,
http://www.spyany.com/program/articl...ator_Plus.html
I went thru my registry, did not have the keys listed to remove.
No DAP is NOT in my programs add/remove, I know every program listed and I
know they are safe.
I also don't have any running processes in msconfig that I am not confident
of, know what they all are, I try to be a smart Windows user.

It does not install itself on the sly as it is a legitimate program with
millions of users, so it would appear at one time it was (or still is)
installed on your system. Ad-Aware(anti-adware program) no longer even
classifies it as "adware" in the problematic sense as it is truly
installed voluntarily, unlike many programs such as the infamous
Gator\Gain crap.


Yahoo anti-spy removed the 11 entries. Wow!! I did not install it knowingly,
and I do very few downloads period. I'm going to check my download programs
files in Windows. I just checked my active-x small programs, I have (7),
looked at their properties, they are all safe, I know what they are.

Re... the weblink I inserted, I opened Yahoo anti-spy and indeed the keys
removed are from DAP, they match up.

I believe *all* traces are gone, what do you think??

Star


  #5  
Old August 21st 04, 11:43 PM
Star
external usenet poster
 
Posts: n/a
Default

Hi PA Bear

"PA Bear" wrote in message
...
You or someone else using your machine may have installed the 2-week trial
version. Uninstalling it does *not* change your Registry back to its
pre-installed state. (cf.
http://www.pestpatrol.com/pestinfo/d...rator_plus.asp)


* I'm the ONLY user of this machine. (see all *'s)

At minimum, you'll need both Spybot and Ad-aware, kept fully up-to-date,

to
identify and help remove most malware, Star. You should be running Spybot
v1.3 w/ 20 Aug-04 update installed and Ad-aware SE w/ reffile dated 16
Aug-04 installed.


* I have a new install of Windows, and Spybot, fully updated, Spybot only
finds SCC Technology, false positive.
I don't like Ad-aware and don't use it. I do also use Spyware Blaster and
it's fully updated. I have Yahoo anti-spy and it was found by Yahoo anti
spy and identified as a BHO.

* DAP doesn't show up in add/remove programs.
I am positive I didn't download DAP, however I acquired a strange BHO, 11
entries that have been removed.

But even they can't catch everything, 24/7. When all else fails,

HijackThis
(http://www.spywareinfo.com/~merijn/files/HijackThis.exe) is the preferred
tool to use. It will help you to both identify and remove any
hijackware/spyware. **Post your files to http://forums.spywareinfo.com/

or
http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not here.**

Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm
--
IE6-specific newsgroup:

news://msnews.microsoft.com/microsof...er.ie6.browser

* Thanks for the all the above site references. If I have traces of this
BHO, I want it gone from my puter. Also, PA Bear, a BHO is different from
downloading a program, after the download, you would have to install it??
Just wondering if you have further thoughts, thanks for helping me. I am
very cautious, download next to nothing except for updates.

Star

~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP

Are You Ready for WinXP SP2?
http://support.microsoft.com/default...r=windowsxpsp2

What You Should Know About Spyware
http://www.microsoft.com/athome/secu...ssoftware.mspx

AumHa Forums
http://forum.aumha.org

Star wrote:
Hello,
Maybe I should go to IE newsgroup but I'm running 98-se. I have Spybot

and
all new updates and Spybot finds only 1 problem which is a false

positive
that I have already researched (SCC Technology).

I have **4 BHO's**, Adobe Acrobat, Yahoo Companion, (I choose to have

this
toolbar), Pop This... pop-up blocker and my Spybot browser helper.

I ran Spybot moments ago, nothing new found.

I also ran Anti-Spy, feature of Yahoo toolbar and item found this...
*Download Accelerator Plus* w/11 entries in my registry!!

I've searched the puter and don't appear to have a program installed
associated to these entries??
I'm manually searched too w/view all files turned on, especially
C:\Program Files.

* Doing a Google search search for this item indeed gives me software

and
sites for downloading.
* I have no entry in msconfig that is new, I can identify all running
processes showing up.
* I also looked at my add/remove s/w and I have only good programs that
I'm absolutely sure about, have been using them for a long time. I
actually have all my program installers either on CD or Iomega zip.

Is this Spyware, Malware??

I want all traces of it gone, I don't want this program.

My question.... How CAN I have 11 entries in my registry and not have a
program installed, doesn't make sense to me????

Star




  #6  
Old August 21st 04, 11:51 PM
Mostly Me (MM)
external usenet poster
 
Posts: n/a
Default

Star wrote:

I believe *all* traces are gone, what do you think??

Star



Looks like you have it all under control. It will just have to be a
mystery as to how they got there in the first place, but the good news
is you gave them the boot.

MM
  #7  
Old August 22nd 04, 12:14 AM
rooster
external usenet poster
 
Posts: n/a
Default

Star;
I'm such a newbie, I feel like a real 'poseur' even
attempting to respond to someone else's a query.
Installing and running DAP creates Winzip *files*
which don't delete when the DAP unistall is used. These
might account for any scanning hits which would be in
addition to those remnants actually in your registry as
PABear already pointed out. I only mention this in case
you find the registry edit doesn't satisfy your; "I want
all traces it gone" objective.

rooster
boundary bay, bc


-----Original Message-----
Hello,
Maybe I should go to IE newsgroup but I'm running 98-se.

I have Spybot and
all new updates and Spybot finds only 1 problem which is

a false positive
that I have already researched (SCC Technology).

I have **4 BHO's**, Adobe Acrobat, Yahoo Companion, (I

choose to have this
toolbar), Pop This... pop-up blocker and my Spybot

browser helper.

I ran Spybot moments ago, nothing new found.

I also ran Anti-Spy, feature of Yahoo toolbar and item

found this...
*Download Accelerator Plus* w/11 entries in my registry!!

I've searched the puter and don't appear to have a

program installed
associated to these entries??
I'm manually searched too w/view all files turned on,

especially C:\Program
Files.

* Doing a Google search search for this item indeed gives

me software and
sites for downloading.
* I have no entry in msconfig that is new, I can identify

all running
processes showing up.
* I also looked at my add/remove s/w and I have only good

programs that I'm
absolutely sure about, have been using them for a long

time. I actually have
all my program installers either on CD or Iomega zip.

Is this Spyware, Malware??

I want all traces of it gone, I don't want this program.

My question.... How CAN I have 11 entries in my registry

and not have a
program installed, doesn't make sense to me????

Star


.

  #8  
Old August 22nd 04, 12:39 AM
Star
external usenet poster
 
Posts: n/a
Default

Hi Rooster,
That confirms for me... I do have WinZip and a folder that I *USE* for any
WinZip downloads. That further confirms for me that I never downloaded this
program nor installed it, nor does it show up in add/remove programs. You
know for sure that it downloads as a zip file vs. set-up file, have you
downloaded it in the past?

I went to the link at Amaha.com that PA Bear gave and did the test...
nothing was found, I was clean!!

Still 11 registry entries for a BHO... seems a little much?

Thanks, Star

"rooster" wrote in message
...
Star;
I'm such a newbie, I feel like a real 'poseur' even
attempting to respond to someone else's a query.
Installing and running DAP creates Winzip *files*
which don't delete when the DAP unistall is used. These
might account for any scanning hits which would be in
addition to those remnants actually in your registry as
PABear already pointed out. I only mention this in case
you find the registry edit doesn't satisfy your; "I want
all traces it gone" objective.

rooster
boundary bay, bc


-----Original Message-----
Hello,
Maybe I should go to IE newsgroup but I'm running 98-se.

I have Spybot and
all new updates and Spybot finds only 1 problem which is

a false positive
that I have already researched (SCC Technology).

I have **4 BHO's**, Adobe Acrobat, Yahoo Companion, (I

choose to have this
toolbar), Pop This... pop-up blocker and my Spybot

browser helper.

I ran Spybot moments ago, nothing new found.

I also ran Anti-Spy, feature of Yahoo toolbar and item

found this...
*Download Accelerator Plus* w/11 entries in my registry!!

I've searched the puter and don't appear to have a

program installed
associated to these entries??
I'm manually searched too w/view all files turned on,

especially C:\Program
Files.

* Doing a Google search search for this item indeed gives

me software and
sites for downloading.
* I have no entry in msconfig that is new, I can identify

all running
processes showing up.
* I also looked at my add/remove s/w and I have only good

programs that I'm
absolutely sure about, have been using them for a long

time. I actually have
all my program installers either on CD or Iomega zip.

Is this Spyware, Malware??

I want all traces of it gone, I don't want this program.

My question.... How CAN I have 11 entries in my registry

and not have a
program installed, doesn't make sense to me????

Star


.



  #9  
Old August 22nd 04, 01:34 AM
AlmostBob
external usenet poster
 
Posts: n/a
Default

11 entries for this particular BHO is about there, it is supposed to begin
multiple band download threads of files and match all the pieces up and sort
all the downloaded fragments into coherent order behind the OS's back, it
hooks into a lot of processes.

--
Adaware http://www.lavasoft.de
spybot http://security.kolla.de
AVG free antivirus http://www.grisoft.com
Etrust/Vet/CA.online Antivirus scan
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Panda online AntiVirus scan http://www.pandasoftware.com/ActiveScan/
Catalog of removal tools http://www.pandasoftware.com/download/utilities/
Blocking Unwanted Parasites with a Hosts file
http://mvps.org/winhelp2002/hosts.htm
links provided as a courtesy, read all instructions on the pages before use
Grateful thanks to the authors/webmasters

"Star" wrote in message
...
| Hi Rooster,
| That confirms for me... I do have WinZip and a folder that I *USE* for any
| WinZip downloads. That further confirms for me that I never downloaded this
| program nor installed it, nor does it show up in add/remove programs. You
| know for sure that it downloads as a zip file vs. set-up file, have you
| downloaded it in the past?
|
| I went to the link at Amaha.com that PA Bear gave and did the test...
| nothing was found, I was clean!!
|
| Still 11 registry entries for a BHO... seems a little much?
|
| Thanks, Star
|
| "rooster" wrote in message
| ...
| Star;
| I'm such a newbie, I feel like a real 'poseur' even
| attempting to respond to someone else's a query.
| Installing and running DAP creates Winzip *files*
| which don't delete when the DAP unistall is used. These
| might account for any scanning hits which would be in
| addition to those remnants actually in your registry as
| PABear already pointed out. I only mention this in case
| you find the registry edit doesn't satisfy your; "I want
| all traces it gone" objective.
|
| rooster
| boundary bay, bc
|
|
| -----Original Message-----
| Hello,
| Maybe I should go to IE newsgroup but I'm running 98-se.
| I have Spybot and
| all new updates and Spybot finds only 1 problem which is
| a false positive
| that I have already researched (SCC Technology).
|
| I have **4 BHO's**, Adobe Acrobat, Yahoo Companion, (I
| choose to have this
| toolbar), Pop This... pop-up blocker and my Spybot
| browser helper.
|
| I ran Spybot moments ago, nothing new found.
|
| I also ran Anti-Spy, feature of Yahoo toolbar and item
| found this...
| *Download Accelerator Plus* w/11 entries in my registry!!
|
| I've searched the puter and don't appear to have a
| program installed
| associated to these entries??
| I'm manually searched too w/view all files turned on,
| especially C:\Program
| Files.
|
| * Doing a Google search search for this item indeed gives
| me software and
| sites for downloading.
| * I have no entry in msconfig that is new, I can identify
| all running
| processes showing up.
| * I also looked at my add/remove s/w and I have only good
| programs that I'm
| absolutely sure about, have been using them for a long
| time. I actually have
| all my program installers either on CD or Iomega zip.
|
| Is this Spyware, Malware??
|
| I want all traces of it gone, I don't want this program.
|
| My question.... How CAN I have 11 entries in my registry
| and not have a
| program installed, doesn't make sense to me????
|
| Star
|
|
| .
|
|
|


  #10  
Old August 22nd 04, 02:44 AM
glee
external usenet poster
 
Posts: n/a
Default

Star, you should regularly check the Windows\Downloaded Program Files folder,
right-click the entries and choose Properties in order to see what you have
installed from the web. Many of these items fall under the category of BHO's. If
you had looked there prior to removing the 11 Registry entries with the Yahoo
spyware app, you might have seen it listed there. Downloaded Program Files folder
contains ActiveX controls, and they can add quite a lot of registry entries,
depending on what they do. 11 entries is really not much at all for an ActiveX
control or a BHO.

BHO's and ActiveX controls can install without your knowledge, especially if you
have your browser security setting too low. PA Bear will probably fill you in on
preferred security settings in IE, as that is one of his areas of concentration in
the IE/OE groups.

Download accelerators sometimes install themselves during a download of some other
item from a web site. Unless you read the page with the download carefully, you can
often miss the "fine print' informing you that you will be downloading with "such
and such accelerator".
--
Glen Ventura, MS MVP W95/98 Systems
http://dts-l.org/goodpost.htm


"Star" wrote in message ...
Hi PA Bear

"PA Bear" wrote in message
...
You or someone else using your machine may have installed the 2-week trial
version. Uninstalling it does *not* change your Registry back to its
pre-installed state. (cf.
http://www.pestpatrol.com/pestinfo/d...rator_plus.asp)


* I'm the ONLY user of this machine. (see all *'s)

At minimum, you'll need both Spybot and Ad-aware, kept fully up-to-date,

to
identify and help remove most malware, Star. You should be running Spybot
v1.3 w/ 20 Aug-04 update installed and Ad-aware SE w/ reffile dated 16
Aug-04 installed.


* I have a new install of Windows, and Spybot, fully updated, Spybot only
finds SCC Technology, false positive.
I don't like Ad-aware and don't use it. I do also use Spyware Blaster and
it's fully updated. I have Yahoo anti-spy and it was found by Yahoo anti
spy and identified as a BHO.

* DAP doesn't show up in add/remove programs.
I am positive I didn't download DAP, however I acquired a strange BHO, 11
entries that have been removed.

But even they can't catch everything, 24/7. When all else fails,

HijackThis
(http://www.spywareinfo.com/~merijn/files/HijackThis.exe) is the preferred
tool to use. It will help you to both identify and remove any
hijackware/spyware. **Post your files to http://forums.spywareinfo.com/

or
http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not here.**

Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm
--
IE6-specific newsgroup:

news://msnews.microsoft.com/microsof...er.ie6.browser

* Thanks for the all the above site references. If I have traces of this
BHO, I want it gone from my puter. Also, PA Bear, a BHO is different from
downloading a program, after the download, you would have to install it??
Just wondering if you have further thoughts, thanks for helping me. I am
very cautious, download next to nothing except for updates.

Star

~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP

Are You Ready for WinXP SP2?
http://support.microsoft.com/default...r=windowsxpsp2

What You Should Know About Spyware
http://www.microsoft.com/athome/secu...ssoftware.mspx

AumHa Forums
http://forum.aumha.org

Star wrote:
Hello,
Maybe I should go to IE newsgroup but I'm running 98-se. I have Spybot

and
all new updates and Spybot finds only 1 problem which is a false

positive
that I have already researched (SCC Technology).

I have **4 BHO's**, Adobe Acrobat, Yahoo Companion, (I choose to have

this
toolbar), Pop This... pop-up blocker and my Spybot browser helper.

I ran Spybot moments ago, nothing new found.

I also ran Anti-Spy, feature of Yahoo toolbar and item found this...
*Download Accelerator Plus* w/11 entries in my registry!!

I've searched the puter and don't appear to have a program installed
associated to these entries??
I'm manually searched too w/view all files turned on, especially
C:\Program Files.

* Doing a Google search search for this item indeed gives me software

and
sites for downloading.
* I have no entry in msconfig that is new, I can identify all running
processes showing up.
* I also looked at my add/remove s/w and I have only good programs that
I'm absolutely sure about, have been using them for a long time. I
actually have all my program installers either on CD or Iomega zip.

Is this Spyware, Malware??

I want all traces of it gone, I don't want this program.

My question.... How CAN I have 11 entries in my registry and not have a
program installed, doesn't make sense to me????

Star





 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 08:52 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 Win98banter.
The comments are property of their posters.