proxyspd.dll BHO?

[Al Puzzuoli]

Hi all,

This morning when I booted my machine, Spyware guard came up and
reported that it detected this. The file is located in my c:\windows
\system32 folder. Any ideas what it is, and why it suddenly decided to
try to load today? I've never seen it before.

Thanks for any info,

--Al

[AvianFlux]

What's the file's name?

[AvianFlux]

Nevermind...it's the topic title. Duh.

[Chuck]

On Fri, 8 Apr 2005 07:38:25 -0400, Al Puzzuoli <apuzzuoli@comcast.net> wrote:

>Hi all,
>
>This morning when I booted my machine, Spyware guard came up and
>reported that it detected this. The file is located in my c:\windows
>\system32 folder. Any ideas what it is, and why it suddenly decided to
>try to load today? I've never seen it before.
>
>Thanks for any info,
>
>--Al

Al,

Can you find proxyspd.dll, and submit it to:
http://www.virustotal.com/flash/index_en.html

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.

[Al Puzzuoli]

In article <95fd51hq3aj29iihfblunslrg347ftbfro@4ax.com>,
none@example.net says...
> On Fri, 8 Apr 2005 07:38:25 -0400, Al Puzzuoli <apuzzuoli@comcast.net> wrote:
>
> >Hi all,
> >
> >This morning when I booted my machine, Spyware guard came up and
> >reported that it detected this. The file is located in my c:\windows
> >\system32 folder. Any ideas what it is, and why it suddenly decided to
> >try to load today? I've never seen it before.
> >
> >Thanks for any info,
> >
> >--Al
>
> Al,
>
> Can you find proxyspd.dll, and submit it to:
> http://www.virustotal.com/flash/index_en.html
>
>
Hmm interesting. I did this. The only engine that detected anything
was Panda and it detected the file as "Trj/Clicker.CP"
Guess it's time to run Spybot and AdAware.

[Mich]

"Al Puzzuoli" <apuzzuoli@comcast.net> wrote in message
news:MPG.1cc03740176a2b389896ab@news.giganews.com. ..
> Hi all,
>
> This morning when I booted my machine, Spyware guard came up and
> reported that it detected this. The file is located in my c:\windows
> \system32 folder. Any ideas what it is, and why it suddenly decided to
> try to load today? I've never seen it before.
>
> Thanks for any info,
>
> --Al

Have ya tried booting into safe mode and deleting that file ?
that would be my first step well second I see your already blocking it from
the net..
If ya can't kill it in safe mode download HiJackthis and there is an option
to kill the file on reboot. http://www.merijn.org/files/hijackthis.zip

[Chuck]

On Fri, 8 Apr 2005 16:46:41 -0400, Al Puzzuoli <apuzzuoli@comcast.net> wrote:

>In article <95fd51hq3aj29iihfblunslrg347ftbfro@4ax.com>,
>none@example.net says...
>> On Fri, 8 Apr 2005 07:38:25 -0400, Al Puzzuoli <apuzzuoli@comcast.net> wrote:
>>
>> >Hi all,
>> >
>> >This morning when I booted my machine, Spyware guard came up and
>> >reported that it detected this. The file is located in my c:\windows
>> >\system32 folder. Any ideas what it is, and why it suddenly decided to
>> >try to load today? I've never seen it before.
>> >
>> >Thanks for any info,
>> >
>> >--Al
>>
>> Al,
>>
>> Can you find proxyspd.dll, and submit it to:
>> http://www.virustotal.com/flash/index_en.html
>>
>>
>Hmm interesting. I did this. The only engine that detected anything
>was Panda and it detected the file as "Trj/Clicker.CP"
>Guess it's time to run Spybot and AdAware.

AdAware and Spybot are a good start, but just that. HijackThis is the only
ultimately authoritative tool that I trust.

Start by downloading each of the following additional free tools - and download
each individual product from each link as listed:
AdAware <http://www.lavasoftusa.com/>
CWShredder <http://www.intermute.com/spysubtract/cwshredder_download.html>
HijackThis <http://www.tomcoyote.com/hjt/>
LSP-Fix <http://www.cexx.org/lspfix.htm>
WinsockXPFix <http://www.spychecker.com/program/winsockxpfix.html>
Spybot S&D <http://www.safer-networking.org/index.php?page=download>
Stinger <http://us.mcafee.com/virusInfo/default.asp?id=stinger>
TrendMicro Sysclean <http://www.ik-cs.com/got-a-virus.htm>

Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. Create a separate folder for the TrendMicro files, such
as C:\TrendMicro - copy the downloaded files there (unzipped if necessary).
AdAware, CWShredder, and Spybot S&D have install routines - run them. The other
downloaded programs can be copied into, and run from, any convenient folder.

First, close all Internet Explorer and Outlook windows.

Run Stinger. Have it remove all problems found.

Run CWShredder. Have it fix all problems found.

Empty your temporary files folders:
- "C:\WINDOWS\Temp"
- "C:\Documents and Settings\(Username)\Local Settings\Temporary Internet
Files".

Next, disable System Restore.
<http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm>
Boot your computer into Safe Mode.
http://support.microsoft.com/?id=315222
Run SysClean per instructions. Delete any infections found. Reboot your
computer, and re enable System Restore.

Next, run AdAware. First update it, configure for full scan
(<http://forums.spywareinfo.com/index.php?showtopic=11150>), then scan. When
scanning finishes, remove all Critical Objects found.

Next, run Spybot S&D. First update it, then run a scan. Trust Spybot, and
delete everything ("Fix Problems") that is displayed in Red.

Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
HJT Log.
<http://forums.spywareinfo.com/index.php?showtopic=227>

Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and please post a link to your forum posts, here):
Aumha: <http://forum.aumha.org/index.php>
Net-Integration: <http://forums.net-integration.net/>
Spyware Info: <http://forums.spywareinfo.com/>
Spyware Warrior: <http://spywarewarrior.com/index.php>
Tom Coyote: <http://forums.tomcoyote.org/>

If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.

Finally, improve your chances for the future.

Harden your browser. There are various websites which will check for
vulnerabilities, here are three which I use.
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/
https://testzone.secunia.com/browser_checker/

Consider using an alternative browser, like Firefox, for the majority of your
browsing activities.
<http://www.spreadfirefox.com/?q=affiliates&id=4507&t=61>

Block Internet Explorer ActiveX scripting from dangerous websites (Restricted
Zone).
<https://netfiles.uiuc.edu/ehowes/www/main.htm> (IE-SpyAd)

Block known dangerous scripts from running.
<http://www.javacoolsoftware.com/spywareblaster.html>

Block known spyware from installing.
<http://www.javacoolsoftware.com/spywareguard.html>

Make sure that the spyware detection / protection products that you use are
reliable:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Harden your operating system. Check at least monthly for security updates.
http://windowsupdate.microsoft.com/

Block possibly dangerous websites with a Hosts file. Three Hosts file sources I
use:
http://www.accs-net.com/hosts/get_hosts.html
http://www.mvps.org/winhelp2002/hosts.htm
(The third is included, and updated, with Spybot (see above)).

Maintain your Hosts file (merge / eliminate duplicate entries) with:
eDexter <http://www.accs-net.com/hosts/get_hosts.html>
Hostess <http://accs-net.com/hostess/>

Secure your operating system, and applications. Don't use, or leave activated,
any accounts with names or passwords with trivial (guessable) values. Don't use
an account with administrative authority, except when you're intentionally doing
administrative tasks.

Use common sense. Yours. Don't install software based upon advice from unknown
sources. Don't install free software, without researching it carefully. Don't
open email unless you know who it's from, and how and why it was sent.

Educate yourself. Know what the risks are. Stay informed. Read Usenet, and
various web pages that discuss security problems. Check the logs from the
security products that you use regularly, look for things that don't belong, and
take action when necessary.

How did I get infected in the first place?
http://forums.net-integration.net/in...showtopic=3051
Essential tips for infection prevention
http://forums.spywareinfo.com/index.php?showtopic=24339
http://www1.spywareinfo.com/articles...ed/prevent.php

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.