Tracking Cookie "Data Miner" keeps on coming!

Everytime I use spybot, it finds up to 20 cookies/spies/trojans. Immunizing and deleting these suckers is only temporarely. Think, I get 'em through Mozilla. Have a steady IP-adress., Zedo, SystemDoctor2006, Doubleclick, -trade and other stuff is coming on and on. Got “vista!” as an Anti-Vir-Programm. I’m also member of the “World Community Grid”, which enables a steady internet-connection vià “BOINC-Manager”.
Have tried Advanced Windows Care due to a hint from mike6688. System’s working faster, but the same problem keeps reoccuring; spybot is always finding the same things. Everytime I check my system intensively vià vista!, it crashes! Sophos finds MadHookCode.dll, which is rarely a virus. AWC finds (which I think is the clearest target to operate on) a tracking cookie (adress: Cookie:administrator [ at ] named data miner. Keeps on coming like a twelve-tailed-rabbit! Further suggestions…?

Thx for your replies!


Can you please download HijackThis ( Installit, runit, save a system log and post the log here.

Ewen :slight_smile:

As you will. (:NRD)

[attachment deleted by admin]

The culprit may be abc.exe.

If abc.exe is running on your pc, your computer may have been infected with a trojan that goes by the name of cloner.

abc.exe is considered to be a security risk, not only because antivirus programs and Superantispyware flag Cloner Trojan as a trojan, but also because other sites consider it a Trojan as well.


From your hijack log it appears that you have several anti-virus programs running
at the same time ?
You should avoid that as they may easily conflict with each other.

I don’t think that the abc.exe you have is malicious, it looks like it’s the
bit-torrent client ABC ( Another Bittorent Client ) ? If you have abc installed
then it’s not a malicious process …

EDIT : I just ran a log-analysis of the log you attached HERE : .
It doesn’t seem that you have any real nasty things on your system.
You should look at your browsers cookie-settings and set it to block third-party cookies
and prompt for all other cookies.
It’s a bit annoying with all the prompting in the start but you will quickly build
a “whitelist” of your most visited and trusted sites.
also, uninstall the AV-programs ( not the anti-spyware, it’s okay to have several of those)
and choose only one to re-install .

abc.exe is either the bittorrent client or cloner trojan.

I agree that running multiple real-time AV’s (Avast, Norton and Sophos Anti-Virus?) is not a great idea. The rest don’t look suspicous to me.

(:AGY) Grmpf! Blocked cookies from possible bad sites, uninstalled useless Anti-Vir programs, made another complete scan and fixed everything possible vià Advanced Windows care! I’m running abc, so I guess, abc.exe is the wrong chosen target. Could a p2p-guard be the answer to my :THNK long nights fighting to get this sucka’s foot outta my door?



I got 'em!! Got 'em awl!!! Followed Rottie’s death-list of freedom and installed AVG Anti-Spyware! This program can be set to terminate any tracking cookies automatically!!! Heaven bless this sacred solution! Ok, thx for your replies! Was emotional! If you don’t hear from me the next few days, you can seal this thing!

Thx a lot! (:AGL)


P.S.: With AVG running, do I need avast!? (:NRD)

Is your AVG also the anti-virus or just the anti-spyware? As stated above, running more than 1 real-time anti-virus is a bad idea.

(BTW, I never have problems with cookies because I set Opera to never accept any except for login sites)


Arglbargl! Back to start! AVG’s resident schield stops working after 30 days! Are there any free programs, that will work as good as AVG? Please…? Hello…? Anybody…? No…?!?..?..?!..?!?

If you’re looking for free real-time anti-spyware that’s decent then Spyware Terminator is the only one I know of.

Let’s not forget about our own CAVS :slight_smile:

Oh, alrighty then! Gonna test it in thirty days, 'cause I’m enjoying the tracking-cookie-free-time, you know? Hey, but thx a lot, dude!


Soyabeaner, how do i change those setups? Couldn’t find them. Do I have to write them all into the exception box, or is there another option to do as you said? (:NRD)
AVG is only Anti-Spyware.

First of all, what browser are you using? Each should have their own settings to disable or block cookies. I only manually save and accept cookies for sites that require logins, like this forum ;D.

In Opera, press CTRL and F12 to access the Prefences > Advances > Cookies > Never accept cookies. You can also manage cookies by specifying websites in your allowed list.

Got Mozilla. Can either allow or block cookies and I’m able to make exceptions vià typing. Don’t know if this would help. I’m running abc and somehow I begin to ponder over this fellow, being my weak spot…! Are there any p2p-protections?

I’m sure there many other users who can guide you on Firefox extensions and settings (:WIN).

So now you think ABC is causing these tracking cookies? Hmm…the only P2P protection I know are IP blockers (PeerGuardian, etc.), so it won’t help you block cookies. I did a bit of googling to find out that abc is browser-integrated (like most current bittorrent clients are). Maybe it’s related to this.

(I use uTorrent 1.6 so it doesn’t have all that lovely stuff above :D.)

Ta da! Guess what: Tracking Cookie “Data Miner” keeps on coming! Yes, I know! I’m repeating myself. Although AVG’s resident schield keeps out 1426 Malware entries up ‘till now, AWC still finds the exact same tracking cookie again! How does this son o’ ■■■■ keeps slipping through my defense system, when all the other 34 suckas were whipped outta the system! Even burned the trojan!


So here’s another genuine opportunity to spread your wisdom!
As you wish.
Mean, if you like, y’know…
Sort of…


Yours truly

Have you already asked AWC if they can provide clues as to why?

Could you please tell us what sophos detected “MadHookCode.dll” as? I want to exclude this as possibly still active.

That tracking cookie seems to lead to a russain email/news site ( similar to yahoo and google in function. Do you visit that site at all? If you do, this site will reset that cookie each time you visit it and spybot will pick it up again…

If you do not want the cookie set at all, in firefox go to Tools , Options, Privacy,

You should now see a cookies section, then go to the “Exceptions” button and click it. Then enter the site that you want to block into the text box (Try putting “w w” in the box) and press “Block”.

That should do it.

Out of interest i ran into these (DO NOT OPEN THESE IN A PRODUCTION ENVIRONMENT):

They are open source perl that MIGHT have something to do with this case.

‘k guys! Listen up! Forgot to tell you some’:

Few weeks ago I got…ahm…well, I guess “hijacked” is the right term!
Best friend of mine had been allowed to work on my CPU vià VNC. One night, between 02:00 and 03:00 h in the morning (GMT+1) my mouse was moving and I thought, this would have been my friend, installing some new software, I needed, ‘cause I had to buy a new CPU a few days before. It seemed to me, that he was even explaining me some of the stuff he was doing! Three days after, I restarted my system and - suddenly there happened to be a password being created by some “”! Started again in safe mode, made a system restore. The next night, at about 02:30 h, my mouse was being moved again. I asked my friend vià ICQ, if he was the one on my desktop and got something like “n…:=) m a friend…” back! I immediately started fighting to turn my system off, won and was kinda shocked! Felt a little bit ■■■■■ or some’! Blocked the VNC from then!
Checked my privacy options in Mozilla few days ago: Cookies existence had been changed to “…'till they expire” and not a single one was blocked! Anyway, is it possible, that this ■■■■ installed something pretty nasty, while being in my system? Data miner hasn’t been found by AWC for the last two days…yes it has! Did a check right now, and there it is again! Bloody bastard! Can’t believe it! AVG’s resident shield has been turned off, even though I still have 27 days left of the trial version! What the…?!?

“MadHookCode.dll”…hmmm…where did you get that? Was target of my first termination-trials in union with “sychost” “dllhost”, “rundll32”, “symantec” and “LucomServer 3 0” which turned out to be some non-harming programs - if I believe what the papers say. Should I believe those…? Don’t know rambler - don’t wanna know! Should I know? Guess not…!

s Y chost or s V chost?

svchost (with a V) is ok, but sychost (with a Y) is not and it an indicator that you are infected with the Leox.B Worm.

Google “leox.b” and you’ll find a number of references to it along with removal instructions.

Hope this helps,
Ewen :slight_smile: