Tracking Cookie "Data Miner" keeps on coming!

Sorry, it was “s V chost”! Got it six times in the task manager.
My avast! schield has also been turned off and something like a “VPS file” has been destroyed!? “AAVM sub-system detected a RPC-error” Fixed it and restarted system! Will see, if that was it! What kind of weird poltergeist inhabits my computer…?!

Maybe you can use spycatcher, a free program and not bad either

hope this will work

Yay! Back in the net! Phew, this time it got me kinda hard:

Installed SpyDoctorr by mistake. It couldn’t remove the found malware, anyway! Then I installed SpyCatcher, which found and killed all 22 suckas! Afterwards mozilla refused to load up pages! It either quickly loaded the pages but nothing was on screen, or loaded about half of the site until the connection timed out. PC-Jumper, a friend of mine, came to me, tried different types of configuration with a variety of anti-vir/spy-programs and firewalls (especially with my favored comodo-firewall) and this is his recommended final set:

Anti-Vir: BitDefender
Firewall: Sygate

He said, the comodo-firewall wasn’t a real-time one; too slow. Spybot is recommended even as a resident shield. Well let’s see, if this will work out!
Stand by!.. :THNK

I will go into what he did wrong and what advice was incorrect because i would like you to ignore any further advice PLEASE.

I was originally not going to post what your friend did wrong but I will just so you know:

  1. He/She recommended a firewall (Sygate) that is no longer supported and has at least one vulnerability that i can think of. (Bad idea)

  2. Bitdefender is paid for software, unless you are using the free non-real time version or a trial version then you are using illegal software

  3. Installing allot of different software without making sure each one is 100% gone is not the best idea, in fact installing and un-installing allot of software slowly makes a computer unstable (That this from someone that used to do it).

  4. I don’t know what your friend is smoking, but a firewall by definition is real-time, i am not aware of a firewall that isn’t!!!, the only way to not have a firewall that is not real-time is to close all ports within windows XP through DOS (And thus breaking allot of functionality).

  5. Without researching everything found in each program, and then removing it with a general scanner can lead to problems, this is why you need professional people to advice you on what to do next. This can, depending on infection make a massive difference.

  6. Comodo Firewall being slow is not true, well not compared to the competition. if Comodo is slow then you either have very little RAM or a conflict with something.

Lets try and solve your problem:

Un-install sygate, and at LEAST have Windows SP2 firewall (Or a packet filtering router or both) on and at BEST install Comodo Firewall.

If this is the same friend that set-up the remote-assistance, then i would be cautious to say the least.

Please post what spycatcher and spydoctor found.

Hey, sorry Rotty! Don’t wanna be inconvienient to you!!!

Learned, that my tracking cookie is actually not something to worry about; so is the spyware, being imported through this “Data Miner”. It doesn’t have an effect on my CPU-data, am I right so far?
Used RegCleaner to get rid of any bits of formerly uninstalled software. That’s not enough…?
I know what my friend’s smoking - and it’s quite good (spicey, with a sweet finish!)! He tried to keep the Comodo-Frewall at all costs, but it hadn’t been working! No, he’s not the same guy, installed the VNC to solve problems on my CPU vià the remote function. He sells BitDefender as a part of his job.
Can’t remember, what SpyDoctor found; wasn’t much! SpyCatcher found my “Usual Suspects” (doubleclick, tradedoubler, ad-this, ad-that, etc.) of malware and two trojans (SpeedBot or similiar).
I miss my Spybot, telling me about registry-entries! Sygate is frequently asking me, whether to allow inet-connections or not! But now it seems, that my Spybot is sulking, 'cause he doesn’t tell me anything! Does it collidate with either the firewall or the anti-vir-programm?

Appreciate your good will! Thx a lot!!!

(:CLP) (L) (:LOV)



My (almost) worst fears, that I was preaching my friend on and on, before I finally hit the web, seem to become reality: getting infections of various proportions through the internet! Another “Tressco-Special”! Figures!

It’s not about being inconvenient to me, it’s about solving your problem as quickly as possible with a methodical and calculated approach. Installing/Uninstalling a heap of software (Other then diagnostics) is not calculated nor methodical.

You cannot get a virus through a cookie, that is not the issue you. The issue in my mind is that something is setting that cookie and since you do not visit that web site. And that someone was accessing your PC which could not have been your friend (Maybe verifying this if possible). What were the two trojans, this would help allot (-: , one rules of thumb is to write down everything that happens and don’t rush.

With Spybot some people think the tea-timer component (The bit you are talking about) makes their system unstable, i have not had that experiance and if you have not had that problem then I suggest using it.

Bitdefender is good, don’t get me wrong. But buying many different software(s) to kill a problem could be a very costly because you do not know if it will work. If anything you get the trial of a program that says it kills what you have, if it does then i would suggest buying the product.


And run the three online antivirus scanners, kaspersky will not remove anything but we don’t need it to. Once you have run these scans then post here what they find in full detail.


And copy and paste into this forum what it finds, this is to detect stealth software (Rootkits). This is to cover all basis.

I’m sure, I got doubleclick activated, but spybot can’t find a thing! Strange!
Anyhow, here we go:

BitDefender and Symantec couldn’t find anything!
Housecall has found two cookies and several security risks, too many to be listed manually! Would have copied it, but that was impossible! Here are some of them:

Gray- / Spyware:

(probably VNC, right?)



Security Risks:

Cumulative Security Update for Internet Explorer (834707)
Vulnerability in WordPad (885836)/Hyperterminal (873339)/ /HTML (885836)/ Could Allow Code Execution
Vulnerability in Windows Could Allow information Disclosure (888302)
Windows Kernel and LSASS Could Allow Elevation of Privilege (885835)

Etc, etc….

RootkitRevealer[/i] has found eight discrepancies:

HKLM\SECURITY\Policy\Secrets\SAC* 08.01.2007 22:09 0 bytes Key name contains embedded nulls ()
08.01.2007 22:09 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s0 08.01.2007 23:14 4 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s1 08.01.2007 23:14 4 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s2 08.01.2007 23:14 4 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\g0 08.01.2007 23:14 32 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\h0 08.01.2007 23:14 4 bytes Hidden from Windows API.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 08.01.2007 23:34 0 bytes Hidden from Windows API.

Here’s the report from Spyware Doctor:

[attachment deleted by admin]

If possible could you see where that Rap_Generic detection is being found (I have forgotten whether the scan allows you too see that).

You rootkit scan is clear.

The only other problem is the remote access, if this was not your friend and they had root access then they could have done anything and hidden their tracks.

I would not worry too much about the cookie, please get all availible patches for windows and apply them.

Nope! The program hasn’t told me the exact position of rap_generic, sorry!
It IS my friend, who has installed the VNC. So I’m pretty sure 'bout that!
Hmm…Guess, without any paid real-time shields I won’t be able to keep myself free from any minor cookie-problems in the future. Am I right?

Well, if you use firefox you can set it to block all cookies and allow a few sites to set them or allow all and block selected sites…

Which internet explorer i am not sure if you have the same extent of freedom with which sites can set cookies and which can’t.

That’s what I’ve been trying to tell Tressco since the beginning, but somewhere along the way this thread kept trailing off into different anti-whatever programs. :stuck_out_tongue:

If someone was messing with the computer through VPN and he does not know for sure whether that was his friend or not, did not sound good.

To be honest, i would never let anyone mess with my computer through something that i cannot 100% monitor what they are doing.

The person that set the VPN up may have not set it up securely (Possible, not necessarily the case).

If it were me and a friend sends back “n…:=) m a friend…” after me letting them access my PC remotely and weird behavior ensueing. I would nuke the machine immediately, re-write the router’s firmware with a clean legitimate copy.

I would not let anyone mess with my pc, even if I monitored him. (:TNG)

Tressco if I were you, I would:

  1. scan with various AVs the boot sectors of the hard disks.
  2. format C:\ and installed a fresh, clean windows
  3. would never allowed again anyone and I mean anyone to have controll over my pc; especially from distance!

p.s. when I help my friends I let them do the necessary tasks and the only thing I do is guide them. This way they will remember those things and probably the next time they will be able to resolve a similar problem by themselves. ;D

If i were going to allow remote access it would have to be an organization or person that i am willing to sue if they put a virus or steal my bank account(s). (And i take appropriate measures to retain evidence). Overall that would be too much trouble so the idea is to not let it happen at all (-:.

Cookie options was one of the first steps I made in order to get rid of this sucka. Even blocked similar sites. Strange…!

It means either the core of the spyware or its remnants hasn’t been completely eradicated.

I have SuperAntiSpyware free, which is among one of the most popular ones around. It has a slow scanning engine, but compensates for thoroughness.

Have you cleared your browser cache? Deleted any suspicious files in the Prefetch directory? Deleted other temporary files? Tried something like CCleaner?


Think something finally worked: The KAV engine scanner recommended on this site found four viruses and corrected 14 errors! Now, let’s see how things will develop over the next few days…

Been there, done that, except the thing with the Prefetch Directory. What’s that? Is CCleaner something like RegCleaner?

Stand by…


(Just restarted my CPU and the automatic scan, which enabled itself at start, has found some of the same problems in the registry. Redeleted them vià Spybot - again! Could it be, that something hooks up with my system every time, I turn on my CPU?)

Please tell us what the viruses were called.

CCleaner deletes temporary files.

Program didn’t tell the name of the viruses. Spy-/Adware have been found:

gain.gator Spyware/Adware (x2)
look2me Adware
grokster Spyware/Adware

The reoccurring “problems” have turned out to be changes in the registry referring to start browser, search page and stuff. Changed all of them from Microsoft to Google.

Did a scan with Advanced WindowsCare again and…Cookie.administrator [ at ] still finds its way to my system.

SpySweeper finds something called eqiso toolbar. Ever heard of it?