TechSpot

Is this clean?

By MetalX
Mar 29, 2007
  1. I just wanted to know if my hijackthis log is clean. There are a few processes in the task manager that I've never seen before and I just want to be sure that they're not spyware.
     
  2. jobeard

    jobeard TS Ambassador Posts: 9,321   +618

    I would be concerned with
    Code:
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    
    [COLOR="Red"]and the TON of duplicates:[/COLOR]
    
    O9 - Extra button: (no name) - {7B6826A5-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
    O9 - Extra 'Tools' menuitem: Secure Notes... - {7B6826A5-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
    O9 - Extra button: (no name) - {7B6826AA-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
    O9 - Extra 'Tools' menuitem: Web Logins... - {7B6826AA-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
    O9 - Extra button: (no name) - {7B6826B4-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
    O9 - Extra 'Tools' menuitem: Options... - {7B6826B4-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
    O9 - Extra button: (no name) - {7B6826B7-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
    O9 - Extra 'Tools' menuitem: Generate Password... - {7B6826B7-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
    O9 - Extra button: Save Form... - {7B6826B9-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
    O9 - Extra 'Tools' menuitem: Save Form... - {7B6826B9-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
    O9 - Extra button: Fill Form... - {7B6826BE-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
    O9 - Extra 'Tools' menuitem: Fill Form... - {7B6826BE-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
    O9 - Extra button: (no name) - {7B6826C1-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
    O9 - Extra 'Tools' menuitem: Logoff - {7B6826C1-18C2-11DA-8001-000D88227F64} - C:\Program Files\SDI\Password Magic\sdipwm.dll
    
    all of which have the same CLSID and Path, changing only in the title-string???
    
     
  3. MetalX

    MetalX TechSpot Chancellor Topic Starter Posts: 1,388

    Ok... and what does that mean? I'm a noob at HJT logs ;)
     
  4. jobeard

    jobeard TS Ambassador Posts: 9,321   +618

    First, SDI is a freebe, so you've not lost $$$ if you dump it.

    Second, McAffee SiteAdvisor marks most of the sites hosting this shareware
    with a red X meaning there have been problems reported
    with the site or the download.

    try this search on google
    and decide for yourself.

    IMO, I would use HJT to delete ALL 09 items shown and find another means
    to manage passwords.

    I can not find any references for the 02 entry and that CLSID-- CAVEAT EMPTOR!
     
  5. MetalX

    MetalX TechSpot Chancellor Topic Starter Posts: 1,388

    Oh.... that/those password manager(s) don't have any passwords stored in them.
     
  6. jobeard

    jobeard TS Ambassador Posts: 9,321   +618

    then you should ................
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I`m with jobeard on this.

    The C:\Program Files\SDI\Password Magic\sdipwm.dll looks suspicious, unless you know exactly what it is.

    Let`s get it checked out over at Jotti`s.

    Please visit this link http://virusscan.jotti.org/
    * Click the Browse... button
    * Navigate to the following file C:\Program Files\SDI\Password Magic\sdipwm.dll
    * Click Open
    * Please let me know the results.

    You`re also running an outdated version of HijackThis. Go HERE and follow the instructions.

    Post a fresh HJT log and let us know the results of the Jotti scan.

    Regards Howard :)

    This thread is for the use of MetalX only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. MetalX

    MetalX TechSpot Chancellor Topic Starter Posts: 1,388

    I do know exactly what that is. I thought it was a program to change the asterisks shown in password boxes to actual text so I could retrieve the password of one of my really old e-mail accounts.

    Turned out that that's not what it does, but I don't use the program and I guess I'll uninstall it.
     
  9. bumr055

    bumr055 TS Rookie

    did you find something to get the password.... all the programs I've seen don't work for msn messenger... come to think of it, i don't think i got any to work on anything.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...