Pulling hair out time

Spybot and adaware report the presence of syswebtelecom "dialer - malware" on my pc.
Avast virus checker ignores it, pest patrol ignores it, trojan hunter ignores it.

should I ignore it?

however spybot reports:

SYSWEB TELECOM: Code storage database (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{EFB22865-F3BC-4309-ADFA-C8E078A7F762}

If I try to remove the reg key it gets replaced at startup.

I cannoy see anything that could do this.. Knowledge limit nearly reached!

Has anyone else had and got rid of this problem>


Brin

Try here

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=DIAL_SYSWEBTEL.A

and

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=DIAL_SYSWEBTEL.A&VSect=T

I've looked at both the suggested links and cannot see any of the registry keys that are listed. However both adaware and spybot announce that they have found Syswebtelecom and give the same registry key. If I remove the key then it gets replaced at start up. It looks as though I am going to have to resort to msconfig to see if anything in Startup is doing this.

The key also gets reported when I use Hijackthis so I guess that there is definitely something to worry about ( in the loosest sense!).

you are on broadband and not dial up arent you :disturbd:

Yes - I am on broadband and I suppose what you are hinting at is that it is a dialler and therfore I should not worry. But its the principle, some b*gger has put something on this machine that shouldn't be there ---- plus a good opportunity to learn a bit more about XP

Yes - I am on broadband and I suppose what you are hinting at is that it is a dialler and therfore I should not worry. But its the principle, some b*gger has put something on this machine that shouldn't be there ---- plus a good opportunity to learn a bit more about XP


nope you are right to worry , i was hoping you werent on dial up and thankfully i have been proved right , it annoys me as well that some little toe rag scroat can infect ppl's pc's with stuff like this as well ;)

you might like to try
http://www.bulletproofsoft.com/spyware-remover.html

Right --- I think that I have found the problem by using MSconfig to selectively enable progs. There is an extra that comes with Spybot called Teatimer. With this enabled both spybot and Adaware report:

Comload: Code storage database (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{AD7FAFB0-16D6-40C3-AF27-585D6E6453FD}

SYSWEB TELECOM: Code storage database (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{EFB22865-F3BC-4309-ADFA-C8E078A7F762}

FunWebProducts: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}



With Teatimer disabled these registry values are NOT getting set.

Bearing in mind that the above registry values could be totally harmless it is
strange that Spybot appears to be setting registry values that are reported as malware by adaware & spybot. Is this coincidence, does spybot come with a payload ( worrying as so many people use it ) or has something attached itself to spybot? Maybe the pattern files are common between the two programmes

I shall contact kolla and see what they have to say. In the mean time I have removed spybot from my machine just in case.

Thanks everyone for your comments

ad aware (and also spybot iirc) quarantine items, so it may be that they are reading each others quarantines and finding these as spyware/malware.

I believe there is a warning regarding this conflict that appears if you install spybot S&D when you already have ad-aware on your system.

And just to add to what has been said... in order to prevent spyware from getting onto the pc in the first place, try installing spyware blaster

www.javacoolsoftware.com/spywareblaster/

MB