7 Replies Latest reply: Jun 24, 2013 8:16 AM by kglad RSS

    Anchor.Hss - spyware?

    farnhold

      Hello, I scanned my computer, and  Spybot has detected spyware Anchor.HSS every time I used it. It belongs   to: PUPSC - it stands for potentionally unwanted program.

      By searching for .hss on google, I found out .hss belongs to Adobe.

      I  use other programs to detect malware/virus/spyware/adaware as well.  Programs are Spybot SD2, Malwarebytes, Advanced SystemCare 6, IOBit  MalwareFighter, AVG, Super AntiSpyware. Only Spybot SD (1 - the old one)  has detected the same problem again and again.

      Every time I  decide to scan my computer, I go to safe mod, since it is able to catch  more unwanted stuff in my PC. Only spyware I have ever had problem  removing was this one.

       

      I looked at malware removal guide - Anchor.Hss thread here:

      http://forums.spybot.info/showthread...for-Anchor-Hss but none of what  was mentioned there I found anywhere on my PC. I checked regedit, I  checked appdata,etc.

      Not sure where can I located sysdir though, is it basically system32 folder? I checked that one, nothing there either.

      Spyware still keeps coming back :/.

      Any suggestions please? Is Anchor.Hss harmless or harmful? Does it actually belong to you?

      I   have noticed Adobe Acrobat among addons in Firefox, I think it asked me  for update few days ago, I declined it, and I can still see it asking  for update among Firefox Addons.

      Thanks.                


        • 1. Re: Anchor.Hss - spyware?
          kglad CommunityMVP

          in what directory is Anchor.Hss?

          • 2. Re: Anchor.Hss - spyware?
            Mukesh R Shah Employee Hosts

            Also, can you please confirm whether you have installed Photoshop and/or Dreamweaver on your system ??

             

            Rgds,

            Mukesh

            • 3. Re: Anchor.Hss - spyware?
              farnhold Community Member

              Kglad: I have no idea which directory, but it is in my pc for sure and keeps reappearing after each restart. Or at least used to.  Hm, it has not showed up during last few restarts and spybot scans. Not sure what happened. I haven't done anything different. I've had this problem for last couple of days though.

              Either Adobe fixed it (if it belongs to them) and made it not show up, or spyware (if it does not belong to adobe) received some kind of update so it would not be detectable by spybot.

              • 4. Re: Anchor.Hss - spyware?
                farnhold Community Member

                mukeshrshah: No, not at all . I do have adobe reader 9 installed, and then addon on mozilla: Adobe Acrobat 9.3.0.148, and that's it. Nothing else from adobe.

                • 5. Re: Anchor.Hss - spyware?
                  kglad CommunityMVP

                  didn't spybot indicate its directory?

                  • 6. Re: Anchor.Hss - spyware?
                    farnhold Community Member

                    It appeared again today :/.

                    Oh, actually it does give me more information, there is shorter log and longer log.

                     

                    This is the shorter log:

                    Anchor.Hss: [SBI $5B773E15] Používateľské nastavenia (Kľúč v registri, nothing done)

                      HKEY_USERS\S-1-5-21-3878205609-505246965-1532686573-1001\Software\Conduit

                     

                     

                    --- Spybot - Search & Destroy version: 1.6.2  (build: 20090126) ---

                     

                    2009-01-26 blindman.exe (1.0.0.8)

                    2009-01-26 SDFiles.exe (1.6.1.7)

                    2009-01-26 SDMain.exe (1.0.0.6)

                    2009-01-26 SDShred.exe (1.0.2.5)

                    2009-01-26 SDUpdate.exe (1.6.0.12)

                    2009-01-26 SDWinSec.exe (1.0.0.12)

                    2009-01-26 SpybotSD.exe (1.6.2.46)

                    2009-03-05 TeaTimer.exe (1.6.6.32)

                    2013-01-12 unins000.exe (51.49.0.0)

                    2009-01-26 Update.exe (1.6.0.7)

                    2009-11-04 advcheck.dll (1.6.5.20)

                    2007-04-02 aports.dll (2.1.0.0)

                    2008-06-14 DelZip179.dll (1.79.11.1)

                    2009-01-26 SDHelper.dll (1.6.2.14)

                    2008-06-19 sqlite3.dll

                    2009-01-26 Tools.dll (2.1.6.10)

                    2009-01-16 UninsSrv.dll (1.0.0.0)

                    2013-04-11 Includes\Adware.sbi (*)

                    2013-06-19 Includes\AdwareC.sbi (*)

                    2010-08-13 Includes\Cookies.sbi (*)

                    2012-11-14 Includes\Dialer.sbi (*)

                    2013-04-11 Includes\DialerC.sbi (*)

                    2013-04-11 Includes\HeavyDuty.sbi (*)

                    2012-11-14 Includes\Hijackers.sbi (*)

                    2013-04-11 Includes\HijackersC.sbi (*)

                    2012-11-14 Includes\iPhone.sbi (*)

                    2012-11-14 Includes\Keyloggers.sbi (*)

                    2013-04-11 Includes\KeyloggersC.sbi (*)

                    2004-11-29 Includes\LSP.sbi (*)

                    2013-05-29 Includes\Malware.sbi (*)

                    2013-06-19 Includes\MalwareC.sbi (*)

                    2012-11-14 Includes\PUPS.sbi (*)

                    2013-06-19 Includes\PUPSC.sbi (*)

                    2010-01-25 Includes\Revision.sbi (*)

                    2012-11-14 Includes\Security.sbi (*)

                    2013-04-11 Includes\SecurityC.sbi (*)

                    2008-06-03 Includes\Spybots.sbi (*)

                    2008-06-03 Includes\SpybotsC.sbi (*)

                    2013-05-22 Includes\Spyware.sbi (*)

                    2013-06-19 Includes\SpywareC.sbi (*)

                    2012-11-19 Includes\Tracks.uti

                    2013-01-16 Includes\Trojans.sbi (*)

                    2013-05-13 Includes\TrojansC-02.sbi (*)

                    2013-06-19 Includes\TrojansC-03.sbi (*)

                    2013-05-16 Includes\TrojansC-04.sbi (*)

                    2013-06-13 Includes\TrojansC-05.sbi (*)

                    2013-04-19 Includes\TrojansC.sbi (*)

                    2008-03-04 Plugins\Chai.dll

                    2008-03-05 Plugins\Fennel.dll

                    2008-02-26 Plugins\Mate.dll

                    2007-12-24 Plugins\TCPIPAddress.dll

                     

                     

                     

                    and the longer log:

                    --- Search result list ---

                    Anchor.Hss: [SBI $5B773E15] Používateľské nastavenia (Kľúč v registri, nothing done)

                      HKEY_USERS\S-1-5-21-3878205609-505246965-1532686573-1001\Software\Conduit

                     

                     

                    --- Spybot - Search & Destroy version: 1.6.2  (build: 20090126) ---

                     

                    2009-01-26 blindman.exe (1.0.0.8)

                    2009-01-26 SDFiles.exe (1.6.1.7)

                    2009-01-26 SDMain.exe (1.0.0.6)

                    2009-01-26 SDShred.exe (1.0.2.5)

                    2009-01-26 SDUpdate.exe (1.6.0.12)

                    2009-01-26 SDWinSec.exe (1.0.0.12)

                    2009-01-26 SpybotSD.exe (1.6.2.46)

                    2009-03-05 TeaTimer.exe (1.6.6.32)

                    2013-01-12 unins000.exe (51.49.0.0)

                    2009-01-26 Update.exe (1.6.0.7)

                    2009-11-04 advcheck.dll (1.6.5.20)

                    2007-04-02 aports.dll (2.1.0.0)

                    2008-06-14 DelZip179.dll (1.79.11.1)

                    2009-01-26 SDHelper.dll (1.6.2.14)

                    2008-06-19 sqlite3.dll

                    2009-01-26 Tools.dll (2.1.6.10)

                    2009-01-16 UninsSrv.dll (1.0.0.0)

                    2013-04-11 Includes\Adware.sbi (*)

                    2013-06-19 Includes\AdwareC.sbi (*)

                    2010-08-13 Includes\Cookies.sbi (*)

                    2012-11-14 Includes\Dialer.sbi (*)

                    2013-04-11 Includes\DialerC.sbi (*)

                    2013-04-11 Includes\HeavyDuty.sbi (*)

                    2012-11-14 Includes\Hijackers.sbi (*)

                    2013-04-11 Includes\HijackersC.sbi (*)

                    2012-11-14 Includes\iPhone.sbi (*)

                    2012-11-14 Includes\Keyloggers.sbi (*)

                    2013-04-11 Includes\KeyloggersC.sbi (*)

                    2004-11-29 Includes\LSP.sbi (*)

                    2013-05-29 Includes\Malware.sbi (*)

                    2013-06-19 Includes\MalwareC.sbi (*)

                    2012-11-14 Includes\PUPS.sbi (*)

                    2013-06-19 Includes\PUPSC.sbi (*)

                    2010-01-25 Includes\Revision.sbi (*)

                    2012-11-14 Includes\Security.sbi (*)

                    2013-04-11 Includes\SecurityC.sbi (*)

                    2008-06-03 Includes\Spybots.sbi (*)

                    2008-06-03 Includes\SpybotsC.sbi (*)

                    2013-05-22 Includes\Spyware.sbi (*)

                    2013-06-19 Includes\SpywareC.sbi (*)

                    2012-11-19 Includes\Tracks.uti

                    2013-01-16 Includes\Trojans.sbi (*)

                    2013-05-13 Includes\TrojansC-02.sbi (*)

                    2013-06-19 Includes\TrojansC-03.sbi (*)

                    2013-05-16 Includes\TrojansC-04.sbi (*)

                    2013-06-13 Includes\TrojansC-05.sbi (*)

                    2013-04-19 Includes\TrojansC.sbi (*)

                    2008-03-04 Plugins\Chai.dll

                    2008-03-05 Plugins\Fennel.dll

                    2008-02-26 Plugins\Mate.dll

                    2007-12-24 Plugins\TCPIPAddress.dll

                     

                     

                     

                    --- System information ---

                    Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)

                     

                     

                    --- Startup entries list ---

                    Located: HK_LM:Run,

                    command:

                       file:

                       size: 0

                        MD5: D41D8CD98F00B204E9800998ECF8427E

                             Warning: if the file is actually larger than 0 bytes,

                             the checksum could not be properly calculated!

                     

                    Located: HK_LM:Run, Adobe ARM

                    command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

                       file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

                       size: 948672

                        MD5: 73BB442A717B9BB0097C243374C14A3E

                     

                    Located: HK_LM:Run, Adobe Reader Speed Launcher

                    command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

                       file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe

                       size: 35760

                        MD5: 466CE40EAA865752F4930A472563E4E1

                     

                    Located: HK_LM:Run, AVG_UI

                    command: "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

                       file: C:\Program Files (x86)\AVG\AVG2013\avgui.exe

                       size: 4408368

                        MD5: 3D24A66867ECE2A70223A83A1B18248D

                     

                    <hundreds of lines unreleated to Anchor.Hss removed by mod>

                    • 7. Re: Anchor.Hss - spyware?
                      kglad CommunityMVP

                      that's a registry entry.

                       

                      it's not in my windows 7 registry so it's not needed for flash cs 6, flash cc or the flash player.