Copy link to clipboard
Copied
Hello, I scanned my computer, and Spybot has detected spyware Anchor.HSS every time I used it. It belongs to: PUPSC - it stands for potentionally unwanted program.
By searching for .hss on google, I found out .hss belongs to Adobe.
I use other programs to detect malware/virus/spyware/adaware as well. Programs are Spybot SD2, Malwarebytes, Advanced SystemCare 6, IOBit MalwareFighter, AVG, Super AntiSpyware. Only Spybot SD (1 - the old one) has detected the same problem again and again.
Every time I decide to scan my computer, I go to safe mod, since it is able to catch more unwanted stuff in my PC. Only spyware I have ever had problem removing was this one.
I looked at malware removal guide - Anchor.Hss thread here:
http://forums.spybot.info/showthread...for-Anchor-Hss but none of what was mentioned there I found anywhere on my PC. I checked regedit, I checked appdata,etc.
Not sure where can I located sysdir though, is it basically system32 folder? I checked that one, nothing there either.
Spyware still keeps coming back :/.
Any suggestions please? Is Anchor.Hss harmless or harmful? Does it actually belong to you?
I have noticed Adobe Acrobat among addons in Firefox, I think it asked me for update few days ago, I declined it, and I can still see it asking for update among Firefox Addons.
Thanks.
Copy link to clipboard
Copied
in what directory is Anchor.Hss?
Copy link to clipboard
Copied
Kglad: I have no idea which directory, but it is in my pc for sure and keeps reappearing after each restart. Or at least used to. Hm, it has not showed up during last few restarts and spybot scans. Not sure what happened. I haven't done anything different. I've had this problem for last couple of days though.
Either Adobe fixed it (if it belongs to them) and made it not show up, or spyware (if it does not belong to adobe) received some kind of update so it would not be detectable by spybot.
Copy link to clipboard
Copied
didn't spybot indicate its directory?
Copy link to clipboard
Copied
It appeared again today :/.
Oh, actually it does give me more information, there is shorter log and longer log.
This is the shorter log:
Anchor.Hss: [SBI $5B773E15] Používateľské nastavenia (Kľúč v registri, nothing done)
HKEY_USERS\S-1-5-21-3878205609-505246965-1532686573-1001\Software\Conduit
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2013-01-12 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2013-04-11 Includes\Adware.sbi (*)
2013-06-19 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2013-04-11 Includes\DialerC.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2013-04-11 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2013-04-11 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-06-19 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-06-19 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2013-04-11 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-06-19 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2013-01-16 Includes\Trojans.sbi (*)
2013-05-13 Includes\TrojansC-02.sbi (*)
2013-06-19 Includes\TrojansC-03.sbi (*)
2013-05-16 Includes\TrojansC-04.sbi (*)
2013-06-13 Includes\TrojansC-05.sbi (*)
2013-04-19 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
and the longer log:
--- Search result list ---
Anchor.Hss: [SBI $5B773E15] Používateľské nastavenia (Kľúč v registri, nothing done)
HKEY_USERS\S-1-5-21-3878205609-505246965-1532686573-1001\Software\Conduit
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2013-01-12 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2013-04-11 Includes\Adware.sbi (*)
2013-06-19 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2013-04-11 Includes\DialerC.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2013-04-11 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2013-04-11 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-06-19 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-06-19 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2013-04-11 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-06-19 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2013-01-16 Includes\Trojans.sbi (*)
2013-05-13 Includes\TrojansC-02.sbi (*)
2013-06-19 Includes\TrojansC-03.sbi (*)
2013-05-16 Includes\TrojansC-04.sbi (*)
2013-06-13 Includes\TrojansC-05.sbi (*)
2013-04-19 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)
--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 948672
MD5: 73BB442A717B9BB0097C243374C14A3E
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35760
MD5: 466CE40EAA865752F4930A472563E4E1
Located: HK_LM:Run, AVG_UI
command: "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
file: C:\Program Files (x86)\AVG\AVG2013\avgui.exe
size: 4408368
MD5: 3D24A66867ECE2A70223A83A1B18248D
<hundreds of lines unreleated to Anchor.Hss removed by mod>
Copy link to clipboard
Copied
that's a registry entry.
it's not in my windows 7 registry so it's not needed for flash cs 6, flash cc or the flash player.
Copy link to clipboard
Copied
Also, can you please confirm whether you have installed Photoshop and/or Dreamweaver on your system ??
Rgds,
Mukesh
Copy link to clipboard
Copied
mukeshrshah: No, not at all . I do have adobe reader 9 installed, and then addon on mozilla: Adobe Acrobat 9.3.0.148, and that's it. Nothing else from adobe.