Tech Off Post

Single Post Permalink

View Thread: IE8 picked up spyware (too quickly)
  • User profile image
    akopacsi

    I installed IE8 on a Windows XP SP3 computer (new and clean install, fully patched system, running Windows Defender, NOD32 antivirus and windows malicious software removal tool). I used it for about 2 days (with a limited account) and then I ran a SpywareDoctor* scan.

    It found a spyware called Spyware.BaiDu!
    No warez, porn, file-sharing site was visited and I haven't installed any toolbars or adds-ons.

    Any ideas how to avoid such infections?

    It'd be interesting to see a test in which somebody visits specifically dangerous sites with IE8 and see how many malware is picked up.
    ( I won't do it for you... Smiley

    I copy here the log file of SpywareDoctor.
    Notice that it seems that the spyware modified registry. Again: it was used under a limited account. :-/

    ( *SpywareDoctor is a software which is included in Google Pack - a collection of essential softwares distributed by Google. )

    2009.03.22. 21:34:30:390
    Infection was detected on this computer
    Threat Name - Spyware.BaiDu
    Type - Registry Value
    Risk Level - Medium
    Infection - HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}, BlockType

    2009.03.22. 21:34:30:390
    Infection was detected on this computer
    Threat Name - Spyware.BaiDu
    Type - Registry Value
    Risk Level - Medium
    Infection - HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}, CompatibilityFlags

    2009.03.22. 21:34:30:390
    Infection was detected on this computer
    Threat Name - Spyware.BaiDu
    Type - Registry Value
    Risk Level - Medium
    Infection - HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}, DllName

    2009.03.22. 21:34:30:390
    Infection was detected on this computer
    Threat Name - Spyware.BaiDu
    Type - Registry Value
    Risk Level - Medium
    Infection - HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}, MasterCLSID

    2009.03.22. 21:34:30:390
    Infection was detected on this computer
    Threat Name - Spyware.BaiDu
    Type - Registry Value
    Risk Level - Medium
    Infection - HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}, Version

    2009.03.22. 21:34:30:390
    Infection was detected on this computer
    Threat Name - Spyware.BaiDu
    Type - Registry Key
    Risk Level - Medium
    Infection - HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}

    2009.03.22. 21:34:30:421
    Infection was detected on this computer
    Threat Name - Spyware.BaiDu
    Type - Registry Value
    Risk Level - Medium
    Infection - HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}, BlockType

    2009.03.22. 21:34:30:421
    Infection was detected on this computer
    Threat Name - Spyware.BaiDu
    Type - Registry Value
    Risk Level - Medium
    Infection - HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}, CompatibilityFlags

    2009.03.22. 21:34:30:421
    Infection was detected on this computer
    Threat Name - Spyware.BaiDu
    Type - Registry Value
    Risk Level - Medium
    Infection - HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}, DllName

    2009.03.22. 21:34:30:421
    Infection was detected on this computer
    Threat Name - Spyware.BaiDu
    Type - Registry Value
    Risk Level - Medium
    Infection - HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}, Version

    2009.03.22. 21:34:30:421
    Infection was detected on this computer
    Threat Name - Spyware.BaiDu
    Type - Registry Key
    Risk Level - Medium
    Infection - HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}