3 replies to this topic

[crisoco]

Ad Watch Build 399.

I have searched the postings for answers to my particular query but have only been able to find the answer on how to retain registry changes by having Ad Watch set to Active mode only.

1) Registry change notification.
How does the pop up screen work? When an attempt to change a registry entry takes place how can I be notified? I have now set Ad Watch to load at start up. Before I had to start Ad Aware / Ad Watch for it to tell me that a registry attempt had taken place. Will I now get a pop up screen to tell me as it happens?

2) Ezula.com not listed in the scan.
I see that url's from ezula.com should be blocked, so why did I have to delete ezula.com within BT Yahoo Anti Spy after I ran a scan there? I do not understand how this works in Ad Watch. I simply want to block all attempts at alterations to my registry as they happen. I cannot understand why I now have to manually scan the registry to delete numerous ezula and associated ezulamain keys. Is Ad Watch not supposed to stop these entries taking place or at least give me the option to allow or block as they happen? How are these Spyware entries bypassing 2 Anti-Spyware programs, Lavasoft Ad Aware Plus and SpyBot Search & Destroy and possibly BT Yahoo Anti-Spy? Should I also be adding these url's to my blocking cookies in FireFox?

3) Something is wrong with my help link.
When I loaded up Ad Watch it told me there had been an attempt at changing a registry entry - what this change related to I have no idea because when I clicked the 'what action to take' help link at the bottom of the screen all it did was load up my desktop file.
Can you tell me why it does this and how to change the link so it gives me information on how to deal with the problem. It is almost impossible to make a decision here without some help. It is not possible to close the screen without making a judgement one way or the other.

Edited by crisoco, 15 December 2006 - 12:31 AM.

[Ai_Tak]

2) Ezula.com not listed in the scan.
I see that url's from ezula.com should be blocked, so why did I have to delete ezula.com within BT Yahoo Anti Spy after I ran a scan there? I do not understand how this works in Ad Watch. I simply want to block all attempts at alterations to my registry as they happen. I cannot understand why I now have to manually scan the registry to delete numerous ezula and associated ezulamain keys. Is Ad Watch not supposed to stop these entries taking place or at least give me the option to allow or block as they happen? How are these Spyware entries bypassing 2 Anti-Spyware programs, Lavasoft Ad Aware Plus and SpyBot Search & Destroy and possibly BT Yahoo Anti-Spy? Should I also be adding these url's to my blocking cookies in FireFox?

Can you post the log files from this? If this is the Yahoo Anti Spy I think is (based on pestpatrol, a scanner with high FP rate), I think it may be a false positive.

[crisoco]

Can you post the log files from this? If this is the Yahoo Anti Spy I think is (based on pestpatrol, a scanner with high FP rate), I think it may be a false positive.

Thank you for your reply.

HiJackThis Log. Is it too late?
I have already deleted the references in the registry to ezula and ezulamain so would all the useful logs be lost if I did a log now?
Being fairly new to this I do not know how to prepare a log anyway. Would this be a HiJackThis log? I have the exe program ready to load but that is as far as I have got. Can you tell me what to do when its loaded? Is it best to add as an attachment to the post? I see some people copy and paste it in the posting but sometimes the post length does not allow for the full log!

Ezula and Ezulamain
I do not understand why you would think ezula.com could be a false positive. This is what ProcessPedia have to say about it .......

EZulaMain - EZulaMain.exe Spyware and adware application which gathers information about how you use your computer. This process represents a security threat and should be removed immediatly, either using an anti-spyware application such as Microsoft Anti-Spyware or by following the instructions at the link below. This process is installed along with adware supported software, such as KaZaA.

Ad Watch Alarm 'Attempt to add a registry value'. Address this query here or start new thread?
The above query relates to another pressing problem I have with Ad Watch Alarm and I am not sure if I should address that here or start a new thread.
To sum up I have an Ad Watch Alarm 'attempt to add a registry value' with Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer.
'Click here for advice' loads my personal computer folder with a load of files I have not got a clue about. I cannot 'Accept' or 'Block' because I do not know what to do when these Alarms like this one are raised, so the screen is just sitting there waiting for action and getting in the way. At a guess I think its something to do with when I loaded Windows because the timing is right. I could just 'Accept' but I would like to do the right thing.
I have since discovered that the W32/Brontok-BO Worm can make alterations to keys at the location ....
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer which makes me even more worried. It think I shall be a nervous wreck if I am left to make decisions with all these Alarm notifications!
If I had Ad Watch set to 'Automatic' would this decision have been made for me? Is 'Automatic' the best setting to use for the none technical user? 'Active' seems to be creating quite a headache for me!

'Click here for advice' seems to link to folders?
I see you are helping me with item 2). Do you think someone else will help with the other queries?

Edited by crisoco, 16 December 2006 - 12:00 AM.

[Ai_Tak]

Thank you for your reply.

HiJackThis Log. Is it too late?
I have already deleted the references in the registry to ezula and ezulamain so would all the useful logs be lost if I did a log now?
Being fairly new to this I do not know how to prepare a log anyway. Would this be a HiJackThis log? I have the exe program ready to load but that is as far as I have got. Can you tell me what to do when its loaded? Is it best to add as an attachment to the post? I see some people copy and paste it in the posting but sometimes the post length does not allow for the full log!

I was looking for the log from the original yahoo anti-spy scan, just to see what it really detected.