I run CA Security Suite (free from Mediacom ISP) which does an excellent job IMO. It recently has been detecting Silly Dl EWW and FakeAV BGY. I quarantine them and they just keep reappearing. I also ran MalwareBytes which always has worked great in the past, but won't seem to eliminate these pests. Any suggestions would be greatly appreciated.
My system:
Windows XP, IE8, Dell Dimension 3000,SP3,Pentium(R),2.00GB Ram.

Thanks,
Davemc53

Hi and welcome to TeMerc Internet Countermeasures.

Can you please tell us the specific details of the CA detection please? We need to know the file path or registry path

Maybe this will help.......
hkey_users\S-1-5-21-975523670-3826337041-408292-1187-1006\software\xml

That's from the CA scan.


This is from MalWarebytes scan log:

Database version: 4173

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/26/2010 12:03:07 PM
mbam-log-2010-06-26 (12-03-07).txt

Scan type: Quick scan
Objects scanned: 138162
Time elapsed: 12 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.68,93.188.161.208 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2ae3e548-b443-4b5f-b8af-7ad317d6d0e5}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.68,93.188.161.208 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{da4deec2-9f17-42b0-b784-cddbd29fa66d}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.162.68,93.188.161.208 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{da4deec2-9f17-42b0-b784-cddbd29fa66d}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.68,93.188.161.208 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

So it's just the errant registry point? What happens when it tries to delete them?

You Malwarebytes is out of date by almost 100 versions, we're currently at 4251, please update it:
To update Malwarebytes' Anti-Malware you must first open the software.

Once open, there will be a series of tabs, labeled in order:
Scanner | Protection | Update | Quarantine | Logs | Ignore list | Settings | More Tools | About

Click the 'Update' tab. Then click the 'Check for Updates' button. A display\dialog box will appear and connect. Be sure your security software is set to allow Malwarebytes' Anti Malware Internet access. Once the update is completed, you will be told the update was successfully completed from one database version to the latest database version.

Then rescan the system using the default 'Quick' scan option. We'll proceed based on the output of that file.

Updated MWB. Nothing detected this time. CA Spyware scan also detected nothing this time. Perhaps the CA Anti-virus eliminated it during it's last scan? Or it's hiding somewhere? I'll keep scanning and certainly send a report if I find anything again.
Thanks for your help.

Ok, we'll leave the ticket open for a bit, let us know how it goes