Anchor.Hss - spyware?

New Here ,
Jun 23, 2013 Jun 23, 2013

Copy link to clipboard

Copied

Hello, I scanned my computer, and  Spybot has detected spyware Anchor.HSS every time I used it. It belongs   to: PUPSC - it stands for potentionally unwanted program.

By searching for .hss on google, I found out .hss belongs to Adobe.

I  use other programs to detect malware/virus/spyware/adaware as well.  Programs are Spybot SD2, Malwarebytes, Advanced SystemCare 6, IOBit  MalwareFighter, AVG, Super AntiSpyware. Only Spybot SD (1 - the old one)  has detected the same problem again and again.

Every time I  decide to scan my computer, I go to safe mod, since it is able to catch  more unwanted stuff in my PC. Only spyware I have ever had problem  removing was this one.

I looked at malware removal guide - Anchor.Hss thread here:

http://forums.spybot.info/showthread...for-Anchor-Hss but none of what  was mentioned there I found anywhere on my PC. I checked regedit, I  checked appdata,etc.

Not sure where can I located sysdir though, is it basically system32 folder? I checked that one, nothing there either.

Spyware still keeps coming back :/.

Any suggestions please? Is Anchor.Hss harmless or harmful? Does it actually belong to you?

I   have noticed Adobe Acrobat among addons in Firefox, I think it asked me  for update few days ago, I declined it, and I can still see it asking  for update among Firefox Addons.

Thanks.                


Views

14.4K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Jun 23, 2013 Jun 23, 2013

Copy link to clipboard

Copied

in what directory is Anchor.Hss?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jun 24, 2013 Jun 24, 2013

Copy link to clipboard

Copied

Kglad: I have no idea which directory, but it is in my pc for sure and keeps reappearing after each restart. Or at least used to.  Hm, it has not showed up during last few restarts and spybot scans. Not sure what happened. I haven't done anything different. I've had this problem for last couple of days though.

Either Adobe fixed it (if it belongs to them) and made it not show up, or spyware (if it does not belong to adobe) received some kind of update so it would not be detectable by spybot.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Jun 24, 2013 Jun 24, 2013

Copy link to clipboard

Copied

didn't spybot indicate its directory?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jun 24, 2013 Jun 24, 2013

Copy link to clipboard

Copied

It appeared again today :/.

Oh, actually it does give me more information, there is shorter log and longer log.

This is the shorter log:

Anchor.Hss: [SBI $5B773E15] Používateľské nastavenia (Kľúč v registri, nothing done)

  HKEY_USERS\S-1-5-21-3878205609-505246965-1532686573-1001\Software\Conduit

--- Spybot - Search & Destroy version: 1.6.2  (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)

2009-01-26 SDFiles.exe (1.6.1.7)

2009-01-26 SDMain.exe (1.0.0.6)

2009-01-26 SDShred.exe (1.0.2.5)

2009-01-26 SDUpdate.exe (1.6.0.12)

2009-01-26 SDWinSec.exe (1.0.0.12)

2009-01-26 SpybotSD.exe (1.6.2.46)

2009-03-05 TeaTimer.exe (1.6.6.32)

2013-01-12 unins000.exe (51.49.0.0)

2009-01-26 Update.exe (1.6.0.7)

2009-11-04 advcheck.dll (1.6.5.20)

2007-04-02 aports.dll (2.1.0.0)

2008-06-14 DelZip179.dll (1.79.11.1)

2009-01-26 SDHelper.dll (1.6.2.14)

2008-06-19 sqlite3.dll

2009-01-26 Tools.dll (2.1.6.10)

2009-01-16 UninsSrv.dll (1.0.0.0)

2013-04-11 Includes\Adware.sbi (*)

2013-06-19 Includes\AdwareC.sbi (*)

2010-08-13 Includes\Cookies.sbi (*)

2012-11-14 Includes\Dialer.sbi (*)

2013-04-11 Includes\DialerC.sbi (*)

2013-04-11 Includes\HeavyDuty.sbi (*)

2012-11-14 Includes\Hijackers.sbi (*)

2013-04-11 Includes\HijackersC.sbi (*)

2012-11-14 Includes\iPhone.sbi (*)

2012-11-14 Includes\Keyloggers.sbi (*)

2013-04-11 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2013-05-29 Includes\Malware.sbi (*)

2013-06-19 Includes\MalwareC.sbi (*)

2012-11-14 Includes\PUPS.sbi (*)

2013-06-19 Includes\PUPSC.sbi (*)

2010-01-25 Includes\Revision.sbi (*)

2012-11-14 Includes\Security.sbi (*)

2013-04-11 Includes\SecurityC.sbi (*)

2008-06-03 Includes\Spybots.sbi (*)

2008-06-03 Includes\SpybotsC.sbi (*)

2013-05-22 Includes\Spyware.sbi (*)

2013-06-19 Includes\SpywareC.sbi (*)

2012-11-19 Includes\Tracks.uti

2013-01-16 Includes\Trojans.sbi (*)

2013-05-13 Includes\TrojansC-02.sbi (*)

2013-06-19 Includes\TrojansC-03.sbi (*)

2013-05-16 Includes\TrojansC-04.sbi (*)

2013-06-13 Includes\TrojansC-05.sbi (*)

2013-04-19 Includes\TrojansC.sbi (*)

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll

and the longer log:

--- Search result list ---

Anchor.Hss: [SBI $5B773E15] Používateľské nastavenia (Kľúč v registri, nothing done)

  HKEY_USERS\S-1-5-21-3878205609-505246965-1532686573-1001\Software\Conduit

--- Spybot - Search & Destroy version: 1.6.2  (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)

2009-01-26 SDFiles.exe (1.6.1.7)

2009-01-26 SDMain.exe (1.0.0.6)

2009-01-26 SDShred.exe (1.0.2.5)

2009-01-26 SDUpdate.exe (1.6.0.12)

2009-01-26 SDWinSec.exe (1.0.0.12)

2009-01-26 SpybotSD.exe (1.6.2.46)

2009-03-05 TeaTimer.exe (1.6.6.32)

2013-01-12 unins000.exe (51.49.0.0)

2009-01-26 Update.exe (1.6.0.7)

2009-11-04 advcheck.dll (1.6.5.20)

2007-04-02 aports.dll (2.1.0.0)

2008-06-14 DelZip179.dll (1.79.11.1)

2009-01-26 SDHelper.dll (1.6.2.14)

2008-06-19 sqlite3.dll

2009-01-26 Tools.dll (2.1.6.10)

2009-01-16 UninsSrv.dll (1.0.0.0)

2013-04-11 Includes\Adware.sbi (*)

2013-06-19 Includes\AdwareC.sbi (*)

2010-08-13 Includes\Cookies.sbi (*)

2012-11-14 Includes\Dialer.sbi (*)

2013-04-11 Includes\DialerC.sbi (*)

2013-04-11 Includes\HeavyDuty.sbi (*)

2012-11-14 Includes\Hijackers.sbi (*)

2013-04-11 Includes\HijackersC.sbi (*)

2012-11-14 Includes\iPhone.sbi (*)

2012-11-14 Includes\Keyloggers.sbi (*)

2013-04-11 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2013-05-29 Includes\Malware.sbi (*)

2013-06-19 Includes\MalwareC.sbi (*)

2012-11-14 Includes\PUPS.sbi (*)

2013-06-19 Includes\PUPSC.sbi (*)

2010-01-25 Includes\Revision.sbi (*)

2012-11-14 Includes\Security.sbi (*)

2013-04-11 Includes\SecurityC.sbi (*)

2008-06-03 Includes\Spybots.sbi (*)

2008-06-03 Includes\SpybotsC.sbi (*)

2013-05-22 Includes\Spyware.sbi (*)

2013-06-19 Includes\SpywareC.sbi (*)

2012-11-19 Includes\Tracks.uti

2013-01-16 Includes\Trojans.sbi (*)

2013-05-13 Includes\TrojansC-02.sbi (*)

2013-06-19 Includes\TrojansC-03.sbi (*)

2013-05-16 Includes\TrojansC-04.sbi (*)

2013-06-13 Includes\TrojansC-05.sbi (*)

2013-04-19 Includes\TrojansC.sbi (*)

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll

--- System information ---

Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)

--- Startup entries list ---

Located: HK_LM:Run,

command:

   file:

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!

Located: HK_LM:Run, Adobe ARM

command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

   file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

   size: 948672

    MD5: 73BB442A717B9BB0097C243374C14A3E

Located: HK_LM:Run, Adobe Reader Speed Launcher

command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

   file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe

   size: 35760

    MD5: 466CE40EAA865752F4930A472563E4E1

Located: HK_LM:Run, AVG_UI

command: "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

   file: C:\Program Files (x86)\AVG\AVG2013\avgui.exe

   size: 4408368

    MD5: 3D24A66867ECE2A70223A83A1B18248D

<hundreds of lines unreleated to Anchor.Hss removed by mod>

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Jun 24, 2013 Jun 24, 2013

Copy link to clipboard

Copied

LATEST

that's a registry entry.

it's not in my windows 7 registry so it's not needed for flash cs 6, flash cc or the flash player.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Jun 23, 2013 Jun 23, 2013

Copy link to clipboard

Copied

Also, can you please confirm whether you have installed Photoshop and/or Dreamweaver on your system ??

Rgds,

Mukesh

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Jun 24, 2013 Jun 24, 2013

Copy link to clipboard

Copied

mukeshrshah: No, not at all . I do have adobe reader 9 installed, and then addon on mozilla: Adobe Acrobat 9.3.0.148, and that's it. Nothing else from adobe.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines