Spyware, viruses, & security : Ultraview Plus???
Ultraview Plus???
by cyc275 - 11/13/07 1:15 AMToday I was using my Webroot Spy Sweeper to sweep my laptop, and it said that there's a system monitor threat: Ultraview Plus. I have no idea what that is. I have browsed around, and found out that it's some kinds of monitor software. I am not even sure. Could anyone please tell me what that is, how I got that spyware, and is there a way I can uninstall it or something? Thank you so much in advance.
Re: Ultraview Plus- WebWatcher
by Carol~
- 11/13/07 8:55 AM
In reply to: Ultraview Plus??? by cyc275
cyc275..
Ultraview Plus is surveillance program developed by Awareness Technologies. It is now called WebWatcher, although Webroot refers to it as Ultraview Plus. Did you, an employer, or anyone else in your family install it? According to Symantec, it must be installed manually. If this is not the case, you might want to keep it in quarantine, until you are sure it's not a false positive. SS has detected it as such in the past. See the article "Is Someone Spying on You" to get a better understanding. (Take note where it refers to SS on the bottom)
For further help:
http://research.sunbelt-software.com/threatdisplay.aspx?name=WebWatcher&threatid=44200
http://www.symantec.com/security_response/writeup.jsp?docid=2006-030716-0919-99&tabid=3
If in time, you find it's not a false positive and wasn't installed intentionally, you might try one of the scanners listed at the top of this forum.
Carol
Remove Ultraview Plus
by cyc275 - 11/14/07 1:15 AM In reply to: Re: Ultraview Plus- WebWatcher by Carol~
The Norton Antivirus/Internet Security detected Ultraview Plus (Spyware.Ultraview) and I chose to remove it. Does it mean my laptop is "safe" now? What other procedures should I take? I don't know anyone that had installed Ultraview on my laptop. I did lent my laptop to my friend once. I have no idea if he installed it on my laptop. I guess there's no way to track it whether he installed it or not. If it's not someone that manually installed it, where else would I get this spyware?
Thanks again for your time and help.
I would reboot the computer and
by roddy32 - 11/14/07 3:09 AM
In reply to: Remove Ultraview Plus by cyc275
then rescan and see if it is gone.
Have a look, IF you still can find...
by Marianna Schmudlach - 11/14/07 8:58 AM
In reply to: Remove Ultraview Plus by cyc275
these files:
%local_settings%\ temp\ atww_340_693a.exe
%SYSTEM%\ config\ atuvp\ ccp.dll
%SYSTEM%\ config\ atuvp\ dprx.dll
%SYSTEM%\ config\ atuvp\ dtor.exe
%SYSTEM%\ config\ atuvp\ filesvc.sys
%SYSTEM%\ config\ atuvp\ mca.dll
%SYSTEM%\ config\ atuvp\ mcie.dll
%SYSTEM%\ config\ atuvp\ mck.dll
%SYSTEM%\ config\ atuvp\ mcmsg.dll
%SYSTEM%\ config\ atuvp\ mco.dll
%SYSTEM%\ config\ atuvp\ mcoexp.dll
%SYSTEM%\ config\ atuvp\ mcsc.dll
%SYSTEM%\ config\ atuvp\ mcy.dll
%SYSTEM%\ config\ atuvp\ procdrv.sys
%SYSTEM%\ config\ atuvp\ regfil.sys
%SYSTEM%\ config\ atuvp\ registrar.exe
%SYSTEM%\ config\ atuvp\ shellservice.dll
%system%\ config\ atww\ ccp.dll
%system%\ config\ atww\ dprx.dll
%system%\ config\ atww\ dtor.exe
%system%\ config\ atww\ filesvc.sys
%system%\ config\ atww\ mca.dll
%system%\ config\ atww\ mcie.dll
%system%\ config\ atww\ mck.dll
%system%\ config\ atww\ mcmsg.dll
%system%\ config\ atww\ mco.dll
%system%\ config\ atww\ mcoexp.dll
%system%\ config\ atww\ mcsc.dll
%system%\ config\ atww\ mcy.dll
%system%\ config\ atww\ procdrv.sys
%system%\ config\ atww\ regfil.sys
%system%\ config\ atww\ ShellService.dll
http://research.sunbelt-software.com/threatdisplay.aspx?name=WebWatcher&threatid=44200
How can I find those files?
by cyc275 - 11/14/07 4:16 PM In reply to: Have a look, IF you still can find... by Marianna Schmudlach
Sorry I am not a computer expert, so I was wondering where can I find those files and see if they are still in my computer?
Also, just a question, if it's not someone that manually installed that Ultraview Plus in my computer, then how can I get that spyware? Can someone explain the false positive issue in details?
Thank you so much for all the help. I really appreciate it.
You have an XP?
by Marianna Schmudlach - 11/14/07 4:50 PM
In reply to: How can I find those files? by cyc275
Follow the instructions from here:
Ultraview manual removal:
http://www.2-spyware.com/remove-ultraview.html
Ways of infection:
http://www.2-spyware.com/keyloggers-removal
What is a false positive?
by Marianna Schmudlach - 11/14/07 4:53 PM
In reply to: You have an XP? by Marianna Schmudlach
A false positive, also known as a false detection or false alarm, occurs when an antivirus program detects a known virus string in an uninfected file. The file, while not infected with an actual virus, does contain a string of characters that matches a string from an actual virus.
A false positive can also occur when a program performs an action, which appears to the antivirus program to be a virus-like activity.
Norton AntiVirus and Symantec AntiVirus Corporate Edition use Bloodhound heuristics to detect virus-like activity.
Examples of such activity can include, but are not limited to, writing to the master boot record of the hard disk, making changes to a system file, or running a custom macro in a program such as Microsoft Word.
False detections, once confirmed, are usually corrected as soon as possible.
http://service1.symantec.com/sarc/sarc.nsf/info/html/what.false.positive.html
Your "friend" may not be so good if they installed this
by internetexplorer - 12/17/07 7:02 AM In reply to: Remove Ultraview Plus by cyc275If your "friend" put this software on your computer (or let someone do it), then you should probably run a credit check on yourself to make sure you're not a victim of identity theft. Even if it is clean, you may want to put a "fraud watch" on your accounts to prevent loss.
Web Root Spy Sweeper
by hogndog - 11/19/07 10:56 AM In reply to: Ultraview Plus??? by cyc275Easiest way is to call their toll free number. 1-800-772-9383..
They'll answer your questions in a professional manner.
Questions..
by kzh101 - 11/29/07 5:02 PM In reply to: Ultraview Plus??? by cyc275Is there a way to track who has manually installed the Ultraview Plus to someone's computer? Is it impossible to know who had done it?
In general, is there a way to track who's the hacker that did something, such as hacking email passoword, etc.
re: can you tell who done it?
by internetexplorer - 12/17/07 7:15 AM In reply to: Questions.. by kzh101If you go to windows explorer or my computer, then set the View options to Details and then Choose Details to include dates modified, created and accessed, then drill down to the file in question (using the path information a good antivirus will give), you can get the date and time that the program was installed, altered, and possibly even last used. If these dates happen to fall within the time period(s) that you loaned the computer to someone, then there's your smoking gun. This is just one example of computer forensics, as there are actually even more ways to track something like this down by using some of the various logs the computer keeps.
can you help find out when it was installed?
by enaiseeo - 7/24/08 1:22 AM In reply to: re: can you tell who done it? by internetexplorerit is not possible via my computer as ultraview/webwatcher
is hidden from everyone except the people authorized to see it. It does not appear in the Registry, the Process List, the System Tray, the Task Manager, on the Desktop, or in Add/Remove programs. There aren’t even an visible files that can be detected!
can anyone help? It is very important that I find out when it was installed (the who is not a too difficult question to answer, the boss).
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
