Hi George Yves,

Yep that is why that was not alerted, and I did not expect you’re on Vista, so Vista has SP1 and with implementing SP2 you can still wait a bit, just out. OK, we have that settled then.

Now the Url Search Hook issue. It is like this:

R3 is for a Url Search Hook. An Url Search Hook is used when you type an address in the location field of the browser, but do not include a protocol such as http:// or ftp:// in the address. When you enter such an address, the browser will attempt to figure out the correct protocol on its own, and if it fails to do so, will use the UrlSearchHook listed in the R3 section to try to find the location you entered.

For your own reference, it is safe to check this item in HijackThis and remove it. You will not notice a change. It is just more secure, my friend. If it was just an orphaned entry of adware, you can remove it as well,

polonus

And what about this R3?

R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll

Should I remove it too?

Hello

Yes, I would uninstall it. 1. Click on View → Toolbars → Deselect ICQ toolbar.
or
2. Click on Start → Settings → Control panel → Add/Remove Programs → Scroll to ICQ Toolbar → Click delete. This option will permanently remove the toolbar from your system.

Not because it is malcode as such, but there were vulnerabilities with it.
Security problems found in the ICQ Toolbar v1.3 may allow attackers to
control and change configuration settings and to inject scripting code
in RSS feed contents and execute it in the contetxt of the feed
interface (IE’s Local Zone)
I
ICQ Toolbar 1.3 for Internet Explorer is a Browser Helper Object that
provides several features including: search, pop-up blocker, ICQmail
notifier, RSS feeds and others. The ICQ toolbar, is one of the various
products offered by ICQ and it is available for download at
hxtp://download.icq.com/download/toolbar/

A problem was found in the way the ICQ Toolbar implements its web
configuration interface that lets attackers controlling a malicious
website change the ICQ toolbar’s configuration settings without users of
the ICQ toolbar for Internet Explorer noticing that an attack is taking
place.

Additionally, Cross Site Scripting vulnerabilities in the RSS Feeds
interface could allow malicious RSS feeds to execute scripting code in
the context of the Feeds interface, and allow attackers to access (and,
in specific cases, change) configuration settings.

f that happened in the past, I would not trust such a BHO for the future either.
You can check also for all the latest patches etc. for IE BHO’s and Firefox browsers add-ons/plug-ins with the new beta that PSI Secunia has just brought out: http://secunia.com/PSISetupBeta.exe

polonus aka Damian

Thanks for your advice, polonus. I removed the toolbar and fixed the line in HJT. But the problem still exists: to install or not to install ThreatFire?

Hi Georges Yves,

Whenever I experience problems with Threatfire you will be the first to know, I will report it to you.
I have read con’s and pro’s here in this forum. Some users here used it for years without much ado, like bob3160, others reported issues, like Tech (But Tech reported issues with various things, not Tech? )
You must not have this real time scanner, there are alternatives, avast does all the real time scanning it should also through the shields. An additional quick scan of MBAM and SAS and keeping the databases of these programs up to date will do a lot. If you are doing your online activities with a normal user account, you already have reduced the payload of 92% of the malware to your OS to a minimal.
An alternative to ThreatFire is installing the Arovax shield, a good free Ukranian alternative, download from their site: http://www.arovaxshield.com/

I hope this will help you to take the right decision,

polonus

P.S. Arovax Shield is completely compatible with Windows Vista

I think the alternative to a HIPS program is safe browsing and a good firewall. Online Armour does the job (I’m using a giveawayoftheday offer).

Hi Tech,

I agree with you that one cannot add the one security apps and pile it upon the other, this will cost you too much cycle and will hamper your computer and the additional security delivered is minimal anyway. I think the PCTools ThreatFire application has some issues with certain firewalls installed rather than browsers etc. I have it now with ZA and as I told George Yves no issues so far.
What a person tries to do as good as he, she, it can is closing the vulnerability window as good as can be. So a software firewall, a resident av solution, some additional non-resident scanning with some other databases (a pity rather avast now has an issue with free ClamWin), additional anti-malware scanners like MBAM and SAS and SpywareBlaster in the background should be enough. Furthermore I have a browser with enough in-browser-security extensions, like NoScript, RequestPolicy, Perspectives, ABP (the malware list) , Firekeeper extension, and a series of installed and on-demand pre-link scanners as far as they are real time: DrWeb’s, finjan). I think that is a rather full fletched security cocktail and then also multi-layered, so let us not overdo it…

polonus

The FP on SvchostAnalyzer “will be removed in DB version 3.006.002.000” in Spywareterminator.