Re: another pest
From: Li'l Roberto (whoisit_at_nospam.net)
Date: 12/24/04
- Next message: JB: "Re: How to remove this Firkin worm Please"
- Previous message: Jim Macklin: "Re: Redirected HOSTS question"
- In reply to: Malke: "Re: another pest"
- Next in thread: Li'l Roberto: "Re: another pest - still not resolved !!!!"
- Reply: Li'l Roberto: "Re: another pest - still not resolved !!!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 24 Dec 2004 10:36:55 +1030
Malke
thanks for the info, I have used all the usual malware removal tools,
but SilentRunners is a new one to me - thanks for that info! .
I will DL it now, give it a shot and let you know what eventuates,
some of these new trojans are a real PITA to erradicate don't you agree
?.
MERRY CHRISTMAS to you and your loved ones
from sunny OZ !!!
rgds
Li'l Roberto
"Malke" <malke@nospoonnotreally.com> wrote in message
news:e%23%233LCQ6EHA.3504@TK2MSFTNGP12.phx.gbl...
> Li'l Roberto wrote:
>
>> XP Home system is infected with something [probably a trojan] but
>> I am
>> unable to find the files that run at startup.
>> Here are the details:
>> msconfig shows two entries: in the startup group
>> 1. nrkmavt.exe
>> 2. gkbdu.exe
>> these two entries are also present in
>> HKCU - run key
>> HKLM - run key
>> both point to the C:\windows\system32\ folder, however neither
>> file is
>> visible in that folder or anywere else on the system ??? even with
>> show
>> all files hidden\system and protected is enabled.
>> Running a search with wild cards pulls up negative, delete them
>> and
>> they are back next reboot so my guess is there is another file
>> monitering their present and recreating them , but what ?.
>> Scans with the usual tools comes up negative.
>> Any help greatly appreciated.
>>
>> rgds
>> Li'l Roberto
>
> Try HijackThis and try SilentRunners. Look at the SilentRunners page
> about removing CoolWebSearch variants. Although this may not be a CWS
> malware, the technique used may be applied for your situation. Here are
> links to help:
>
> Hijack This - where to post logs, etc.:
>
> http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
> Eshelman
> http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
> forum
> http://www.lavasoftsupport.com/index.php?showforum=44
> http://www.wilderssecurity.com/
> http://forums.tomcoyote.org/
> http://www.spywareinfo.com/forums/
>
> http://www.silentrunners.org/sr_cwsremoval.html
>
> Malke
> --
> MS MVP - Windows Shell/User
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
- Next message: JB: "Re: How to remove this Firkin worm Please"
- Previous message: Jim Macklin: "Re: Redirected HOSTS question"
- In reply to: Malke: "Re: another pest"
- Next in thread: Li'l Roberto: "Re: another pest - still not resolved !!!!"
- Reply: Li'l Roberto: "Re: another pest - still not resolved !!!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
