Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Unidentified spyware

0 views
Skip to first unread message

pcbutts1

unread,
Jan 10, 2004, 12:48:21 PM1/10/04
to
Located it the winnt\system32 folder is randomly generated exe files with 4
and 5 letter names like vlos, xprst, etc... HighJack This was the only thing
that detected it in the registry. Adaware and Spybot did not find it. In the
registry it is called something like 23098a4roo4j@j... Deleting this and it
comes back 3 seconds later. The exe files show as hidden files in the system
folder. It is a pain in the ass to get rid of. I had to delete all 5 exe's
that were listed in the system folder and the registry entry, then kill the
running process and reboot. if you miss 1 file...on reboot the rest come
back. Anyone know which spyware program will detect and kill this. This one
causes pop ups.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
Sharpvision simply the best http://www.seedsv.com

°Mike°

unread,
Jan 10, 2004, 1:09:12 PM1/10/04
to
Try posting your (full) HijackThis log.


On Sat, 10 Jan 2004 17:48:21 GMT, in
<FVWLb.1609$1e....@newsread2.news.pas.earthlink.net>
pcbutts1 scrawled:

>Located it the winnt\system32 folder is randomly generated exe files with 4
>and 5 letter names like vlos, xprst, etc... HighJack This was the only thing
>that detected it in the registry. Adaware and Spybot did not find it. In the
>registry it is called something like 23098a4roo4j@j... Deleting this and it
>comes back 3 seconds later. The exe files show as hidden files in the system
>folder. It is a pain in the ass to get rid of. I had to delete all 5 exe's
>that were listed in the system folder and the registry entry, then kill the
>running process and reboot. if you miss 1 file...on reboot the rest come
>back. Anyone know which spyware program will detect and kill this. This one
>causes pop ups.

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html

Chiron Paixos

unread,
Jan 10, 2004, 1:04:52 PM1/10/04
to
why do you think it's spyware? It can also be a worm, a virus or a
backdoor, a DDoS-bot, an open-relay etc.

pcbutts1

unread,
Jan 10, 2004, 4:22:15 PM1/10/04
to
Well excuse me for my choice of words. It has been corrected.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
Sharpvision simply the best http://www.seedsv.com

"Chiron Paixos" <CHZVAL...@spammotel.com> wrote in message
news:ba6eea0c3cc1c719...@news.teranews.com...

pcbutts1

unread,
Jan 10, 2004, 4:24:26 PM1/10/04
to
It is on a users system at work I will post it the next chance I get.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
Sharpvision simply the best http://www.seedsv.com

"°Mike°" <ZHNTPD...@fcnzzbgry.pbz> wrote in message
news:400f3fb9...@localhost.dot.net...

0 new messages