-{ Quote: "The most recent variants of RapidBlaster will "morph" themselves to evade detection. Periodically, RapidBlaster will download data from its controlling server that contains a new folder and filename. It will then copy itself to that folder, terminate the original process, delete the original file, and run the new file in the new location.

...

Removal of RapidBlaster can be difficult. Even if the user can identify where the file is hiding, trying to delete the startup entry in the HKEY_LOCAL_MACHINE Run key will result in RapidBlaster "morphing" to a new path/location. The running RapidBlaster process must be terminated before removal can be successful. It is highly recommended that users trying to manually remove RapidBlaster do so with extreme caution.
" }-

Full information: http://www.wilderssecurity.net/specialinfo/rapidblaster.html

In addition...


Since RapidBlaster will "morph" itself whenever it detects an uninstallation attempt, removal with current anti-spyware software may not be successful.

We have created a unique tool, RapidBlaster Killer, that can scan all running programs, detect RapidBlaster, and successfully terminate the process and remove the Run key registry entry.

RapidBlaster Killer (http://www.spywareinfoforum.com/downloads/rbkiller/rbkiller.exe) - released June 8, 2003 (mirrored by SpywareInfo (http://www.spywareinfoforum.com))

RapidBlaster Killer will create a log file named "scanlog.txt" in the folder it is placed if RapidBlaster is detected, and will notify the user of the file path/location. RB Killer will not delete the file automatically - the user must do this manually.

After a successful termination of any RapidBlaster processes, using a program such as Spybot S & D or Ad-Aware should clean up any remnants.


Best regards,

-Javacool

Thank you Javacool, :)

I´m sure that will come in handy, lots of times.

Regards,

Pieter

-{ Quote: "
Thank you Javacool, :)

I´m sure that will come in handy, lots of times.

Regards,

Pieter
" }-

Well I hope so. ;D

Currently, Spybot and other programs have trouble removing RapidBlaster because the process remains running and "morphs" to another location. (Using HijackThis to remove the Run entry can trigger RapidBlaster's "morphing" behavior also.) RB Killer will send a little "cease and desist". ;)

Best regards,

-Javacool

I've already posted about this new threat and your excellent solution at every board and newsgroup I hang at! ;D

-{ Quote: "
I've already posted about this new threat and your excellent solution at every board and newsgroup I hang at! ;D
" }-

Excellent service once again, JC 8) - Kudoos for spreading the word, Tony ;)

regards.

paul

You're welcome, Paul.

It's been a major pain... ::)

So far we've been able to get it off peoples systems by having them start up in Safe Mode, delete the RB folder there, and, still in Safe Mode, delete or disable its startup, but Javacool's solution sure is a h*ll of a lot slicker! ;D

That's why he is "JavaCOOL! " ;)

-{ Quote: "...That's why he is "JavaCOOL! "" }-

Couldn't express it better myself, Tony ;)

regards.

paul

RapidBlaster Killer 1.3 (http://www.spywareinfoforum.com/downloads/rbkiller/rbkiller.exe) released - June 10, 2003.

(The link takes you directly to the download.)

Release notes:
-RapidBlaster Killer can now perform a full clean-up (it is no longer limited to just terminating the process). It can delete the RapidBlaster files/folders, remove the uninstall entries, and remove the Run key entries (all after detecting and terminating the process of course).

Enjoy! ;D

Best regards,

-Javacool

Thanks, I've d/loaded and am running that today. :)

ya'lls link to : RapidBlaster spyware (and removal tools) - RapidBlaster NO LONGER WORKS !!!!! PLEASE advise !!!!

Also has anybody ever heard of Dynasoft ???????? It showed up in my system recently and when i try to remove it it comes right back.i have several spyware removal programs and none seam to be able to remove it or is it listed in their databases?!?!?!?!?

Hi,

May be this one:

http://www.dynasoft.pl/

Gerard

Hi thetriune1,

Welcome at Wilders. :)

Please follow the instructions posted here:
http://www.wilderssecurity.com/showthread.php?t=15913

Someone will be happy to help you with your log.

Regards,

Pieter

Is RapidblasterKiller still available? Thetriune1 was right: the link no longer works.

-{ Quote: "
Is RapidblasterKiller still available? Thetriune1 was right: the link no longer works.
" }-

Works for me. ??? ???

Direct download link: http://www.wilderssecurity.com/supportfiles/rbkiller.exe

Pieter

Must've been a hiccup somewhere. It didn't work for me last night, but I just grabbed it, so everything is hunky-dory. Thanks for the reply.

Hi. I just found your forum through a Google search. I am responding to thetriune1's post (dated March 18, 2004) regarding Dynasoft entries in the registry. -{ Quote: "Also has anybody ever heard of Dynasoft ?? It showed up in my system recently and when i try to remove it it comes right back.i have several spyware removal programs and none seam to be able to remove it or is it listed in their databases?!?!?!?!?" }-
I use several good anti-spyware, anti-trojan and anti- virus programs as well but it seems as if the entries show up in "RegCleaner 4.3" every time I restart Windows (XP Pro.) Did anyone ever find any info on Dynasoft other than what Google pulls up? Is it a trojan? Dialer? Help Please!!

Heartfelt thanks to anyone who can help,
Gina
:)

Hi gina_n_alt,

Please follow the instructions here:
http://www.wilderssecurity.com/showthread.php?t=15913

Then post your hijackthis log in the hijack cleaning forum where an Expert will review it and advise you what may need to be fixed.

Regards,

snap

Thanks Snap!
I downloaded "Hijack This!" and need one additional favor. Could you please post the hijack cleaning forum's URL? I apologize, I am very new to this and cannot find the correct forum section; I want to make sure I post the log in the correct place.

Thanks so much!

Gina
:)

EDIT: Snap, I think I found it! :D
Is this the correct URL? http://www.wilderssecurity.com/forumdisplay.php?f=26
(I will post the log there. If this is not the correct place to post please let me know. Thanks again!) ;)

-{ Quote: "EDIT: Snap, I think I found it! :D
Is this the correct URL? http://www.wilderssecurity.com/forumdisplay.php?f=26
(I will post the log there. If this is not the correct place to post please let me know. Thanks again!) ;)" }-

That's it. :)

Just make sure u start a new thread


snowbound