Teknum Systems, Attack disables Restore in XP

The problem here as I see it is that we are all familiar with Teknum Updater and what it does and even how to delete some registry keys with Teknum Updater or Called Teknum Systems but unless I've missed something no one knows how to keep it off our systems for good.

It keeps coming back and reattaching itself. I use Win XP Home Edition by the way and I have system restore turned off because I believe what Black Viper said www.blackviper.com about it using too many resources. Instead, I use Norton Ghost 9.0 to back up my system. There must be someone out there who can tell us how to get rid of Teknum Updater for good?

 

Does anyone out there really know how to get rid of Teknum Updater. I have Win XP Home Edition and I have System Restore turned off because I believe as Black Viper www.blackviper.com that it uses up your system resources so I use Norton Ghost 9.0 Imaging to back up my hard drive.

I use Spybot S&D along with Ad-Aware and Spybot is the only one that picks up Teknum Updater. It picks it up about twice a week...and even though I have deleted the registry key several times it keeps coming back.

I look for Teknum Updater and Teknum Systems. I've searched Google for the answers and I still run into a dead end. If anyone knows how to really get rid of this nuisance spyware please let me know. I've posted on other forums I belong to and nobody seems to know or at least they are not posting. I appreciate your help.

 

Even after all checks and deletions, Teknum STILL kept writing entries into my registry on each Startup. FINALLY, found a related .dll in the Windows\System folder. "ssmenu.dll" is from Teknum and couldn't be deleted until the computer was restarted in DOS because it was in use. I'm still using Win98, so don't know how to do it in 2000 or XP. In my particular situation, there were also some entries, related to this particular .dll under {916F1ADF-2F02-46C2-B7D2-310468390750} in the registry. Once gone, the re-appearing Teknum lines have finally stopped.

 

Andate a questo link go to this adress: http://www.handybits.com/download.asp?product=updenabler

 

What the Update Service is?
The HandyBits Update Service is a set of programs that helps you to keep your HandyBits products up to date.
How does the Update Service work?
When you get connected to the Internet, Update Service (updsvc.exe) checks our server for notifications and downloads the notifications if there are any. Next time you start a product the downloaded notification will be presented to you.
Does the Update Service comply with our Privacy Policy?
Certainly it does. First, we never collect any of your personal data, unless you enter it into a sort of form and post it to us explicitly. Secondly, we are very strict about not annoying you with unnecessary notifications of any sort. To read more about our privacy policy, click here.
Can I turn the Update Service off?
Yes you can. Before you do this though, please read the important note below. To turn the Update Service off, please do the following:
1. Download the Update Service Enabler (File: updEnabler.exe Size: 80K). Click here to start download.
2. Start downloaded file "updEnabler.exe" and select the "Disable Update Service" radio button.
3. Click the OK button. After you have restarted your machine, the Update Service will be disabled.
Important Note:
When the Update Service is disabled, a product vendor is unable to notify you about any critical bugs that were detected after you have installed the product. It is highly recommended to enable Update Service, at least from time to time.

 

What the Update Service is?
The HandyBits Update Service is a set of programs that helps you to keep your HandyBits products up to date.
How does the Update Service work?
When you get connected to the Internet, Update Service (updsvc.exe) checks our server for notifications and downloads the notifications if there are any. Next time you start a product the downloaded notification will be presented to you.
Does the Update Service comply with our Privacy Policy?
Certainly it does. First, we never collect any of your personal data, unless you enter it into a sort of form and post it to us explicitly. Secondly, we are very strict about not annoying you with unnecessary notifications of any sort. To read more about our privacy policy, click here.
Can I turn the Update Service off?
Yes you can. Before you do this though, please read the important note below. To turn the Update Service off, please do the following:
1. Download the Update Service Enabler (File: updEnabler.exe Size: 80K). Click here to start download. http://www.handybits.com/download.asp?product=updenabler
2. Start downloaded file "updEnabler.exe" and select the "Disable Update Service" radio button.
3. Click the OK button. After you have restarted your machine, the Update Service will be disabled.
Important Note:
When the Update Service is disabled, a product vendor is unable to notify you about any critical bugs that were detected after you have installed the product. It is highly recommended to enable Update Service, at least from time to time.

 

eos10d, from your post it's clear that you are one of, if not THE, persons responsible for the Handybits spyware. That being the case, if your spyware is so harmless then answer these questions:

1. Why does it destroy System Restore points?
2. Why does it hide the updater in various places?
3. Why is it one of the most difficult spyware problems to get rid of?
4. Why does it leave a .dll on my computer that continues to write values to my Registry, even though I deleted all other traces of your program months ago?

I'm posting what I did here to help others who have trouble with the Teknum spyware issue. (BTW, I'm running Windows XP Professional.) The below Registry value kept popping up on my system every few days even though I removed the program that originally installed it months ago.

HKEY_CURRENT_USER\Software\Teknum Systems

The file responsible for reloading Teknum into the Registry appears to be: ssmenu.dll

Credit for this fix goes to Ron Kinner.
-------------------------------------
Boot into Safe Mode (F and select the command prompt option. Then:

cd \
dir /s ssmenu.dll

(if it doesn't find it try
dir /ah /s ssmenu.dll

(if you find it then

cd (to ItsFolderName)
regsvr32 -u ssmenu.dll
del /f /q ssmenu.dll

(then do a )

dir ssmenu.dll

(to see if it is really gone.)

Then reboot into regular mode and run regedit or better regseeker
http://www.hoverdesk.net/freeware.htm

to see if there are any traces of ssmenu.dll or teknum hanging around that need to be deleted.
-------------------------------------

When I rebooted I did find (HKEY_CURRENT_USER\Software\Teknum Systems) back in my Registry as the ssmenu.dll loads it there even in safe mode. I deleted it and it has not reappeared yet, so that's good.

 

This thread has been idle a while, but I'll answer something in the last post that I find quite clear, after having dealt with this about two years ago.
The key word used again and again here is "deleted". Windows is designed to have most software installed on the system, which means that it's components are registered on the system (hence registry entries). It also means that software is intended to be removed by UNinstalling it, which includes (in an ethically made software) unregistering all components and ending all processes and loaded modules, and deleting them. The only exception would be shared resources, which should be none in the case of software like this.
If you delete or attempt to delete the software in question, the loaded dll reasserts things as it is designed to. I attempted to neuter the updater many ways, and none worked. At the time, I could not get the official software to disable the updater. Uninstalling the software DID remove and disable everything however. Although the 'updater' lacking a user interface to disable it and no real disclosure of it's presence on install makes it basically low level spyware, the fact you can neuter it via a tool from the provider does mitigate the situation.
Don't cry foul if you use methods that are incorrect and achieve incorrect results.
I knew of this updater software because it asked for access through my firewall - you are running a firewall, aren't you?

 

Never noticed this thread in all my time with this forum, i just used Eraser and shredded the teknum systems easy crypto package out of my computer. My OEM bundled this software together with my computer when I bought it last year. The teknum updater kept trying to gain access to the internet, i got my firewall to block it. Now I know the whole picture of it all.

 

Hi Peaches4U,

Please post instructions on how to clean things up...thank you.

 

I came upon this thread while googlin for the Teknum Systems AS. I couldn't remember what program I may have downloaded that kept producing my sygate asking me that Teknum wanted access outgoing. So I found your thread on google and also remembered what program I had downloaded that gave me Teknum it's the > HandyBits Voice Mail Sneaky little program they are. Spybot S&D caught it one time along with backweb light (I believe "Paltalk" uses backweb light). Haven't had to many problems for the last few months using the free "AVG" along with "Sygate Pro", everything seems about right. But if there were some of you that didn't know what other program would be housing Teknum I thought to add this one to the list. Good security-website WILDERS SECURITY FORUM has been.

Continuing the hunt.. http://img353.imageshack.us/img353/4520/bootrack8ti.gif

I went into the reg and deleted Teknum and Handybits altogether now we'll wait and see....

 

im really no good with computers and i have a question where is the updater and once the files are in the recycle bin then what?