New Spyware glagwqiuwu.exe and prutsct.exe.

Discussion in 'other security issues & news' started by JacobSteelsmith, Mar 4, 2005.

Thread Status:
Not open for further replies.
  1. JacobSteelsmith

    JacobSteelsmith Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    4
    These programs may be hard to detect. They are set to run in the following keys:

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    Notice the current user and not local machine. It looks like prutsct.exe is the trickler or reinstaller because it also has another entry in:

    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

    Rename the files in safe mode from blah.exe to blah.exe.bad. you can use the command "rename blah.exe blah.exe.bad" after navigating to the correct folder using a command prompt.

    Delete the registry run keys after testing for stability.

    This was found on XP.

    Jacob Steelsmith
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.