New Spyware glagwqiuwu.exe and prutsct.exe.

Discussion in 'other security issues & news' started by JacobSteelsmith, Mar 4, 2005.

Thread Status:
Not open for further replies.
  1. JacobSteelsmith

    JacobSteelsmith Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    4
    These programs may be hard to detect. They are set to run in the following keys:

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    Notice the current user and not local machine. It looks like prutsct.exe is the trickler or reinstaller because it also has another entry in:

    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

    Rename the files in safe mode from blah.exe to blah.exe.bad. you can use the command "rename blah.exe blah.exe.bad" after navigating to the correct folder using a command prompt.

    Delete the registry run keys after testing for stability.

    This was found on XP.

    Jacob Steelsmith
     
Loading...
Thread Status:
Not open for further replies.