Success in Removing Spyware Infestations, but Have Lingering Questions

Discussion in 'adware, spyware & hijack cleaning' started by Zonnie, Jun 26, 2004.

Thread Status:
Not open for further replies.
  1. Zonnie

    Zonnie Registered Member

    Apr 6, 2004
    I am a frequent user of this forum because I troubleshoot PCs when folks call me with their problems.

    Now I am working an Win-98 AOL dial-up with a bad infestation of spyware, probably from Grokster and other sources. I detected more than 500 spyware components mostly porn related. Since my clients were not in a hurry to get the PC back, I took my time running Spyware S&D, CWShredder and Adaware in normal and safemodes. I have (not tried HiJackThis yet). After about 10 hours, I think I have managed to clean out the infestations, or so it seems.

    I have installed a firewall, antivirus and the Windows Updates. It appears that I have been able to restore the PC to normal, but I have questions.


    1. At what point is it better to reformat the hard drive rather than to try the spyware removal programs?

    2. Are spyware registry entries left behind when using the removal programs?...or reformatting?

    3. One of the programs mentioned above, placed a long list of the porn sites into the IE "Restricted Sites", which I thought was a very kind and thoughtful feature, but I don't know which program did it.

    4. My Zone Alarm firewall at AOL dial-up is asking to allow a program called eebr.exe to run. I find no reference to it on Google. Nor can I figure out its purpose or change the name. Anyone know what this is?

    5. When I go into Start/Programs/Accessories/System Info/Software Environment (32Bit), I find the c:\windows\Applicationdata\eebr.exe with no description as to software vendor or purpose. The AOL programs are clearly identified by manufacturer. Is this Windows Path a good place to look for suspect spyware/trojan undetected by other means?
  2. dave38

    dave38 Spyware Expert

    Feb 26, 2004
    While formatting and reinstalling is the last resort, in the commercial world, it works out a LOT cheaper for the client! You spent about 10 hours cleaning up, whereas a format/reinstall would take about an hour.

    Sometimes there are orphaned registry entries left behind by removal programs. These show up in a Hijack this log as ........ (no file) items. fixing them with Hijack this will clean up the registry.

    The file eebr.exe is almost certainly some form of gackware, and needs killing.

    Searching the registry is a difficult process. The writers of this slime are getting really sneaky, and use anything that might evade detection.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.