Teknum disaster

Discussion in 'malware problems & news' started by Martha Eddington, May 9, 2005.

Thread Status:
Not open for further replies.
  1. Martha Eddington

    Martha Eddington Registered Member

    Joined:
    May 9, 2005
    Posts:
    3
    A couple of months ago I unwittingly installed Teknum's File Shredder and EasyCrypto. I had not seen this forum, or it would never have happened. Two days ago I decided to remove both, and lo and behold, no such luck. File Shredder would not be removed. I am using Windows XP Home computer, keep it current with Norton Anti-Virus, I use DSL with a router firewall for my home LAN.

    I did a Google search, and ventured upon this forum, and a thread posting (https://www.wilderssecurity.com/archive/index.php/t-13100.html) starting in August,2003, most of the conversation in Aug and Sept, 2003, picking back up in Feb, 2005 through last month, which quickly revealed my grave mistake. I did a "teknum" file search of my computer and removed all, including the zip update files, all other references, deleted the folders in Program Files, everything with Teknum, Handybits, File Shredder or EasyCrypto in it. I then went to the registry and removed all references there. The EasyCrypto shortcut on the desktop went away, but the File Shredder did not, and won't.

    I went to System Restore, and, sure enough, no restore points. I immediately set a restore point last night. I checked it this morning, and, no restore points.

    I ran Spybot and removed the updater.

    I found the ssmenu.dll file which was referenced in "Anon" April 3, 2005 post, and, sure enough, it won't be removed because it "is currently in use".

    Teknum still has control of my computer because Sys Restore is not holding restore points, and, I can't remove the ssmenu.dll.

    "Peaches4u" - if you're still out there, or, if anyone else can assist, please help.

    Regards and Thnx
     
  2. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Teknum is just an updater, and no genuine security risk as far as I know.

    All it does is check for updates of the program at startup, and it will indeed even restore this value in your Run key if deleted.
    I dislike that kind of practice, but if you like the program it came with, you can choose to work around it:

    You can download updEnabler.exe at http://www.handybits.com/update_service.asp
    It will allow you to disable the update service.

    Your program will still require Update.exe to load at startup, but it won't want to access the net any more.

    If it does, and should you so wish, you can opt to have your firewall block it.

    Incidentally, Handybits will, after some prodding, provide a tool to remove the Teknum updater completely.
    This is it: http://www.handybits.com/download/misc/hbCleanUp.exe

    But most importantly, let's not get carried away....
     
  3. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    If it's just ssmenu.dll that's bothering you, have you tried removing the file in Safe Mode?
     
  4. Martha Eddington

    Martha Eddington Registered Member

    Joined:
    May 9, 2005
    Posts:
    3
    Thank you Tony, for your insight.

    I removed the value for ssmenu.dll from the Registry, and then was able to delete the file from Windows.

    What is bothering me most is that it appears Teknum's updater interferes with Sys Restore, and my ability to use my computer the way I want to. Some choose to use another method for system restoration. Fine. I choose to use Sys Restore.

    After removing ssmenu.dll this morning, I set a restore point, and it appears to be holding. I have rebooted the computer several times, and the restore point still exists. Apparently, ssmenu.dll was the last harmful vestige of the program.

    Unfortunately, something is still out there, because the shortcut for File Shredder is still on the desktop, and won't be removed. I would appreciate knowing how to delete it.

    Will the program your refer to from Teknum function, even if I have removed all the known elements from the computer? I have no inclination whatsoever to reinstall anything from Teknum, just to see if their program really will remove it all.

    Best regards, and thanx again -
     
  5. Martha Eddington

    Martha Eddington Registered Member

    Joined:
    May 9, 2005
    Posts:
    3
    I used Teknum/Handybits' uninstaller, which you suggested, Tony, and it didn't solve the problem with Sys Restore. For all I know, it dumped more crap on my computer.

    The restore point I set this morning is gone.

    I set another restore point just after using the uninstall program, and rebooted, and it's gone.

    It appears my only solution now is to fdisk, reformat and start from scratch, if I want to be able to use Sys Restore.

    Thanks loads, jerkoff Teknum/Handybits.
     
  6. JohnLoc

    JohnLoc Guest

    I'm posting what I did to help others who have trouble with the Teknum spyware issue. (BTW, I'm running Windows XP Professional.) The below Registry value kept popping up on my system every few days even though I removed the program that originally installed it months ago.

    HKEY_CURRENT_USER\Software\Teknum Systems

    The file responsible for reloading Teknum into the Registry appears to be: ssmenu.dll

    Credit for this fix goes to Ron Kinner.
    -------------------------------------
    Boot into Safe Mode (F:cool: and select the command prompt option. Then:

    cd \
    dir /s ssmenu.dll

    (if it doesn't find it try:)
    dir /ah /s ssmenu.dll

    (if you find it then:)

    cd (to ItsFolderName)
    regsvr32 -u ssmenu.dll
    del /f /q ssmenu.dll

    (then do a )

    dir ssmenu.dll

    (to see if it is really gone.)

    Then reboot into regular mode and run regedit or better regseeker
    http://www.hoverdesk.net/freeware.htm

    to see if there are any traces of ssmenu.dll or teknum hanging around that need to be deleted.
    -------------------------------------

    When I rebooted I did find (HKEY_CURRENT_USER\Software\Teknum Systems) back in my Registry as the ssmenu.dll loads it there even in safe mode. I deleted it and it has not reappeared yet, so that's good.
     
Thread Status:
Not open for further replies.