www.znext.com

Discussion in 'other anti-malware software' started by AlanKG, Feb 16, 2004.

Thread Status:
Not open for further replies.
  1. AlanKG

    AlanKG Registered Member

    Joined:
    Feb 16, 2004
    Posts:
    3
    I was cleaning up a machine with this rather nasty spyware on it.
    Although Blaster S&D identified and removed a lot of associated stuff it didn't actually catch everything and the machine was subject to immediate reinfection after a reboot.

    The key omission (I think) was the failure to remove the registry entry HKLM\Software\Microsoft\Internet\Run: [SystemSearch] C:/WINDOWS/REGEDIT.EXE -s C:/WINDOWS/system.reg.
    Once this key (and the associated file) were deleted the spyware stopped reinserting itself.

    See these links for more information:
    http://forums.techguy.org/t194850/s1bfe82e7e83cb5452cd5bcfd2524a41d.html

    http://amazingtechs.com/index.php?showtopic=9999

    I did also manually clear a key:
    HKCU\Software\Microsoft\Internet Explorer\Main, Search

    Alan
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi Alan,

    Is there a particular reason for posting this in the Javacool forums?
    If not, I'll move it to Privacy Software.
    In case you are confused, the Spybot S&D forums are located here: http://forums.net-integration.net/index.php?c=7

    Regards,

    Pieter
     
  3. AlanKG

    AlanKG Registered Member

    Joined:
    Feb 16, 2004
    Posts:
    3
    I thought I followed a link from the S&D site, not sure If the link was wrong or I wandered off by mistake !

    Yes, please place it in the correct forum.

    Cheers,
    Alan
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi Alan,

    If you could clarify what the question or point of the post is, I will do my best to find it a decent home. :)

    Regards,

    Pieter
     
  5. AlanKG

    AlanKG Registered Member

    Joined:
    Feb 16, 2004
    Posts:
    3
    Having retraced my steps I now think I have put this in completely the wrong forum and the whole post probably deserves a decent burial.
    Sorry for wasting your time.
    Alan
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    No problem. I'll move it to Privacy Software as a reminder that it currently is impossible for the spyware-removers to keep up with all the CWS variants.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.