www.znext.com

I was cleaning up a machine with this rather nasty spyware on it.
Although Blaster S&D identified and removed a lot of associated stuff it didn't actually catch everything and the machine was subject to immediate reinfection after a reboot.

The key omission (I think) was the failure to remove the registry entry HKLM\Software\Microsoft\Internet\Run: [SystemSearch] C:/WINDOWS/REGEDIT.EXE -s C:/WINDOWS/system.reg.
Once this key (and the associated file) were deleted the spyware stopped reinserting itself.

See these links for more information:
http://forums.techguy.org/t194850/s1bfe82e7e83cb5452cd5bcfd2524a41d.html

http://amazingtechs.com/index.php?showtopic=9999

I did also manually clear a key:
HKCU\Software\Microsoft\Internet Explorer\Main, Search

Alan

 

Hi Alan,

Is there a particular reason for posting this in the Javacool forums?
If not, I'll move it to Privacy Software.
In case you are confused, the Spybot S&D forums are located here: http://forums.net-integration.net/index.php?c=7

Regards,

Pieter

 

I thought I followed a link from the S&D site, not sure If the link was wrong or I wandered off by mistake !

Yes, please place it in the correct forum.

Cheers,
Alan

 

Hi Alan,

If you could clarify what the question or point of the post is, I will do my best to find it a decent home.

Regards,

Pieter

 

Having retraced my steps I now think I have put this in completely the wrong forum and the whole post probably deserves a decent burial.
Sorry for wasting your time.
Alan

 

No problem. I'll move it to Privacy Software as a reminder that it currently is impossible for the spyware-removers to keep up with all the CWS variants.

Regards,

Pieter