www.znext.com

Discussion in 'other anti-malware software' started by AlanKG, Feb 16, 2004.

Thread Status:
Not open for further replies.
  1. AlanKG

    AlanKG Registered Member

    Joined:
    Feb 16, 2004
    Posts:
    3
    I was cleaning up a machine with this rather nasty spyware on it.
    Although Blaster S&D identified and removed a lot of associated stuff it didn't actually catch everything and the machine was subject to immediate reinfection after a reboot.

    The key omission (I think) was the failure to remove the registry entry HKLM\Software\Microsoft\Internet\Run: [SystemSearch] C:/WINDOWS/REGEDIT.EXE -s C:/WINDOWS/system.reg.
    Once this key (and the associated file) were deleted the spyware stopped reinserting itself.

    See these links for more information:
    http://forums.techguy.org/t194850/s1bfe82e7e83cb5452cd5bcfd2524a41d.html

    http://amazingtechs.com/index.php?showtopic=9999

    I did also manually clear a key:
    HKCU\Software\Microsoft\Internet Explorer\Main, Search

    Alan
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,440
    Location:
    Netherlands
    Hi Alan,

    Is there a particular reason for posting this in the Javacool forums?
    If not, I'll move it to Privacy Software.
    In case you are confused, the Spybot S&D forums are located here: http://forums.net-integration.net/index.php?c=7

    Regards,

    Pieter
     
  3. AlanKG

    AlanKG Registered Member

    Joined:
    Feb 16, 2004
    Posts:
    3
    I thought I followed a link from the S&D site, not sure If the link was wrong or I wandered off by mistake !

    Yes, please place it in the correct forum.

    Cheers,
    Alan
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,440
    Location:
    Netherlands
    Hi Alan,

    If you could clarify what the question or point of the post is, I will do my best to find it a decent home. :)

    Regards,

    Pieter
     
  5. AlanKG

    AlanKG Registered Member

    Joined:
    Feb 16, 2004
    Posts:
    3
    Having retraced my steps I now think I have put this in completely the wrong forum and the whole post probably deserves a decent burial.
    Sorry for wasting your time.
    Alan
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,440
    Location:
    Netherlands
    No problem. I'll move it to Privacy Software as a reminder that it currently is impossible for the spyware-removers to keep up with all the CWS variants.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.