Re: Losing the Spyware Battle

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

---

• From: "MowGreen [MVP]" <mowgreen@xxxxxxxxxxxxx>
• Date: Sat, 04 Jun 2005 10:43:35 -0700

---

This tutorial shows how to find where the malware is loading from :

http://www.bleepingcomputer.com/forums/How_to_remove_a_Trojan_Virus_Worms_or_other_Malware-tut101.html

MowGreen  [MVP 2004-2005]
===============
 *-343-*  FDNY
Never Forgotten
===============

mcp6453 wrote:

I'm closing in on it. There is one file that keeps trying to be install in Run in the registry, called ulkulk.exe. Microsoft Antispyware blocked it, but I cannot find that file on the hard drive (search hidden and system files) and I cannot find any reference to it in the registry or elsewhere. There is some place I'm not looking. A Google search yields zero hits on that filename, which must mean that the spyware/adware/whateverware is creating a randomly assigned name for the critter.

R. McCarty wrote:

Been there, Done that - What a fun operation - Right up there
with cleaning out gutters. Sometimes it's better to backup all
the data and re-install. But if that's not an option, you've made
a good run at it. Here's a few extra items:

Dump IE Cache, Cookies.
Download/Run Spybot Search & Destroy 1.4 (Just Released)
Download/Run HiJackThis & CWShredder. Check for BHO's
(Browser Helper Objects).
Override Default Cookie Handling - Accept 1st, Block 3rd
Run online scans for Virus, Trojans and Malware
Check IE Zone Settings
**Likely you've got Registry remnants that are just a royal PITA
    to try and remove manually. Some of the online scanners can
    pinpoint them, but offer no removal capability.

"mcp6453" <mcp6453@xxxxxxxxxxxxx> wrote in message news:OWr6GgQaFHA.464@xxxxxxxxxxxxxxxxxxxxxxx

I have an XPP machine that has the worst infestation of spyware I've seen, and it is whipping me. It had some viruses, too, but I got rid of those pretty easily. It was necessary to run LSPFIX (what a great utility!) to get the machine to communicate over the Ethernet port. Because I don't want to have to reinstall the applications (there are some custom written ones that I don't want to have to figure out), I'm spending unbillable time trying to clean it. Here is where I am so far:

1) EZTrust Antivirus scan - clean
2) housecall.trendmicro.com online scan - clean
3) Ad-Aware (updated) scan - clean
4) Microsoft Antispyware scan - clean
5) Run in Registry - no unidentified keys
6) Manually deleted urkurk.exe from \windows\system32
7) Manually deleted jervw.exe from \windows\system32
8) Re-ran all scans in Safe and Normal modes
9) Set everything in msconfig to off
10) Set Microsoft Antispyware to real time monitor
11) Installed Google toolbar to prevent pop ups
12) Removed everything unfamiliar in Add/Remove Programs

On each of the above, if anything was discovered, I did a rinse, lather, repeat until the process came up clean.

When I start Internet Explorer, I still get an occasional popup. What am I overlooking? Why are Ad-Aware and Microsoft Antispyware not picking up these varmints?

.

---

• Follow-Ups:
  • Re: Losing the Spyware Battle
    • From: mcp6453

• References:
  • Losing the Spyware Battle
    • From: mcp6453
  • Re: Losing the Spyware Battle
    • From: R. McCarty
  • Re: Losing the Spyware Battle
    • From: mcp6453

• Prev by Date: Re: DSL with Norton Live Update
• Next by Date: WMP 10 -- can it edit a CD list?
• Previous by thread: Re: Losing the Spyware Battle
• Next by thread: Re: Losing the Spyware Battle
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Losing the Spyware Battle ... I had to go through the registry to get rid of all references to both. ... Microsoft Antispyware blocked it, but I cannot find that file on the hard drive and I cannot find any reference to it in the registry or elsewhere. ... Because I don't want to have to reinstall the applications, I'm spending unbillable time trying to clean it. ... (microsoft.public.windowsxp.general) Re: Losing the Spyware Battle ... There is one file that keeps trying to be install in Run in the registry, ... Microsoft Antispyware blocked it, but I cannot find that file on the hard drive and I cannot find any reference to it in the registry or elsewhere. ... Ad-Aware scan - clean ... (microsoft.public.windowsxp.general) Re: Losing the Spyware Battle ... Microsoft Antispyware blocked it, but I cannot find that file on the hard drive and I cannot find any reference to it in the registry or elsewhere. ... Run online scans for Virus, ... Because I don't want to have to reinstall the applications, I'm spending unbillable time trying to clean it. ... (microsoft.public.windowsxp.general) Re: New computer, which security software? ... Spybot would be a good additional spyware scanner. ... Be Clean is the best ... To protext your XP from sending stuff home to MS I advice XP Antispy ... RegSeeker is the only genue registry scanner that can somehow ... (alt.computer.security) Re: Service Pack 2? ... But I was able to clean up my system and restore an older registry backup, ... BTW - Is there any way to go back to plain jane WinXP (i.e. without ... (microsoft.public.windowsxp.general)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > WinXP  > microsoft.public.windowsxp.general  > 2005-06