Re: ssk.exe surfsidekick

From: "HarryHydro" <harryhydro@xxxxxxxxxxx>

| Hi Folks:
| I'm working on a laptop. It 'had' LOADS of virii, adware,
| spyware, you name it, it had it. Using MS Antispy, Trendmicro, Spybot
| I think he installed, Ive seem to gotten down to one program, SSK.EXE.
| I can't start in SAFEMODE because the password doesn't work. SAFEMODE
| with NETWORKING logs in, but SSK.EXE is running already by this time.
| I don't see it in the Task Manager, and almost everything else in Task
| Manager can't be stopped. There isn't alot of stuff.. One is
| KEEPSAFE that looks suspicious.
| If logged in, even via Safemode/Networking, and Network Jack
| plugged in (on the net), it eventually loads more adware junk. I've
| used MSCONFIG to disable everything in Startup and Services, SSK still
| runs. It keeps coming back in the registry. I'm assuming it's changing
| the registry back on shutdown. MSAntiSpy keeps finding it, but it
| can't delete it. I can see it trying, 3 times ort so, but no go. I
| can't stand this *** virus/adware! Sucks! Glad it's not my
| machine.
|
| He said he uses the internal WiFi to browse at home, and watched
| it load all kinds of stuff he couldn't keep up with.
|
| I'm assuming something with Networking is loading this. I tried
| installing IE6 from the MS site. Doesn't work. Gives excuses..
| any help appreciated. You guys are great!
| Take Care!
| Harry

Sorry Harry, you did not have load of 'virii' or 'viri' as there is no such terminolgy.
You may have had a load of viruses since the plural of virus is viruses.
http://spl.haxial.net/viruses.html
http://homepages.tesco.net/~J.deBoynePollard/FGA/plural-of-virus.html

Please note there are anti virus and anti spyware News Groups specifically for this type of
discussion.

alt.privacy.spyware
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

It is HIGHLY suggested that you get the administrator password so you can logon in Safe Mode
and run suggested scans in Safe Mode for greater removal efficacy.


You stated you used; Trendmicro and Spybot. You need to state what version of software were
used. For example, was that SpyBot Search and Destru v1.4 ? Was that Trend PC Cillin, the
online scanner or Sysclean ?

SSK.EXE is associated with a few programs but notiby SurfSideKick Adware
Here are directions for its removal...
http://labs.paretologic.com/spyware.aspx?remove=SurfSideKick

I also suggest the downloading, installing and updating Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/

The following is for making sure you are indeed virus free. The following Multi AV scanning
tool provides scanners for Trend Micro (ysclean), Sophos and McAfee. I strongly suggest
running all three modules.

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
remove viruses, Trojans and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode. This
way all the components can be downloaded from each AV vendor?s web site.
The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

* * * Please report back your results * * *


In addition...

Please do NOT follow the directions of PCBUTTS1. He has been told numerous times NOT to
request posting HiJack This (HJT) logs in the MS News Groups. Microsoft personnel and MS
MVPs have stated emphatically that this should not be done so plaese don't follow ghis
directions.

I also want to note that while the tools he suggested are good anti spyware tools, they
should be obtained from the vendors or the vendor's slected web hosting site.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


.