1.. Kill these running processes with Task Manager:
programfilesdir+\trek blue\spynukersetup.exe
programfilesdir+\trek blue\spyware nuker\lspfix.exe
programfilesdir+\trek blue\spyware nuker\spynuker.exe
programfilesdir+\trek blue\spyware nuker\uninstaller.exe
spywarenukerinstaller[1].exe
2.. Unregister these DLLs with Regsvr32, then reboot:
programfilesdir+\trek blue\spyware nuker\exmodule.dll
programfilesdir+\trek blue\spyware nuker\zlib.dll
3.. Remove these registry items (if present) with RegEdit:
HKEY_CLASSES_ROOT\clsid\{76c7d7ba-76ac-4192-a0b2-b6fb5d18c9b4
HKEY_CLASSES_ROOT\clsid\{76c7d7ba-76ac-4192-a0b2-b6fb5d18c9b4}
HKEY_CURRENT_USER\software\vb and vba program settings\spyware nuker
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution
units\{15589fa1-c456-11ce-bf01-00aa0055595a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app
paths\spynuker.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall
\{76c7d7ba-76ac-4192-a0b2-b6fb5d18c9b4
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall
\{76c7d7ba-76ac-4192-a0b2-b6fb5d18c9b4}
HKEY_LOCAL_MACHINE\software\softup2009
HKEY_LOCAL_MACHINE\software\vb and vba program settings\spyware nuker
4.. Remove these files (if present) with Windows Explorer:
c:\documents and settings\all users\desktop\spyware nuker.lnk
commonprograms+\spyware nuker
desktopdir+\spyware nuker.lnk
programfilesdir+\trek blue\spynukersetup.exe
programfilesdir+\trek blue\spyware nuker\exmodule.dll
programfilesdir+\trek blue\spyware nuker\lspfix.exe
programfilesdir+\trek blue\spyware nuker\spynuker.exe
programfilesdir+\trek blue\spyware nuker\uninstaller.exe
programfilesdir+\trek blue\spyware
nuker\zlib.dllspywarenukerinstaller[1].exe
5.. Remove these directories (if present) with Windows Explorer:
programfilesdir+\trek blue
--
If you are under attack and MSAS does not seem to help:
*Submit suspected spyware report in the tools menu of MSAS*
PREP YOUR MACHINE FIRST!
- IF you are using Spybot S/D, UN-Immunize your computer
- IF you are using Adaware, turn off AD-Watch
- Disable all other active anti-spy applications
- Dump all temporary file locations and Internet files
1. Download:
lspfix.exe
www.cexx.org/lspfix.htm
winsockxpfix.exe
www.snapfiles.com/get/winsockxpfix.html
ccleaner.exe
www.ccleaner.com
killbox.exe
www.bleepingcomputer.com/files/killbox.php
2. Clean out all temp file locations with ccleaner.exe
3. Install and use killbox to delete stubborn files
4. Reboot into safe mode -
http://tinyurl.com/pfca
5. Run MSAS at least twice in full/deep mode
6. Run a robust, updated antivirus software scan
7. Reboot into normal mode,see if problem has been corrected
8. If you think something is there but can't see it, download:
- Blacklight by F-Secure
www.europe.f-secure.com/exclude/blacklight/blbeta.exe
- RootKitRevealer by SysInternals
www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml
9. If your problem is Virus or Security patch related:
In the United States or Canada, call 1-866-PCSAFETY
MS will provide free support for those issues.
Battle Notes:
- If you have trojans (files that won't go away),
you may have to disable System Restore on XP:
http://tinyurl.com/movy
- If your Internet connectivity quits:
http://support.microsoft.com/kb/892350
http://support.microsoft.com/kb/811259
LSPFix -
www.cexx.org/lspfix.htm
Winsockxpfix -
www.snapfiles.com/get/winsockxpfix.html
- Install SpywareBlaster to block malware apps from
installing on your machine. Does not actively run
on your machine, you run it, it makes changes that
protect you.
http://www.javacoolsoftware.com/
- This program will not detect or remove viruses
http://www.microsoft.com/athome/security/viruses/default.mspx
*** For assistance in battling infestations***
- Get HijackThis.exe from:
http://tomcoyote.org/hjt/hjt199//HijackThis.exe
- Save it to C:\hjt (new folder)
- Open it and select "Scan and Save Log"
- Send it to Ron Kinner as an attachment
- Ron's email address is (e-mail address removed)
- Put Hijack in the subject so he knows it's not spam
Application Notes:
Registering a VB6 dll seems to fix missing agents:
1) Open up a command prompt (start -> run -> cmd)
2) Type in the following "regsvr32 msvbvm60.dll" (without the quotes).
3) Close and re-open Windows AntiSpyware
4) If that fails, install VB6 runtime files:
http://www.softwarepatch.com/windows/vbrun6download.htm
- To report false positives:
www.microsoft.com/athome/security/spyware/software/isv/fpform.aspx
- To submit disputes or requests:
www.microsoft.com/athome/security/spyware/software/isv/cdform.aspx
- To learn more about how MS analyzes suspected spyware:
www.microsoft.com/athome/security/spyware/software/isv/analysis.mspx
- To Run MSAS in passive mode:
http://support.microsoft.com/kb/892375
Alternative Anti-Spyware Applications:
- Spybot Search and Destroy
http://www.majorgeeks.com/download2471.html
- LavaSoft AdAware
http://www.majorgeeks.com/download506.html
- AdAware VX2 Cleaner Plugin
http://www.majorgeeks.com/download4283.html
- BHODemon
http://www.majorgeeks.com/download3550.html
- CWShredder (CoolWWWSearch)
http://www.majorgeeks.com/download3019.html
- PestPatrol
http://www.majorgeeks.com/download1187.html
- Webroot Spysweeper
http://www.majorgeeks.com/download3263.html
- Ewido Security Suite
http://www.ewido.net/en/
- CounterSpy (Same Giant Company Engine as MSAS)
-
http://www.sunbelt-software.com
Recommended Software to help protect you:
- Windows XP Service Pack 2
http://www.microsoft.com/windowsxp/sp2/default.mspx
- SpywareBlaster
http://www.javacoolsoftware.com
- Outpost Firewall Pro
http://www.agnitum.com/products/outpost
---------------------------------------------
