MS antispyware not catching QoolAid

  • Thread starter Thread starter anonymous
  • Start date Start date
A

anonymous

I was surfing the net when I came across a webpage that
seemed like it took a long time to load then Antispyware
alerted me of about 5 or 6 spyware and trojans. I
proceeded to delete them. All of them are gone now but 3
remain. Antispyware catches rpki.exe and blocks it but it
keeps coming up. Also, I tried to search for ixfyds.exe,
impkkn.exe, rpki.exe, and shirrgh.dll, but they are not in
the folder where the program is supposedly running. The
adware is called QoolAid
 
C:\Windows\TEMP\wtmp.exe
and
C:\Windows\System32\sccmgr.exe

are supposed to be the main components of QoolAid. If
either is running when you try and remove it you will get
it back. This is one that has to be removed in Safe Mode.

The files you mention are from one of the polymorphs which
have different random file names each time. Get
HijackThis.exe from
http://tomcoyote.org/hjt/hjt199//HijackThis.exe

Save it to C:\hjt (new folder) then Open it and select
Scan and Save Log. Note where you saved the log then
send it to me as an attachment. Let's see what else you
have.

Ron Kinner
Microsoft MVP 2004 & 2005
(e-mail address removed)
 
Back
Top