J
James
I have encountered a new spyware that no other program
has definitions yet to remove. It installs a file
called "nsbtyal.exe" into the C:\windows\system32\
folder. It then extracts what seems to be a file called
speeryox.dll into a .tmp file in the TEMP folder under
documents and settings\current user\local settings\temp.
If you try to delete it, it will duplicate itself to a
new tmp file and add itself back into the registry on its
own. The nsbtyal.exe file is found running in the task
manager. Upon searching for the file on google.com, no
results were found. First, I turned off system restore. I
was able to remove nsbtyal.exe from the task manager,
then delete the main file from the C:\windows\system32
folder. I then did a windows search (in private folders
also) for speeryox.dll and found 6 entries in separate
folders it copied itself to. I deleted each one
individually. Next, I used Hijackthis 1.99.1 to remove
the Browser Helper Object (BHO) loading the
speeryox.dll. I then used system mechanic to remove
all .tmp files and remove all invalid registry entries.
Then i compacted the registry and restart the system.
This took care of the problem.
James
has definitions yet to remove. It installs a file
called "nsbtyal.exe" into the C:\windows\system32\
folder. It then extracts what seems to be a file called
speeryox.dll into a .tmp file in the TEMP folder under
documents and settings\current user\local settings\temp.
If you try to delete it, it will duplicate itself to a
new tmp file and add itself back into the registry on its
own. The nsbtyal.exe file is found running in the task
manager. Upon searching for the file on google.com, no
results were found. First, I turned off system restore. I
was able to remove nsbtyal.exe from the task manager,
then delete the main file from the C:\windows\system32
folder. I then did a windows search (in private folders
also) for speeryox.dll and found 6 entries in separate
folders it copied itself to. I deleted each one
individually. Next, I used Hijackthis 1.99.1 to remove
the Browser Helper Object (BHO) loading the
speeryox.dll. I then used system mechanic to remove
all .tmp files and remove all invalid registry entries.
Then i compacted the registry and restart the system.
This took care of the problem.
James