nsbtyal.exe, speeryox.dll BHO SPYWARE

[James]

I have encountered a new spyware that no other program
has definitions yet to remove. It installs a file
called "nsbtyal.exe" into the C:\windows\system32\
folder. It then extracts what seems to be a file called
speeryox.dll into a .tmp file in the TEMP folder under
documents and settings\current user\local settings\temp.
If you try to delete it, it will duplicate itself to a
new tmp file and add itself back into the registry on its
own. The nsbtyal.exe file is found running in the task
manager. Upon searching for the file on google.com, no
results were found. First, I turned off system restore. I
was able to remove nsbtyal.exe from the task manager,
then delete the main file from the C:\windows\system32
folder. I then did a windows search (in private folders
also) for speeryox.dll and found 6 entries in separate
folders it copied itself to. I deleted each one
individually. Next, I used Hijackthis 1.99.1 to remove
the Browser Helper Object (BHO) loading the
speeryox.dll. I then used system mechanic to remove
all .tmp files and remove all invalid registry entries.
Then i compacted the registry and restart the system.
This took care of the problem.

James

 

[Ron Chamberlin]

Hi James,
Good work. What a PITA this junk is eh?

I bombed also on a search for your first term, but hit paydirt with the
second 'speeryox.dll'. Removal instructions are here should you wish to
check your good work:
http://securityresponse.symantec.com/avcenter/venc/data/adware.mxtarget.html

Ron Chamberlin
MS-MVP