B
bobc
MS spware finds the spyware and kills it but it keeps
coming back when you re-boot. any ideas how to permanently
delete it?
iSearch.DesktopSearch Spyware more information...
Details: Removes the users access to use Windows Search
and replaces it with C:\WINDOWS\isrvs\desktop.exe.
Status: Ignored
High threat - High-risk items have a large potential for
harm, such as loss of computer control, and should be
removed unless knowingly installed.
Infected files detected
c:\windows\isrvs\msdbhk.dll
C:\WINDOWS\isrvs\desktop.exe
c:\windows\isrvs\ffisearch.exe
c:\windows\isrvs\isearch.xpi
c:\windows\isrvs\sysupd.dll
c:\w! indows\isrvs\mfiltis.dll
c:\windows\isrvs\edmond.exe
c:\windows\system32\drivers\delprot.sys
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run Desktop Search
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/h
tml sctpf
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{950238FB-C706-
4791-8674-4D429F85897E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/h
tml
HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html
HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html sctpf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run Desktop Search
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run ffis
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{950238FB-C706-
4791-8674-4D429F85897E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/h
tml
HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Ru! n Desktop Search
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur
rentVersion\Run Desktop Search
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delpro
t
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delpro
t Type 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delpro
t Start 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delpro
t ErrorControl 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delpro
t ImagePath \SystemRoot\system32\drivers\delprot.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delpro
t DisplayName delprot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run Desktop Search
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run ffis
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run Desktop Search
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run ffis
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{950238FB-C706-
4791-8674-4D429F85897E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/h
tml
! HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html
coming back when you re-boot. any ideas how to permanently
delete it?
iSearch.DesktopSearch Spyware more information...
Details: Removes the users access to use Windows Search
and replaces it with C:\WINDOWS\isrvs\desktop.exe.
Status: Ignored
High threat - High-risk items have a large potential for
harm, such as loss of computer control, and should be
removed unless knowingly installed.
Infected files detected
c:\windows\isrvs\msdbhk.dll
C:\WINDOWS\isrvs\desktop.exe
c:\windows\isrvs\ffisearch.exe
c:\windows\isrvs\isearch.xpi
c:\windows\isrvs\sysupd.dll
c:\w! indows\isrvs\mfiltis.dll
c:\windows\isrvs\edmond.exe
c:\windows\system32\drivers\delprot.sys
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run Desktop Search
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/h
tml sctpf
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{950238FB-C706-
4791-8674-4D429F85897E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/h
tml
HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html
HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html sctpf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run Desktop Search
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run ffis
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{950238FB-C706-
4791-8674-4D429F85897E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/h
tml
HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Ru! n Desktop Search
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur
rentVersion\Run Desktop Search
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delpro
t
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delpro
t Type 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delpro
t Start 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delpro
t ErrorControl 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delpro
t ImagePath \SystemRoot\system32\drivers\delprot.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delpro
t DisplayName delprot
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run Desktop Search
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run ffis
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run Desktop Search
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run ffis
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{950238FB-C706-
4791-8674-4D429F85897E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/h
tml
! HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html