Still cannot reinstall - due to an auto-created startup .exe!!

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I am still getting the same cannot register errors on install (and 101 when
running). I have followed all the advice, including registry editing (I am
using XP Home with SP#2).
I have noticed when running ccleaner, that a mysterious small .exe (176K) is
added to the startup list. When I try to delete it, another one with another
name appears (all 6 chars long). A file is created in system32 with that name
at the same time. I get the same if I kill it from the task manager. I am
running in safe mode with installer, so something has latched on to a service
or base file. Nothing is detecting it (Spybot, CCleaner, HJ This, etc).
Does anyone know what it is? It appears to monitor changes to the registry
and something else is watching to see if I kill it.
My guess is that it is what installs all sorts of Spyware/Malware as soon as
I connect to the internet.
So, I need to stop whatever creates this program. I can send it in if
someone wants to look at the 176K file.
TIA, Paul
 
Hi Dave. Yes, this turns out to be a "dropper" and "trojan horse"
combination. Interestingly, they were reinstalling Spyware, especially "Wild
Tangent". It is worrisome when the two are interacting like that.

Thanks, Paul
 
Great Paul;

Ewido is a superb Anti-Trojan, from Andy Machesta;

If you have any other problems run Ewido Security Suite on your system as
its free and has daily updates so does great against New infections ( Its
shows its a 14 day trial but it performs fine after that expires, you will
just need to update the scanner manually as the auto updates are part of the
trial)

http://www.ewido.net/en/download/

When installing, under "Additional Options" uncheck "Install background
guard" and "Install scan via context menu". Click on update in the left menu,
then click the Start update button.

After the update finishes click on 'scanner' from the main menu then click
'Complete System Scan' When ewido finds something, it will pop up a
notification. Select "Remove" and check the boxes "Perform action with all
infections" and "Create encrypted backup" then click on ok. When the scan
finishes, click on "Save Report" and save it to your desktop or c:/drive
incase you need it again.
 
Back
Top