Tray icon with Spyware detected message

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Fixed:
My son was able to have some spyware installed on his computer that would
have a red X in the tray. A tooltip, that wouldnt go away, said something
like "Spyware detected. To remove the malware click on the icon... " If you
clicked on the icon, you would be sent to a SpywareSilver web page. Where of
course, you would have to buy the app to remove the garbage. Well, after
looking around a bit, I found out that a file named replmap.dll was in the
Explorer process. I used safe mode to log into the admin account and renamed
the file. Restarted and eveything was cool again. It didnt do the typical
things that spyware does, like the run key in the registry, didnt show up in
the task manager.., so it took some time to figure out. I guess I could pick
at it more if anyone would like more info.
 
If you have the code involved, and would like to zip it up and password
protect it, and send it to me (with the password!)
--I'd be glad to pass it along to the analysis folks at Microsoft.

You can also have it analyzed at www.virustotal.com or virusscan.jotti.org
and that may get it passed on to antivirus vendors in some cases.

Remove last two terms from posting address for valid email.
 
I have the same problem since yesterday. Will you please tell me where exactly in the Registry, the location of this file "replmap.dll" is? It's neither in Run keys, nor in the Task manager, as you said.
Thanx


=?Utf-8?B?QnJpYW4=?= said:
Fixed:
My son was able to have some spyware installed on his computer that would
have a red X in the tray. A tooltip, that wouldnt go away, said something
like "Spyware detected. To remove the malware click on the icon... " If you
clicked on the icon, you would be sent to a SpywareSilver web page. Where of
course, you would have to buy the app to remove the garbage. Well, after
looking around a bit, I found out that a file named replmap.dll was in the
Explorer process. I used safe mode to log into the admin account and renamed
the file. Restarted and eveything was cool again. It didnt do the typical
things that spyware does, like the run key in the registry, didnt show up in
the task manager.., so it took some time to figure out. I guess I could pick
at it more if anyone would like more info.
Click to expand...
 
Last edited:
Back
Top