contact :: legal :: webstats also in this section: - select - adminz index > technical information library > most popular pages

adminz

Got a call to a PC the other day with a nasty case of spyware,
managed to clean most of it but at least one, possibly two remnants
remain ...

Firstly there's the entries in the HOSTS file:

O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch

These proved difficult to kill and I have since learned they are from
spyware known as 'look2me'. A program called kill2me has been
written by the HijackThis author specifically to kill look2me:

http://www.spywareinfo.com/~merijn/files/kill2me.zip

Second there's some trusted zones which I'm unable to clean with HJT:

O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)

This IP resolves to 117.202.linkey.ru and is obviously not meant to
be there. I wasn't able to remove them and have since learned of a
tool to clean all 'O15' entries:

http://www.greyknight17.com/spy/DelO15Domains.inf

Finally, the Grey Knight also drew my attention to a neat startup
lister, which goes further than those I currently have:

http://www.greyknight17.com/spy/StartDreck.zip

Stu

---
* Origin: [adminz] tech, security, support (192:168/0.2)

generated by msg2page 0.06 on Jul 21, 2006 at 19:03:56

search: this site only Like this site? Your donation is welcome!