spyware search and destroy

C

Chris W

A friend of mine has some spyware program that keeps launching processes
with what appear to be random names that are different every time it
runs, so I can't search for a specific file name and get rid of all the
stuff that I need to. What I need to find out is the name of the
process that runs the randomly named exe files. I found this utility
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml and was
wondering if anyone knows if that will let me find the process that
starts the other one. My friend is bringing his machine over on
Saturday and I want to find so utility to track this stuff manually.

--
Chris W

Gift Giving Made Easy
Get the gifts you want &
give the gifts they want
http://thewishzone.com
 
D

Dave Patrick

Look for anything suspicious here. Start\Settings\Control
Panel\Administrative Tools\Computer Management(Local)\System
Information\Software Environment\Startup Programs|View|Advanced, then in the
"Location" column, you'll find the path to the "Startup" location either in
the "Startup" directories or from the registry's "Run" keys. (note that this
windows is read-only so you must manually navigate to the location below to
edit or otherwise delete)

%ALLUSERSPROFILE%\Start Menu\Programs\Startup
%USERPROFILE%\Start Menu\Programs\Startup

You can delete the shortcuts that you no longer want to run.


HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

You can delete the string value for the program you no longer want to run.

or copy msconfig from Windows XP to the "windows" directory


--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
|A friend of mine has some spyware program that keeps launching processes
| with what appear to be random names that are different every time it
| runs, so I can't search for a specific file name and get rid of all the
| stuff that I need to. What I need to find out is the name of the
| process that runs the randomly named exe files. I found this utility
| http://www.sysinternals.com/ntw2k/freeware/procexp.shtml and was
| wondering if anyone knows if that will let me find the process that
| starts the other one. My friend is bringing his machine over on
| Saturday and I want to find so utility to track this stuff manually.
|
| --
| Chris W
|
| Gift Giving Made Easy
| Get the gifts you want &
| give the gifts they want
| http://thewishzone.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Auto Logon 2
system process takes 95% of cpu all the time 1
Search and Destroy 2
Spybot Search and Destroy 4
Process Explorer Updated V3.30 1
[Update] Spybot Search & Destroy 8
deleting a spyware file. 7
Showdown: Spyware Search & Destroy SHAMED by Super Utilities for me today 6

Top