SpywareStrike

[Guest]

My PC was attacked by a trojan horse called SpywareStrike. Microsoft
AntiSpyware, Norton and Spy&Bot detected it buy did not succed to remove it.

Did somebody have the same problem and succeded to resolve it?

The trojan horse may be also be recognized by the keywords: Replmap or
mscornet.

 

[Guest]

Hello Fred,

Try Ewido:
http://castlecops.com/t137442-CCSP_Ewido_Install_and_Scan_Instructions.html

I hope that (this) post is helpful, let us know how it works ºut.
Engel

 

[Guest]

My PC was attacked by a trojan horse called SpywareStrike. Microsoft
AntiSpyware, Norton and Spy&Bot detected it buy did not succed to remove it.

Did somebody have the same problem and succeded to resolve it?

The trojan horse may be also be recognized by the keywords: Replmap or
mscornet.
Yep, and I'm still trying to get rid of it. It seems to have firmly lodged itself in my registry (hkey_local_machine\software\microsoft\windows\currentversion\policies\explorer\run.wininet.dll). the wininet registry entry has a "value data" of mscornet.exe. but no file of that name exists on my pc. nevertheless, it refuses to be deleted. Any ideas?

 

[Guest]

This is a Ron Kinner case beacuse I cannot find any good advice within any
forum without using HijackThis and to be carefully guided.
Get HijackThis.exe from
http://tomcoyote.org/hjt/hjt199//HijackThis.exe
http://computercops.biz/HijackThis.html

Save it to C:\hjt (new folder) then Open it and select Scan and Save Log.
Note where you saved the log then send it to him as an attachment. Put
Hijack in the subject so he'll know it's not spªm.

Alternatively you can post it on the Dell Forum ªt:

http://forums.us.dell.com/supportforums/board?board.id=si_hijack

(if it wraps you can go tº:

http://tinyurl.com/ckuzq instead.)

Put Ron in the subject so he will see it. You do not need to have a Dell to
post but you will need to register.

Ron Kinner
Microsoft MVP 2004 & 2005
(e-mail address removed)

Good luck
Engel
--

 

[Guest]

I ran the entire Castlecops sequence-- and I'm glad I did!! Ewido "found" (3)
more
"landmines" on my system, and succeeded in removing those--- it found but
failed to remove the "original" infestation, exactly as every other "anti
virus/spyware" program had. I did get rid of it--- see my prior posting
please.

 

[Guest]

I finally got rid of this pest by doing the following: 1) uninstalling my
Comcast Broadband files 2) disabling my on-board LAN 3) deleting ALL of my
XP Internet settings 4) going to the registry and setting my "user"
permissions for this regentry to "full control" 5) MANUALLY deleting the
registry file then re-booting and reversing all of the above changes.
By the way, at least on my system this is a "sneaky" trojan--- what MS
Antispyware "sees" as "Trojan.Downloader.slvr" is actually a
"Zolob.Downloader" in disguise. I also ran Spybot AND
MS Antispyware both before and after the deletion effort to ensure that it
really, really was gone!
I'm not certain, but it may also be necessary to delete the "wininet.dll"
file from "windows\system32", because that seems to be the "corrupted" file
source - I didn't delete it, but DID reinstall my (SP2) disk, just in case.

 

[Guest]

Hi undoble,

Great you nailed it.

Thanks for getting back to us with your success.
Nothing is more frustrating than supplying a fix and having the outcome just
go off into a bit bucket.
This is a learning process for everyone here.

Engel

 

[Guest]

Yeah- but it only took a full week of "pounding sand" to do it!!! By the way,
once this fix is complete, be sure to to check ALL of your start menu's and
Start-up programs--- this sneaky little #$@%#%@ left a "calling card" in my
start-up program menu--- called "mscornet""!!

 

[Bill Sanderson]

If you are having trouble removing a registry key, the permissions are
probably intentionally set to prevent that. Right click the key and choose
to take ownership of it.

If you are on XP Home, you will probably need to restart in Safe mode, and
log in as administrator--probably with no password--to do this step (i.e. be
able to take ownership.)

Working in safe mode is a good idea when removing recalcitrant spyware
anyway.

--