L
laminate
After I had 98% of this posting typed, my computer crashed and I lost
all of it. I'm going to attempt to recreate the necessary details
though.
On December 22, I stupidly downloaded something called mp3.plugin.exe.
Of course it was spyware, and within an hour or two of using
hijackthis, spybot, and adaware, I had my PC pretty much back as I
wanted.
However, an annoying remnant of that spyware infusion remains on my
computer. Sporadically in IE 6 (which is not my default browser;
Netscape 7.1 is), I will get a popup from lops.com. This happens at
odd times too - like on my about:blank start page, or when surfing
sites that I know are popup-free.
Determined to track it down, I ran Spybot, Ad-aware 6.0, and a free
trial version of something called SpyHunter 1.1.29. All had updated
reference files.
Spybot found nothing.
Ad-aware found one item, something called TopSearch.dll that is
associated with KazaaLite. I've had KazaaLite on my computer for over
a year, and it's supposed to be spyware-free. I'm not worried.
SpyHunter found several things:
- LOTS and LOTS of registry entries for BackWeb lite. But some past
research I did on this indicated that it's part of my Kodak software's
checking for updates. Minimally pesky or invasive perhaps, but
nothing that bothers me.
- Two registry objects called AcroIEHelper.AcroIEHlprObj and
AcroIEHelper.AcroIEHlprObj.1 that I am not too concerned about either.
They sound like they have something to do with Acrobat Reader.
- release notes.lnk, something in my start menu for my HP printer.
I've had the printer for two years and I highly doubt that a link in
the start menu has anything to do with spyware.
- wa_inst.exe, a file in my Windows Application data folder. This
makes me VERY suspicious, and I comment on that in the next paragraph.
Finally, I browsed google groups and came upon this article:
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=uM7GoVb1BHA.2680@tkmsftngp05&rnum=2
Among several other things, it recommends looking in
c:\windows\application data for odd files. Now I can't tell a good
file from an odd one in that folder. But I found it noteworthy that
there are only six files right under c:\windows\application data on my
computer (there are a LOT of folders in there, but only six files at
that level). Five of those files are dated shortly after noon on
December 22, which is when I remember I was messing around with
mp3.plugin.exe. Those files are:
- oablmyil.exe
- prckssoodki.lib
- uwtxdfql.exe
- wa_inst.exe
- wsprgaeoo.dll
The date/time stamp makes me VERY suspicious.
So for anyone who has read all of this, my questions:
1. Can I delete those five odd files in my Windows Application Data
folder?
2. What else should I look for to remove, once and for all, the
remnants of my mp3.plugin.exe adventure?
3. Any comments on the other stuff that I mentioned above found by my
spyware scans?
all of it. I'm going to attempt to recreate the necessary details
though.
On December 22, I stupidly downloaded something called mp3.plugin.exe.
Of course it was spyware, and within an hour or two of using
hijackthis, spybot, and adaware, I had my PC pretty much back as I
wanted.
However, an annoying remnant of that spyware infusion remains on my
computer. Sporadically in IE 6 (which is not my default browser;
Netscape 7.1 is), I will get a popup from lops.com. This happens at
odd times too - like on my about:blank start page, or when surfing
sites that I know are popup-free.
Determined to track it down, I ran Spybot, Ad-aware 6.0, and a free
trial version of something called SpyHunter 1.1.29. All had updated
reference files.
Spybot found nothing.
Ad-aware found one item, something called TopSearch.dll that is
associated with KazaaLite. I've had KazaaLite on my computer for over
a year, and it's supposed to be spyware-free. I'm not worried.
SpyHunter found several things:
- LOTS and LOTS of registry entries for BackWeb lite. But some past
research I did on this indicated that it's part of my Kodak software's
checking for updates. Minimally pesky or invasive perhaps, but
nothing that bothers me.
- Two registry objects called AcroIEHelper.AcroIEHlprObj and
AcroIEHelper.AcroIEHlprObj.1 that I am not too concerned about either.
They sound like they have something to do with Acrobat Reader.
- release notes.lnk, something in my start menu for my HP printer.
I've had the printer for two years and I highly doubt that a link in
the start menu has anything to do with spyware.
- wa_inst.exe, a file in my Windows Application data folder. This
makes me VERY suspicious, and I comment on that in the next paragraph.
Finally, I browsed google groups and came upon this article:
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=uM7GoVb1BHA.2680@tkmsftngp05&rnum=2
Among several other things, it recommends looking in
c:\windows\application data for odd files. Now I can't tell a good
file from an odd one in that folder. But I found it noteworthy that
there are only six files right under c:\windows\application data on my
computer (there are a LOT of folders in there, but only six files at
that level). Five of those files are dated shortly after noon on
December 22, which is when I remember I was messing around with
mp3.plugin.exe. Those files are:
- oablmyil.exe
- prckssoodki.lib
- uwtxdfql.exe
- wa_inst.exe
- wsprgaeoo.dll
The date/time stamp makes me VERY suspicious.
So for anyone who has read all of this, my questions:
1. Can I delete those five odd files in my Windows Application Data
folder?
2. What else should I look for to remove, once and for all, the
remnants of my mp3.plugin.exe adventure?
3. Any comments on the other stuff that I mentioned above found by my
spyware scans?