Spyware returns after removal ...

  • Thread starter Thread starter Ben
  • Start date Start date
B

Ben

ikprkm.exe keeps returning after removal - major pest; any
thoughts?

Spyware Scan Details
Start Date: 4/22/2005 7:57:36 AM
End Date: 4/22/2005 8:13:57 AM
Total Time: 16 mins 21 secs

Detected Threats

Unclassified.Spyware.61 Spyware more information...
Status: Removed
Severe threat - Severe threats typically are remotely
exploitable vulnerabilities, which can lead to system
compromise. Successful exploitation does not normally
require any interaction and exploits are in the wild.
There exists a high possibility of potential system damage
or security flaw. Attacker has complete control over your
computer or install new software on your machine.

Infected files detected
c:\windows\system32\ikprkm.exe
C:\WINDOWS\unadbeh.exe
C:\WINDOWS\SYSTEM32\winup2date.dll
c:\windows\system32\dmncmrq.exe
c:\windows\system32\sriprhb.dll
c:\windows\system32\wkaqk.dat

Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run KavSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-
4E25-8BDF-77445B52AB37}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run KavSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-
4E25-8BDF-77445B52AB37}
HKEY_CLASSES_ROOT\clsid\{6EC11407-5B2E-4E25-8BDF-
77445B52AB37}
HKEY_CLASSES_ROOT\clsid\{6EC11407-5B2E-4E25-8BDF-
77445B52AB37}\InProcServer32 C:\WINDOWS\system32
\winup2date.dll
HKEY_CLASSES_ROOT\clsid\{6EC11407-5B2E-4E25-8BDF-
77445B52AB37}\InProcServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{6EC11407-5B2E-4E25-8BDF-
77445B52AB37}\ProgId Columns class
HKEY_CLASSES_ROOT\clsid\{6EC11407-5B2E-4E25-8BDF-
77445B52AB37} Columns class


Detected Spyware Cookies
No spyware cookies were found during this scan.
 
Ben said:
ikprkm.exe keeps returning after removal - major pest; any
thoughts?

Hi

Have you done any scans in safe mode ? Do that,
choose fullscan with all options checked within MSAS.

Also fill your "toolbox" with these tools to make this cleaning
better.

- Download/Install CCleaner, www.ccleaner.com, remove all
temporarily junk

- Download/Install Lavasofts Adaware, also removes tracking
cookies.

http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022-10319876.html?tag=list


All scans then in safe mode, press F8 during reboot.
 
Back
Top