B
Ben
ikprkm.exe keeps returning after removal - major pest; any
thoughts?
Spyware Scan Details
Start Date: 4/22/2005 7:57:36 AM
End Date: 4/22/2005 8:13:57 AM
Total Time: 16 mins 21 secs
Detected Threats
Unclassified.Spyware.61 Spyware more information...
Status: Removed
Severe threat - Severe threats typically are remotely
exploitable vulnerabilities, which can lead to system
compromise. Successful exploitation does not normally
require any interaction and exploits are in the wild.
There exists a high possibility of potential system damage
or security flaw. Attacker has complete control over your
computer or install new software on your machine.
Infected files detected
c:\windows\system32\ikprkm.exe
C:\WINDOWS\unadbeh.exe
C:\WINDOWS\SYSTEM32\winup2date.dll
c:\windows\system32\dmncmrq.exe
c:\windows\system32\sriprhb.dll
c:\windows\system32\wkaqk.dat
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run KavSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-
4E25-8BDF-77445B52AB37}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run KavSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-
4E25-8BDF-77445B52AB37}
HKEY_CLASSES_ROOT\clsid\{6EC11407-5B2E-4E25-8BDF-
77445B52AB37}
HKEY_CLASSES_ROOT\clsid\{6EC11407-5B2E-4E25-8BDF-
77445B52AB37}\InProcServer32 C:\WINDOWS\system32
\winup2date.dll
HKEY_CLASSES_ROOT\clsid\{6EC11407-5B2E-4E25-8BDF-
77445B52AB37}\InProcServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{6EC11407-5B2E-4E25-8BDF-
77445B52AB37}\ProgId Columns class
HKEY_CLASSES_ROOT\clsid\{6EC11407-5B2E-4E25-8BDF-
77445B52AB37} Columns class
Detected Spyware Cookies
No spyware cookies were found during this scan.
thoughts?
Spyware Scan Details
Start Date: 4/22/2005 7:57:36 AM
End Date: 4/22/2005 8:13:57 AM
Total Time: 16 mins 21 secs
Detected Threats
Unclassified.Spyware.61 Spyware more information...
Status: Removed
Severe threat - Severe threats typically are remotely
exploitable vulnerabilities, which can lead to system
compromise. Successful exploitation does not normally
require any interaction and exploits are in the wild.
There exists a high possibility of potential system damage
or security flaw. Attacker has complete control over your
computer or install new software on your machine.
Infected files detected
c:\windows\system32\ikprkm.exe
C:\WINDOWS\unadbeh.exe
C:\WINDOWS\SYSTEM32\winup2date.dll
c:\windows\system32\dmncmrq.exe
c:\windows\system32\sriprhb.dll
c:\windows\system32\wkaqk.dat
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run KavSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-
4E25-8BDF-77445B52AB37}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run KavSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-
4E25-8BDF-77445B52AB37}
HKEY_CLASSES_ROOT\clsid\{6EC11407-5B2E-4E25-8BDF-
77445B52AB37}
HKEY_CLASSES_ROOT\clsid\{6EC11407-5B2E-4E25-8BDF-
77445B52AB37}\InProcServer32 C:\WINDOWS\system32
\winup2date.dll
HKEY_CLASSES_ROOT\clsid\{6EC11407-5B2E-4E25-8BDF-
77445B52AB37}\InProcServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{6EC11407-5B2E-4E25-8BDF-
77445B52AB37}\ProgId Columns class
HKEY_CLASSES_ROOT\clsid\{6EC11407-5B2E-4E25-8BDF-
77445B52AB37} Columns class
Detected Spyware Cookies
No spyware cookies were found during this scan.