Is this ad/spyware?

Discussion in 'OT Technology' started by kellyclan, Aug 12, 2004.

  1. kellyclan

    kellyclan She only loves you when she's drunk.

    Joined:
    May 16, 2001
    Messages:
    18,944
    Likes Received:
    0
    Got some PITA adware infections (twaintec, windupdates, webrebates, etc), all that is taken care of, but there is still one process i don't recognize and Google shows nothing for it.

    C:/WINDOWS/system32/xlyybux.exe runs at startup as a process. Any ideas? :confused:
     
  2. maczter

    maczter Life is trying things to see if they work.

    Joined:
    Sep 30, 2003
    Messages:
    3,622
    Likes Received:
    0
    Location:
    Austin, TX
    i say kill it.
     
  3. mdaniel

    mdaniel S is for Shiksa

    Joined:
    May 6, 2000
    Messages:
    52,499
    Likes Received:
    311
    Location:
    Northwest Mejicooooooo
    I've seen this like that before. If you kill it or msconfig it out, it will just launch again under a different gibberish name. Search your c:\windows, c:\windows\system, and c:\windows\system32 folder for hidden exe files. "dir *.exe /ah" at a command prompt. I'll bet at least your system32 folder has a bunch of them. Look at the file sizes. They'll probably be the same size. Delete them all.
     
  4. jhbmf

    jhbmf OT Supporter

    Joined:
    Aug 11, 2004
    Messages:
    4,184
    Likes Received:
    0
    Location:
    Georgia
    Ad Aware
     
  5. Keyzs

    Keyzs OT Supporter

    Joined:
    Nov 3, 2003
    Messages:
    814
    Likes Received:
    0
    Location:
    Charlotte, MI
    Check the following keys in the registry for something unusual
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce

    Also watch for strange RUN keys such as Run1nce... (there is a possibly a chance for RunOnceEx and thats fairly common)

    If you see something that does not look right do a google search for it before you delete it...

    Disclaimer - DO THIS AT YOUR OWN RISK!!! If your not sure, search...
     
  6. Yep

    Yep Knick knack paddy whack, give the old dog a bone

    Joined:
    Jan 22, 2001
    Messages:
    4,603
    Likes Received:
    0
    Location:
    South Jersey
    Yep spyware. Guy at work got a ton of it on his computer in a matter of seconds after visiting a website.

    Run Spybot and Ad Aware and the two of them should be able to wipe them out.
     
  7. Atlantis

    Atlantis Guest

    Sounds like it could also be a virus.

    To keep spyware from installing, try using SpywareGuard & SpywareBlaster.

    They take it a step further by not removing adware or spyware, but from them even being installed. Best of all, they're FREE.

    http://www.javacoolsoftware.com/products.html

    If you're using an AntiVirus program, now would also be a good time to keep it up too date. If not, try fidning of the many free ones, such as AVG.

    http://www.grisoft.com

    Personally speaking, if you're willing to spend the cash, the #1 AntiVirus program currently is; Kaspersky Anti-Virus. Makes Norton, McAfee, PC Chillin, AVG, and many others look cheap!

    http://www.kaspersky.com/
     
  8. ccrooks

    ccrooks New Member

    Joined:
    Oct 26, 2003
    Messages:
    60,221
    Likes Received:
    0
    Location:
    south bay, southern cali
    what about a program called "esud.exe" or "hwtactm.exe?"
     

Share This Page