Cannot remove unknown spyware

Discussion in 'Malware Help (A Specialist Will Reply)' started by Wittigpc, Jul 11, 2006.

  1. Wittigpc

    Wittigpc Private E-2

    Can not remove unknown spyware. I get this line in Hijackthis:

    O2 - BHO: (no name) - {67ef505e-ce87-4205-af6f-1b41d0be61ca} - C:\WINDOWS\system32\korole.dll

    I have goggled this info and come up empty. I have tried to use hijack this to remove and it comes back.

    I have manually gone into the registry removing references. I Delete or rename the reg entry, and hit F5 and Whalaa!!!! It’s back faster then you can say UAAAA!!!!!

    I have run AdAware, Spybot, NIS 2006, VundooFix and Hijack this.

    I love your sight, you have helped me fix more problems then you could ever know, but this one has me stumped.

    I have a 2 Mo old Dell Dimension 9000 series, XP Home, 1 GB RAM 160 GB SATA.
    All Windows and Norton updates have been done.

    Tried to Del the korole.dll file but could not - even from safe mode.
    Changing the registry in safe mode produced the same results as well.
    I deleted that registry once every second, and it put it back every second. I have heard of things that would check every 30 sec or so, but not continuously.

    I am out of Ideas
    Dan
     

    Attached Files:

    Wittigpc, Jul 11, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
      • Bitdefender
      • Panda Scan
      • HijackThis
    .
     
    chaslang, Jul 12, 2006
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    After completing the instructions in my last message, do the below very quick scan too.

    Now run the below procedure and attach the newfiles.txt log.
     
    chaslang, Jul 12, 2006
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds