Greetings

When I run Spybot 1.4 there is a 2 entry called wget. I have tried deleting it but it all ways comes back. I have looked into the archives and find someone had the same problem. I tried the reg import but nothing happens it still appears. Do you know how to get rid of this.

Thank you
T

Hello,


Did you already downloaded the latest detection updates?

Best regards
Sandra
Team Spybot

Hi Sandra
Thanks for the quick reply Sandra.

Yes I have already update detection list, but still reappears when i try to delete the entrys. It appears again when i reboot the system.

Fake.Wget: Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-1177238915-1647877149-725345543-1004\Software\Wget

Fake.Wget: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Wget

These are the 2 entrys that I can't seem to get rid of.

Thank you
T

I've got the same problem and did not manage to get rid of it either.
(Copied the results to below), and attached hijackthis file as well

--- Search result list ---
Windows Security Center.FirewallOverride: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride!=dword:0

Fake.Wget: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2612498688-3429490930-300153696-1006\Software\Wget

Fake.Wget: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Wget


These are the 2 entrys that I can't seem to get rid of either.
Please advice,

MP

I had the same entries as Tommy12. Run msconfig to see if dllhost.exe is loading at startup.I d/l and ran Trojan Hunter and it found the registry entries and the file causing the problem. It was dllhost.exe found in windows/system32. You should be aware than the invalid dllhost.exe file was 108kb whereas a valid dllhost.exe is 5kb
The trojan downloader is also known as bifrost 100 and bifrose 100
Run spybot to remove any remaining fake.wget after you have allowed Trojan Hunter to clean the infections