Results 1 to 2 of 2

Thread: a New one

  1. #1
    Junior Member
    Join Date
    Oct 2005

    Default a New one

    First, sorry for the cross post, I just realized that there was a dedicated forum for this ...
    Here is a new adware, that is not yet detected by spybot...

    A guess it's from
    it runs in randomly time, the following path
    "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" hxxx://{9364E9EC-BFF4-77E5-47C9-BE1559C316B5}&type=normal&mSkip=1&rnd=20448

    which opens a popup with such url : hxxp://

    Creates randomly file in windows\system32
    (currently: dnwave.dll, kt0ml7d11.dll, lvp4097qe.dll, h2l2lc3o1f.dll...)
    Size about 234.751 to 235.858
    Add a registry entry in winlogin with (NetCache or Shell) as key and one of the dll as value.
    - When I try to delete it (registry entry), it's back in 1 or 2 sec.
    - When I add the to hosts file, entry in file is deleted after 1 or 2 sec.
    - Safe mode doesn't work, still loaded.
    - regmon/filemon from systinternals don't work anymore since that crap is installed.
    - Last SBot update doesn't detect it... (although it discover tsr something that has been installed in the same time as this ad-w-a-r-e...).

    Any help would be welcome...


    Urls disabled
    Last edited by tashi; 2005-10-27 at 19:28.

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005


    Hi there.
    Please see responses here:

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts