popculturepooka
New member
I may have it under control.
I checked the files that the kapersky scan showed, fed them though viruscan and virustotal and they all had trojans in them.
Funilly, Spyware Quake, like Spy Falcon, tried to mask itself as a legit anti spyware program, and because of that, in its window it showed a list of 'infected' files and reg keys.
However, the infected files and reg keys matched what kapersky mentioned as well as confirming some odd registry things I noted a few days ago while reasearching this issue.
So I first downloaded Killbox.
Then went to safe mode, ran smit and S&D then went into H:/Windows/system32 and used killbox to nail dfrgsrv.exe.
Between S&D and smitrem, nvctrl.exe and mssearnet.exe were already gone.
Also uninstalled Spyware Quake.
On a restart I noticed that killbox nailed all the files I asked it too, but Quake still opened.
I went into regedit and deleted the reg keys that quake istelf gave out (they all matched bad reg edits that other solutions I've seen mentioned, as well as having descriptions refering to spy falcon, vcodec, spyware quake, nvctrl, mssearchnet and dfrgsrv. I deleted them all.
Also uninstalled netscape and deleted them temp files, as it was via netscape that my brother got vcodec.
Also used killbox to delete the other infected files that kapersky revealed.
Did a restart and Spyware Quake didn't open.
Did a once over with S&D and didn't get anything (this time vcodec didnt come up).
Looks clean right now and nothing else has revealed itself.
Might be good too go.
Hopefully.
I checked the files that the kapersky scan showed, fed them though viruscan and virustotal and they all had trojans in them.
Funilly, Spyware Quake, like Spy Falcon, tried to mask itself as a legit anti spyware program, and because of that, in its window it showed a list of 'infected' files and reg keys.
However, the infected files and reg keys matched what kapersky mentioned as well as confirming some odd registry things I noted a few days ago while reasearching this issue.
So I first downloaded Killbox.
Then went to safe mode, ran smit and S&D then went into H:/Windows/system32 and used killbox to nail dfrgsrv.exe.
Between S&D and smitrem, nvctrl.exe and mssearnet.exe were already gone.
Also uninstalled Spyware Quake.
On a restart I noticed that killbox nailed all the files I asked it too, but Quake still opened.
I went into regedit and deleted the reg keys that quake istelf gave out (they all matched bad reg edits that other solutions I've seen mentioned, as well as having descriptions refering to spy falcon, vcodec, spyware quake, nvctrl, mssearchnet and dfrgsrv. I deleted them all.
Also uninstalled netscape and deleted them temp files, as it was via netscape that my brother got vcodec.
Also used killbox to delete the other infected files that kapersky revealed.
Did a restart and Spyware Quake didn't open.
Did a once over with S&D and didn't get anything (this time vcodec didnt come up).
Looks clean right now and nothing else has revealed itself.
Might be good too go.
Hopefully.
