To get rid of this thing, just delete the registry keys you found, and delete ALL the files modified on this date except kernel32.dll. It seems likely that this is intentional, to distract attention from the files. This happens to be the same date as kernel32.dll. There were a bunch of files with the same modification date ( 6:55:01 AM). "C:\windows\system32\audotend.dll" and "c:\windows\system32\calitzip.dll"ģ) Sort C:\windows\system32 by date. Expand the key, and in the InprocServer32 subkey you will see the default value with a process name. Search the registry for the hex CLSID (minus the curly braces) to find out what processes these things start. I suspect these will be random, in my case there were two suspicious looking keys: "olekenot" and "sapumtab". This key contains services that will start upon boot (in addition to Run and RunOnce, the usual places). HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ ShellServiceObjectDelayLoad It is possible to change the keys used to any combination of CTRL, SHIFT, ALT or WINDOWS, so this might not be the best use of time if nothing comes easily. Just try CTRL-ALT-SHIFT- and you should get a dialog that ways "Logon - Password" and "Enter Password". CTRL-ALT-SHIFT-S is the default, but it can be changed. I had to figure it out the hard way.ġ) You can access Spector using a multiple key combination. It's not really that hard to detect and remove, but google turns up a lot of very old and not relevant data. For some reason, there is very little good information about recent versions of Spector Pro on the internet. Recently, I was faced with removing an unwanted spyware program, Spector Pro 6.0, from a computer. So if it works or doesn't work, let us know. The author has expressed an interest in continuing development on this application to support future releases of Spector Pro if there's enough interest. Since I have long since wiped this off my machine I also can't say how well it works (that is, it didn't find anything on my PC to remove), but I welcome feedback from others here. I provide no guarantees as to it's useability, but I have run it, and it seems legitimate. One of the commenters (below) has agreed to have his Spector Pro 6 detection/removal tool made available to the public here. I will post any updates to the software or other information as provided by the author. Note that it has not been tested with Spector Pro 2009, but it seems likely it won't work with the new version.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |