Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Hijack failed-virus returns on bootup

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 1 posts
While running spybot routinely it came up with IESP2.SpyZM I deleted it its file name is cslnam. On restart it came back. I wrote to Spybot but their email page didnt work to contact them. I went into the registry and removed it manually..it came back. I noticed in many registry files I have an OH NO white and blue icon besides the files that I never saw before. I tried adaware, came up empty. My Nortons Corporate edition didnt see anything. Ive done all my updates. I tried another spyware /malware program and it identifies it as Trojan.Downloader.Ruins. noting in Symantec about that. Google search said it was similar to Trojan.FlushA but when I looked at description of that in Symantec it didnt match. I downloaded A squared start center which is a neat scanner and it identified it as W32/Sdbot worm ftp. I was able to see all kinds of entries which I deleted but all of them came back on reboot. I then downloaded hijack this and ran a full scan and also ran a start run scan. They sent me back 7 pages of data for itmes that were questionable. I deleted just about all of them thru Hijack this and again on start up they all return. I even deleted a Yahoo folder in registry as I dont use Yahoo and Excite, and they also reappear on boot up? I have run these tests in std mode and safe mode. In order to use the pc when I start it I have to delete all these entries all BHo's, etc from hijack this. Even ty to delete 4 files of Fire Daeman svcs they keep returning like every other one.
My adawre SE is updated as is my spybot SD13. I have tried just about everything on the list in here. What ever it is it is putting things in HKLM\Software\<icrosoft\Windows\Current version\URLS...I even deleted the folder and it comes back. I will post a hijack this tomorrow fresh from start up. Any ideas on how to permanently delete this IESP2.SpyZM? Anyone have any similar problems? Appreciate your comments
Heres a recent hijack this analysis http://www.hijackthi...2ccd0a38b7.html ****** On Dec3rd on startup I ran Trend Micro house call..antivirus scan...It found what hijack didnt..1 dialer called DIAL_TIBS in HKLM\Software\Microsoft\current version\policies\explorer\run.. wont let me delete. I am including a hijack this log plus a hijack startuplog plus the above scan..The system keeps reinstalling BHO's System32 mspez.dll 3 identical entries, C\PROGRA1\SPYWAR1\TOOLS\IEDSG.DLL. I have hidden files open but cant find these. Heres my startup from spybot: Labtec Mouse, ok...vp tray symantec ok..MS office ok..mobsync.exe. pls check the hijack report enclosed and its startup and Im worried about the dialer..
I tried to upload the hijack this report here but this site wont permit uplading that text..how do I add the hijack text??? Thanks for your helpAttached File  startuplist.txt   27.79KB   72 downloads

Attached Files

Edited by Dave-Mike, 03 December 2005 - 08:15 AM.

  • 0


Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP