While running spybot routinely it came up with IESP2.SpyZM I deleted it its file name is cslnam. On restart it came back. I wrote to Spybot but their email page didnt work to contact them. I went into the registry and removed it manually..it came back. I noticed in many registry files I have an OH NO white and blue icon besides the files that I never saw before. I tried adaware, came up empty. My Nortons Corporate edition didnt see anything. Ive done all my updates. I tried another spyware /malware program and it identifies it as Trojan.Downloader.Ruins. noting in Symantec about that. Google search said it was similar to Trojan.FlushA but when I looked at description of that in Symantec it didnt match. I downloaded A squared start center which is a neat scanner and it identified it as W32/Sdbot worm ftp. I was able to see all kinds of entries which I deleted but all of them came back on reboot. I then downloaded hijack this and ran a full scan and also ran a start run scan. They sent me back 7 pages of data for itmes that were questionable. I deleted just about all of them thru Hijack this and again on start up they all return. I even deleted a Yahoo folder in registry as I dont use Yahoo and Excite, and they also reappear on boot up? I have run these tests in std mode and safe mode. In order to use the pc when I start it I have to delete all these entries all BHo's, etc from hijack this. Even ty to delete 4 files of Fire Daeman svcs they keep returning like every other one.
My adawre SE is updated as is my spybot SD13. I have tried just about everything on the list in here. What ever it is it is putting things in HKLM\Software\<icrosoft\Windows\Current version\URLS...I even deleted the folder and it comes back. I will post a hijack this tomorrow fresh from start up. Any ideas on how to permanently delete this IESP2.SpyZM? Anyone have any similar problems? Appreciate your comments
Heres a recent hijack this analysis
http://www.hijackthi...2ccd0a38b7.html ****** On Dec3rd on startup I ran Trend Micro house call..antivirus scan...It found what hijack didnt..1 dialer called DIAL_TIBS in HKLM\Software\Microsoft\current version\policies\explorer\run.. wont let me delete. I am including a hijack this log plus a hijack startuplog plus the above scan..The system keeps reinstalling BHO's System32 mspez.dll 3 identical entries, C\PROGRA1\SPYWAR1\TOOLS\IEDSG.DLL. I have hidden files open but cant find these. Heres my startup from spybot: Labtec Mouse, ok...vp tray symantec ok..MS office ok..mobsync.exe. pls check the hijack report enclosed and its startup and Im worried about the dialer..
I tried to upload the hijack this report here but this site wont permit uplading that text..how do I add the hijack text??? Thanks for your help
startuplist.txt 27.79KB
110 downloads
Edited by Dave-Mike, 03 December 2005 - 08:15 AM.