Anoying spayware 2

[enDomino]

Hi all, I'm suffering an anoying spyware very difficult to get rid of ... Of course anti-spyware does not remove it.
I will explain the way it is working:
1.- There is a process in the background with a random name, for example its name now is: ahiglz.exe, whatever the name it is always in c:\windows\system32 folder
2.- If I kill the process, another process appear with a random name as well, also when it dies, it creates a new entry in the regedit so next time the system starts, the process will be executed
3.- This process has been launch by "explorer.exe" process always, at least it is the "father" process
4.- The exe always has the same size: 83.456 bytes despite the random name

I've tried several things without success:
1.- Remove the entry in the regedit and remove rights in it in order not to created new entries, starts windows in a safe mode and delete the exe file
2.- Rename the exe

I think that explorer.exe is the process that is "infected" but I'm not sure and I don't know how to solve this
Has it happend to any of you?

Thanks in advance

 

[BIS]

Hi,

Go to forum760 and take a look at the faq. If that does not help, try posting there.

 

[linney]

There is a procedure described by forum member "Option^Explicit" at the end of this post which is specifically tailored for these random generating hard to kill exploits. Have a look at it, I have included the links at the end of that post to programs that are mentioned.

problems with IE and explorer
thread779-1049037


Removing adware & spyware
faq608-4650

 

[Seumas13]

Check in MSConfig (Startup Tab) to see if there is anything suspicious in there.

Also check the C:\Windows\prefetch for a file the same size as your problem-child.

Good Luck!

Seumas.