![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
denI let a kid on my system to "look for game cheats." As soon as I left the room he surfed for porn and something (not Gater or Kaza) installed on my system. There were a bunch of icons for porn, adult material, free music etc on my desktop.
But
Something has installed into my registry that kicks off a little thinky in my systray. It calls itself "Music Search Online" but clicking on it takes me to a hard-core porn site. I CAN'T GET RID OF IT!
Every time I boot windows something in the regsitry kicks off and creates a *random_name*.TPM file in the windws/temp dir, and runs THAT. I can't find the reg key! dammit! I really don't want to delete system.dat and user.dat and reload windows again. What a pain in the arse.
Any gurus out there?
actually, I might del the registry. It's badly bloated.
But
Something has installed into my registry that kicks off a little thinky in my systray. It calls itself "Music Search Online" but clicking on it takes me to a hard-core porn site. I CAN'T GET RID OF IT!
Every time I boot windows something in the regsitry kicks off and creates a *random_name*.TPM file in the windws/temp dir, and runs THAT. I can't find the reg key! dammit! I really don't want to delete system.dat and user.dat and reload windows again. What a pain in the arse.
Any gurus out there?
actually, I might del the registry. It's badly bloated.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
salvation
Date: 3 Dec 2002 07:10 (UTC)Re: salvation
Date: 3 Dec 2002 14:12 (UTC)http://www.spyware.co.uk/downloads.shtml
Here's another site, but their database didn't find anything:
http://www.spychecker.com/
Since you've already been tinkering around in the registry, you might want to check (although it sounds like you've already done this) all of the startup keys (including Run, Run- , RunOnce, RunServices, RunServicesOnce). Also get a good process checker, and look up everything you're unsure about. Start killing process one by one, and same with stuff in your start up keys. Even this trial and error might not get it. Like you said, it could be buried somewhere else.
Frustrating, I know.
Since I don't have it, I can't play with it, if you find a copy let me know. Maybe I'll get brave and do some self-experimenting (self-mutilation?), as my system is really clean and I'd recognize anything new right away (maybe). Good luck!
Re: salvation
Date: 3 Dec 2002 14:43 (UTC)When windows is started emylthro.exe is executed and resides in mem. All it does is set the homepage on IE to a porn site, and create in /windows/temp a .tmp file with a random name like hxvc7391.TMP They were always llllnnn.TMP Emylthro.exe stayed resident in mem but did nothing after it executed the .TMP. This .tmp created an icon in the systray called Music Search Online, but actually linked to a hard-core porn site. I connected once to see where it took me, but hit the LOCK switch on ZoneAlarm as soon as it started asking to upload some more s/ware. I set the firewall to deny the Music Search Online access to all networks. Proxomitron killed all the popups and ads so I don't know how many there were, but I expect the site is popoup central.
anyway. That's the story. Time to run regclean. Again.
by the way...
Date: 3 Dec 2002 15:13 (UTC)oushfa "C:\WINDOWS\APPLIC~1\emylthro.exe-QuieT"
Unfortunately I killed it all last night so I have nothing to send you.
Re: salvation
Date: 3 Dec 2002 15:02 (UTC)