c00lguy 0 Posted July 31, 2004 I was downloading a prgram that put spywar on my computer, I got the majority of it deleted, except for 3 files, Comm.dll, WindUpdt.exe, and WinKA.exe... Both the .exe files, continue to restart themselves as soon as I end the process, so I can't seem to delete either 3 of the files, and get rid of them. Please tell me how I can get rid of them... Share this post Link to post
Christianb 8 Posted July 31, 2004 Hi c00lguy, My first recommendation is not to install software that utilizes spyware in the first place. I don't have any software installed that uses spyware. Sure there are a few browser cookies that track me, but aside from that I avoid the heck out of spyware, who wants it? That being said you can remove the spyware with Adaware or there's some other program, I think it's called Spy Bot, and it's supposed to be good too. If you want to do it yourself and not install anything else then I recommend you create a boot disk and delete those files from Dos. If you want to know how to get awesome software that doesn't utilize spyware take a look at SF.net. For an instant messenger have a look at GAIM and for a KaZaA/Napster clone try out eMule. If you want to know any other open-source, free, and spyware-free commercial analogs, just ask . Cheers, Christian Blackburn Share this post Link to post
Sampson 0 Posted July 31, 2004 First, download and install BHO Demon: http://www.majorgeeks.com/download.php?det=3550 This will allow you to remove Browser helpers from IE that may be using these .dll's. Then, if you do not have Ad-aware, download it and install it and run it. The same goes for Spybot. You can find both on Majorgeeks. If these work, you have it made. If not, you have your work cut out for you. So........ Download and install moveonb.exe: http://www.softwarepatch.com/software/moveonboot.html Don't use it yet since it will add a value to Windows Explorer when you right click that will mark a file for deletion when you reboot. The problem is not simply deleting the files but stopping them from being replaced after rebooting. Bring up your Task Manager (Ctrl-Shift-ESC) and look at the processes running. Write them down. Those that you don't recognize type into a Google search to see if they are legitimate or associated with software that you know you are running. If you find that one or several are associated with spyware, click on it and then click on the button to end processes. (Do not reboot) Bring up msconfig (Start-run and type in msconfig) Look through all the tabs but pay special attention to the Start tab. Write down what starts at bootup. Again use Google to search for anything you don't recognize. If somthing comes up as spyware, uncheck that entry. (Don't reboot yet) Go to your registry (Start-Run and type regedit) If you have never done this before, act like you are walking on eggshells because you can cause a lot of misery for yourself if you do things wrong. Anyway, click on find and then type in the files you mentioned above one at a time. Then search again for anything you found when you looked for processes or found in your start. If you find these things and are sure that they are spyware, you can save the keys first (these will be saved in your My Documents folder usually) and then delete the values. Remember, your registry is nothing to fool around with so if you are not sure, don't do anything just write down the key where the value is found. After this, use Windows Explorer, find the files you want to delete and right click on them and use the new value to delete on reboot. Then, reboot If you unchecked an item in msconfig, XP will probably give you a message about your new config not playing according to Hoyle, but reboot anyway. Tell us how it comes out or relay to us some of the questionable stuff you found. BUT, heed what christianb advised. If a product is advertised with Adware - it is spyware (or at least susceptible to exploitation). Don't even think about installing it. If you are going to explore pages that are "risky", install Spywareblaster (its free and will stop a lot of things), but to be sure, shellout a little money and get some proactive protective software like PestPatrol that will try to stop this kind of thing on the fly or be able to detect this stuff on your hard drive and remove it. Share this post Link to post
coppernz 0 Posted August 28, 2004 May be a bit late. Have had the same problem comm.dll, WinKA.exe TrojanDownloader.Win32.Agent.bf Client is running Nortons and it is up to date, full scan found nothing. Every time the PC rebooted/restarted the C:\windows\system32\autoexec.nt got deleted (windows file require for DOS based program). Have installed Kaspersky 4.5 Pro and it fixed it. Total of 8 virus's with 12 body's found. Researched and proved to the virus below. C:\Program Files\WindUpdates\Comm.dll Infected TrojanDownloader.Win32.Agent.bf <cd0000.0.e> C:\Program Files\WindUpdates\Comm.dll Deleted TrojanDownloader.Win32.Agent.bf <d10000.0.d> C:\Program Files\WindUpdates\WinKA.exe Infected TrojanDownloader.Win32.Agent.bf <cd0000.0.e> C:\Program Files\WindUpdates\WinKA.exe Deleted TrojanDownloader.Win32.Agent.bf <d10000.0.d> Share this post Link to post