That thing is some NASTY spyware.
I had to download something called ComboFix.exe to get rid of it.
Not my machine--just a co-worker.
This thing has an un-install in Add/Remove programs, but it never goes away. It installs a search/toolbar in IE, restarts on re-boot, and wraps itself into the registry. Killing processes doesn't work. It slows down the machine, blocks access to the internet.
I think it is someone's idea of a rootkit or zombie tool.
Just thought I'd share the fix. The co-worker says he has no idea how he got it. Walked away, came back, pop-up windows everywhere.
Sure. That's how the dead chicken porn ended up on my laptop.
July 18th, 2007 11:40am
Use the Search feature to check if your computer has a file called KRNL386.EXE installed. And delete all copies that you find (you may have to make a DOS boot disk and boot then delete using that).
KRNL stands for Krazy Rootkit Now Loaded, and can damage your computer as well as installing pr0n.
Be sure to delete it!
July 18th, 2007 2:18pm
Funny, that's on my computer, in \Windows\System32, dated 8/4/2004.
I think that's a core file of the operating system, and you delete it at your peril.
July 18th, 2007 3:06pm
> Funny, that's on my computer, in \Windows\System32, dated 8/4/2004.
OMG, you've been infected for more than 3 years!
> I think that's a core file of the operating system, and you delete it at your peril.
That's what they want you to believe! Delete it now!
Since you've been infected for so long, they have probably have built up a spyware database on your computer that will eventually be used for identity theft. You will probably find files in the same folder on your computer called GDI.DLL or GDI32.EXE (GDI stands for Global Database for Identity theft). Delete these files too.
July 18th, 2007 3:55pm
Yeah. First principles -- never believe stuff told you by anonymous.
The "Windows OS" is basically implemented by three exe files -- The Kernel (KRNL386), the User, and the GDI (Graphics Document Interface, I think).
But Mr. 'blank' here sure is having fun.
July 18th, 2007 4:01pm
> Yeah. First principles -- never believe stuff told you by anonymous
And a nick like "SaveTheHubble" isn't anonymous?
Post your name, address and social security number, or there's no reason to believe you either.
If you have a file called USER.EXE or USER32.DLL (or both), be sure to delete that too. That stands for "Universal Spyware Exchange Resource" and it's just as bad as it sounds.
July 18th, 2007 4:06pm
Your joke wasn't even funny the first time, dipshit.
July 18th, 2007 4:29pm