• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Spyware loading on startup...

M

Mike521

Guest
#1
Couple questions about some spyware, if someone could help me out it'd be much appreciated..

OK I had this spyware file called "flt.dll" in Program Files\Flt
It was running on startup automatically. Normally I am very anal about what runs on startup, and I use MSconfig and uncheck almost everything thats not essential, in the startup and services sections. I also check the registry for startup areas, and of course the start menu startup folder.
But somehow this file was loading on startup, cause I couldn't delete it without restarting in safe mode and removing it, cause it was in use. So my question is, how was this program loading itself? where did it put a reference to itself in my startup files? I'd like to check this area for other crap that I don't want loading. Any ideas?


dammit I had another question but now I can't remember it. oh well. can anyone help me with this one?
 

yoyo

_________________
#2
"flt.dll" is a BHO (browser helper object). They are located in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
The way to remove this special one (seems you have got the newest version, not yet detected by adaware or spybot) is to open the run dialogue and type in:
regsvr32 /u "C:\Program Files\flt\flt.dll"
to unregister it, you can delete the file then.
There is a little program called BHOdemon which lets you control BHOs.
 
#3
Don't forget you have more than one startup folder! It may have creeped into one of the alternatives.
Mine for example are
C:\Documents and Settings\Gothic\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
and
C:\Documents and Settings\Default User\Start Menu\Programs\Startup

And I have often found nasty little unwanted programmes hiding in the Default users startup folder.
The same goes for the registry 'Run' areas. Get yourself 'Registry Crawler' from
http://www.4dev.com and check for ALL instances of Run, RunOnce, RunServices etc. you'd be suprised at how many there are.
 

yoyo

_________________
#7
Indeed, tried it a few minutes ago - 700 search results in no time, regedit would be still busy. You should post it in Dealer's 'great comm. programs..' thread. Very good find.
 
M

Mike521

Guest
#8
cool thanks for the tips guys I really appreciate it!

I don't use spybot but I use ad-aware. Ad-aware DID find the flt.dll file, but it was unable to remove it cause the file was in use.

I had heard of a way to delete files like that, by killing explorer, deleting it, then restarting explorer, but that sounded like a pain in the ass to me so I didn't bother looking for info on how to do it, I just went into safe mode.
But that tip about using regserv is great, I didn't know you could do that, I'll keep that in mind for the future.

So this "browser helper object" is loaded with explorer then? It was causing me to get pop up ads whenever I went to gamefaqs.com, but the popups were blank cause my ad blocker software blanked out the image. The webmaster at gamefaqs.com heard about it and posted that it was advertising porn though. I was just pissed that my pop-up blocker wasn't stopping it.

Anyway thanks again for the advice, and I'll definitely check out those programs you guys listed, I'm getting sick of manually running through regedit for all this stuff.


Oh one other question I had--howcome I couldn't see this thing in my process viewer? was it just a thread inside IE, and therefore not specifically listed there?
 

Members online

Latest posts

Latest profile posts

Perris Calderon wrote on Electronic Punk's profile.
Ep, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there https://tinyurl.com/ycpxl
Electronic Punk wrote on Perris Calderon's profile.
All good still mate?
Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,962
Messages
673,240
Members
89,017
Latest member
keithgonzaal