Spyware loading on startup...

M

Mike521

Guest
Couple questions about some spyware, if someone could help me out it'd be much appreciated..

OK I had this spyware file called "flt.dll" in Program Files\Flt
It was running on startup automatically. Normally I am very anal about what runs on startup, and I use MSconfig and uncheck almost everything thats not essential, in the startup and services sections. I also check the registry for startup areas, and of course the start menu startup folder.
But somehow this file was loading on startup, cause I couldn't delete it without restarting in safe mode and removing it, cause it was in use. So my question is, how was this program loading itself? where did it put a reference to itself in my startup files? I'd like to check this area for other crap that I don't want loading. Any ideas?


dammit I had another question but now I can't remember it. oh well. can anyone help me with this one?
 
"flt.dll" is a BHO (browser helper object). They are located in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
The way to remove this special one (seems you have got the newest version, not yet detected by adaware or spybot) is to open the run dialogue and type in:
regsvr32 /u "C:\Program Files\flt\flt.dll"
to unregister it, you can delete the file then.
There is a little program called BHOdemon which lets you control BHOs.
 
Don't forget you have more than one startup folder! It may have creeped into one of the alternatives.
Mine for example are
C:\Documents and Settings\Gothic\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
and
C:\Documents and Settings\Default User\Start Menu\Programs\Startup

And I have often found nasty little unwanted programmes hiding in the Default users startup folder.
The same goes for the registry 'Run' areas. Get yourself 'Registry Crawler' from
http://www.4dev.com and check for ALL instances of Run, RunOnce, RunServices etc. you'd be suprised at how many there are.
 
Such things happen.... that Registry Crawler looks very interesting.
 
'bout the best tool for searching and editing the registry, very fast!!

TOK
 
Indeed, tried it a few minutes ago - 700 search results in no time, regedit would be still busy. You should post it in Dealer's 'great comm. programs..' thread. Very good find.
 
cool thanks for the tips guys I really appreciate it!

I don't use spybot but I use ad-aware. Ad-aware DID find the flt.dll file, but it was unable to remove it cause the file was in use.

I had heard of a way to delete files like that, by killing explorer, deleting it, then restarting explorer, but that sounded like a pain in the ass to me so I didn't bother looking for info on how to do it, I just went into safe mode.
But that tip about using regserv is great, I didn't know you could do that, I'll keep that in mind for the future.

So this "browser helper object" is loaded with explorer then? It was causing me to get pop up ads whenever I went to gamefaqs.com, but the popups were blank cause my ad blocker software blanked out the image. The webmaster at gamefaqs.com heard about it and posted that it was advertising porn though. I was just pissed that my pop-up blocker wasn't stopping it.

Anyway thanks again for the advice, and I'll definitely check out those programs you guys listed, I'm getting sick of manually running through regedit for all this stuff.


Oh one other question I had--howcome I couldn't see this thing in my process viewer? was it just a thread inside IE, and therefore not specifically listed there?
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back