zonealarm found these programs trying to access the internet, and they are spyware. as far as i know they are part of a program called "srchasst" or some sort of searchassistant. the only problem is, i can't find the executables anywhere. i found a directory called "srchasst" in c:\windows, but i can't delete it right now because it is "in use". and ew0 is still trying to access the internet. i removed all traces of srchasst from the harddrive and registry, but the exe is still somewhere on my harddisk.
if windows finder can't locate this file on my computer anywhere, then how does it exist? and how can i get rid of it?
Joined: Thu 05-03-2001 4:00PM Posts: 906 Location: Kansas City
Source: VPN
I guess its too late to ask if you tried just removing it from ControlPanel->AddRemovePrograms. That works on a surprisingly large number of spyware things. If you remove that crap from the Run key of the registry its unlikely it will run anyways so finding it on your drive seems a bit moot.
i did not try that, but now that i looked it isn't listed. when i want to remove spyware i just usually go to my "program files" folder and look for anything suspicious and delete the folder.
one website had a link to "download removal software" all it did was download "spyhunter" or some thing, and then i had to install that. it didn't even find what it claimed it was going to find, and i couldn't remove anything without purchasing the software... i mean come on that is worse than what the spyware people do!
dammit this is starting to piss me off..........
the odd thing is that if i search for "srchasst" or "atiupdate.exe" on google or sarc.com i get hits, but the program trying to run on my computer (ew0.exe) doesn't get any hits on anything i've searched for....
Get HijackThis from the previous post or from http://merijn.org/ (the author's website).
Use HJT to make a log (click Scan, then Save Log) and copy and paste it in a reply. I'll let you know which ones to checkmark for execution.
Yes I've done this before for other people. But if you don't trust me(some stuff will appear; like that child porno program you have running at startup), I can provide you with a list of websites' forums to go to for looking over your HJT log.
Logfile of HijackThis v1.99.0 Scan saved at 8:36:41 PM, on 12/22/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Yes the m09xf.exe needs to go, and
O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\system32\ww67.dll
needs to be removed as well. Its from Adtomi spyware.
Try your best to delete m09xf.exef you can find it.
Also curious as to why in the heck there's Sun Java Console name for msjava.dll, so I'll look into if thats just a fluke or if its spyware too.
And just so the sanity is there: let me know if hijackthis crashed or anything while you were tring to use it, as its sign of something tring to mess with it.
If you haven't yet gotten ahold of spybot: search and destroy or ad-aware, check them out. Be sure to use their update checkers before you actually scan with them.
Users browsing this forum: No registered users and 1 guest
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum
Login
Register
FAQ
Search
