General discussion

Locked

Spyware or Legitimate Program?

By prancer ·
I recently was infected with lop.com spyware through msn messenger plus download. Got rid of it via a program from an u.k site suggested in Wilder's Security Forum site in one of its older threads and uninstalled msn plus.

After this, I still had 2 folders with suspicious folder names & programs in my My computer-Documents and settings-Main user-Appllication data Folder.

They were:

Bits More - one funk.exe, and

win frag peak - base road vga.exe
win frag peak - four live dog tic.exe
win frag peak - memo mfcd.exe
win frag peak - mtcbcywo.exe

Of which onefunk.exe which was in the startup programs was identified as an Omega spyware and removed it by Omega Ripper program.

Win patrol & Internet explorer anti spyware showed memo mfcd.exe as a start up program and base road vga.exe is in my task schedular. Nothing was showing in my 'Task Schedular' except 'Add new Task'. Any way, I have disabled them both via Win patrol.

All these progams are escaping Ad-Aware, Spybot, Spyware blaster, Spyware gauard, AVG Anti virus, HighjackThis, IE Anti Spyware and Win Patrol. My operating system is Windows XP.

I would like help in identifying these as to whether they are legitimate files used by some programs or Spyware and if it is, advise on removing them.

Thanks in advance.

centaur

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by BFilmFan In reply to Spyware or Legitimate Pro ...

Spyware would be my vote. Nuke 'em by booting to a command prompt.

Collapse -

by Info-Safety, LLC In reply to Spyware or Legitimate Pro ...

Funk.exe is a browser hijacker. See http://www3.ca.com/securityadvisor/pest/pest.aspx?id=59266
Mfcd.exe is a trojan downloader. See
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453088296

I suggest that you download spysweeper from webroot.com and run it on your computer until you get a clean scan. You may need to boot into safe mode to remove everything that needs to be deleted.

Good luck.

Craig Herberg

Collapse -

by JimCim In reply to Spyware or Legitimate Pro ...

Hey Centaur,
The first thing that I would do is to check the dates that the files were created. If they wetre created about the same time that you became infected, I would delete them and not even think twice. Here is a link that listed 3 of them as being associated with the Lop program. That also would make me delete them.
http://www.superadblocker.com/P/PROGRAM%20BOOK.EXE-3755.html
(Remove any spaces that mysteriously appear in the link)
The final step would be to go to Moosoft.com and download The Cleaner. It is a 30 day free trial, but that's all you'll probably need it for. It is well worth the money if you need to buy it. It is an excellent Trojan remover and finds many things other programs don't. Don't forget to update the database before you run it. Also, in the options, set it to scan for hidden executables and check compressed files. That's not the exact wording, but it's in the options under the scanning tab. The last thing before you run it is to set the actions to automatically delete. Good luck to you. Jim

Collapse -

by Dark Force In reply to Spyware or Legitimate Pro ...

Centaur -
Doing some searching, it looks like all of these are mal-ware.
You said they were escaping the Ad-Aware, Spybot, etc. Did they find it and not remove it, find it remove it and it returns after a
reboot, or not find it at all?

When I have riun into these, I usually boot to Safe Mode -Command Prompt Only, then manually dig down and remove the folders using the dos window. You can also run your spyware apps by digging down to their program directories.

I have had pretty good luck using HijackThis and Spybot S&amp that way.

Good Luck

Back to Security Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums