Edmond.exe DesktopSearch
I have a problem and have been unable to uninstall the files and desktop search. Desktop search has been embedded in the startup menu. I can end the process, however, it reboots itself and reinstalls other problem malware that I can not clean with my anti spyware programs. My symantec virus protection indicates the following... trojan located in windows / isrvs folder. The program file for the desktop search application is in there.
Also there is an application for edmond.exe which is an infected file. I can not uninstall the program and also can not delete it as access is denied. The other files in the isrvs folder are msdbhk.dll, sysupd.dll, mfiltis.dll, an application called ffisearch, and isearch.xpi. I donīt know if there are other files that have been overwritten in other locations that are regenerating these files or if some of these files are legitimate files in a legitimate isrvs folder, but I want them gone.
This DesktopSearch is classified as Lo thuong Spyware. Lo Thuong displays popup / popunder ads when the primary user interface is not visible or which do not appear to be associates with the product. Here is the procedure to eliminate this nuisance.
Try to terminate these running processes with Task Manager:
-
desktop.exe
-
edmond.exe
-
ffisearch.exe
Remove these keys from the "HijackThis" log:
R3 - Default URLSearchHook is missing
O2 - BHO: ohb - {285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} - C: \ WINDOWS \ system32 \ hsrb.dll (file missing)
O4 - HKLM \ .. \ Run: [Desktop Search] C: \ WINDOWS \ isrvs \ desktop.exe
O4 - HKLM \ .. \ Run: [ffis] C: \ WINDOWS \ isrvs \ ffisearch.exe
O4 - HKLM \ .. \ Run: [zztrgv] c: \ windows \ system32 \ zztrgv.exe
O4 - HKCU \ .. \ Run: [eopmRWd2j] sdpemgmt.exe
O18 - Filter: text / html - {950238FB-C706-4791-8674-4D429F85897E} - C: \ WINDOWS \ isrvs \ mfiltis.dll
Unregister these DLLs with Regsvr32, then reboot:
regsvr32 / u %systemroot% \ isrvs \ mfiltis.dll
regsvr32 / u %systemroot% \ isrvs \ msdbhk.dll
regsvr32 / u %systemroot% \ isrvs \ sysupd.dll
Remove Autorun Reference with RegEdit:
Go To the key HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Run. If you find the value HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ run \ desktop search, delete it and reboot the machine immediately. If you find the value HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ run \ ffis, delete it and reboot the machine immediately.
Remove these registry items (if present) with RegEdit:
HKEY_CLASSES_ROOT \ clsid \ {5b4ab8e2-6dc5-477a-b637-bf3c1a2e5993}
HKEY_CLASSES_ROOT \ clsid \ {950238fb-c706-4791-8674-4d429f85897e}
HKEY_CLASSES_ROOT \ mfiltis
HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ policies \ ext \ clsid \ {5b4ab8e2-6dc5-477a-b637-bf3c1a2e5993}
HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ run \ desktop search
HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ currentversion \ run \ ffis
HKEY_LOCAL_MACHINE \ system \ currentcontrolset \ services \ delprot
Remove these files (if present) with Windows Explorer:
desktopdir+ \ anal exploits.url
desktopdir+ \ big dick school for 2.95.url
desktopdir+ \ evidence eraser.lnk
desktopdir+ \ popup blocker stops popups.lnk
desktopdir+ \ spyware avenger.lnk
desktopdir+ \ virus hunter security.lnk
desktopdir+ \ your platinum visa.lnk
systemroot+ \ delprot.ini
systemroot+ \ delprot.log
systemroot+ \ isrvs \ desktop.exe
systemroot+ \ isrvs \ edmond.exe
systemroot+ \ isrvs \ ffisearch.exe
systemroot+ \ isrvs \ isearch.xpi
systemroot+ \ isrvs \ mfiltis.dll
systemroot+ \ isrvs \ msdbhk.dll
systemroot+ \ isrvs \ sysupd.dll
Remove these directories (if present) with Windows Explorer:
systemroot+ \ isrvs
|
Post your comment