Ad Aware & Spybot problem

MadGamer · 27-07-2004, 17:43

Ok, i just recently did a scan with Ad Aware 6.0 and Spybot S&D and found some unusual results. I found Top Moxie which was a reg entry and VX2 which was a file. Both of these were Data Minor Files and one was located within the following directory.

Quote:

Vendor: VX2 Category: Data Miner Object Type: File Size: 65536 Bytes Location: c:\windows\system32\bdlz4012.exe

The other is as follows:

Quote:

Vendor: Top Moxie Category: Data Miner Object Type: Reg Key Size: - Location: Software/Microsoft/Internet Explorer/Menu EXT/Web Rebates/

I then found an entry within Spybot S&D which is in the follwoing file attached.

Ok when i try and delete this also my Firewall (ZA) Reports that an installer is trying to gain access. Cant give you the name as i have deleted the entry from the firewalls program menu.

Ramrod · 27-07-2004, 18:35

Nope, can't help you there m8. Sorry

You need someone more knowledgeable than me

paulyoung666 · 27-07-2004, 18:44

can you right click and delete the exe file ??????????

MadGamer · 27-07-2004, 18:49

Thats the thing i dont know where it is. I could try doing a search for it though.

Tezcatlipoca · 27-07-2004, 18:54

Erm, doesn't your first post say where it is?

Quote:

c:\windows\system32\bdlz4012.exe

Or do you mean the installer?

Anyway.

Is c:\windows\system32\bdlz4012.exe running in the background? Can you kill the process & then delete it?

Try booting into Safe Mode (F8 when you turn the PC on / boot up), & then running AdAware, SpyBot, etc.

paulyoung666 · 27-07-2004, 18:58

Quote:

Originally Posted by Matt D

Erm, doesn't your first post say where it is?

Or do you mean the installer?

Anyway.

Is c:\windows\system32\bdlz4012.exe running in the background? Can you kill the process & then delete it?

Try booting into Safe Mode (F8 when you turn the PC on / boot up), & then running AdAware, SpyBot, etc.

i was wondering that as well , safe mode has to be the place to go i reckon , or maybe a quick google about the said file might help

MadGamer · 27-07-2004, 19:36

Ok found the file in the processes menu by the name of webrebates0.exe. It leads to a directory on the C drive as

Quote:

C:\Program Files/Web_Rebates

Also a file in the directory of C:\Windows\PREFETCH

Tezcatlipoca · 27-07-2004, 19:39

Try stopping it & then deleting it (& the Web Rebates directory).

Also, you can safely delete the entire contents of the Prefetch folder (but don't delete the actual folder itself).

As I said above, try scanning while in Safe Mode if you are unable to remove anything.

MadGamer · 27-07-2004, 20:09

Update: I have deleted the pesky spyware but can anyone recommend a prog that deletes entries from starting up?

Tezcatlipoca · 27-07-2004, 20:14

Here's something which will give you info on stuff that runs at start-up:

"Startup Inspector for Windows" - http://www.windowsstartup.com/

MadGamer · 27-07-2004, 20:21

Quote:

Originally Posted by Matt D

Here's something which will give you info on stuff that runs at start-up:

"Startup Inspector for Windows" - http://www.windowsstartup.com/

Thanks for that removed a lot of stuff that didnt need to startup (Looking at the key or legend as we tend to call it) Thread can be closed.

Tezcatlipoca · 27-07-2004, 20:35

Glad it helped.

Thread Closed, as requested.