disQworld :: View topic - mailskinner.trk

Register :: Profile :: FAQ :: Search :: Memberlist :: Log in to check your private messages :: Links :: Chat Room :: Courthouse :: Log in

Happy New Year to all on Disqworld! 2009 and still going strong!

disQworld Forum Index

The time now is 09-01-2009

disQworld Forum Index -> Anti-Virus & Security

mailskinner.trk

Author

Thread

hellogreg
Guru

off-worlder

Joined: 28 May 2003
Posts: 656

mailskinner.trk

having few probs recently ran spybot in safe mode and this was discovered and supposed to have been removed but when i rechecked its still there anybody got any ideas ?
_________________
My Refs
Any backups supplied/purchased by me are done on the understanding you/I own the original or they must be destroyed within 24 hours.

*** Discount on discs? Logon to DiskDepot with - username: disqworld password: diskdepot ***

28-04-2008

aktiv8
Guru

Gender:

Joined: 16 Jun 2005
Posts: 747
Location: Cardiff

what tells you its still there?

Read a few things ont eh net and suggests that spybot throws up some confusion with similar files whihc are part of Kaspersky AV!

If this is not the case and spybot doesnt do the job then try this program

http://virusinfo.prevx.com/pxparall.asp?PXC=d9ae79236303

or if you don't want that or wish to try manual removal try the following:

code:

In Safe mode:

Delete the fiels and directory:

%ProgramFiles%\MailSkinner\ (MailSkinner.exe, OESkinner.dll, and OLSkinner.dll)

delete from:

%windows%\system32\

these files: msegcompid.dll, msclock32.jpg and axsetup.dll

Kill the following registry keys:

* HKEY_CURRENT_USER\Software\epk_extr
* HKEY_CURRENT_USER\Software\exts
* HKEY_CURRENT_USER\Software\exts\{8E09CB72-3143-4414-A1C2-63E9C0438472}
* HKEY_CURRENT_USER\Software\MailSkinner
* HKEY_CURRENT_USER\Software\Microsoft\Installer
* HKEY_CURRENT_USER\Software\Microsoft\Installer\Features
* HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\
96FF640DA68D6C24EAF73B276C0844D6
* HKEY_CURRENT_USER\Software\Microsoft\Installer\UpgradeCodes\
589C136F0E6FCEA4FAC5EFBABA79F5A0
* HKEY_CLASSES_ROOT\CLSID\{180B4EE9-1795-4429-9651-F17A6515726D}
* HKEY_CLASSES_ROOT\Interface\{0A089E22-5736-4092-B3F8-3F0D5F345482}
* HKEY_CLASSES_ROOT\OutlookAddin.Addin
* HKEY_CLASSES_ROOT\OutlookAddin.Addin.1
* HKEY_CLASSES_ROOT\TypeLib\{5BAD7FAE-81F0-4439-8C1A-3E8907998047}
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\
OutlookAddin.Addin
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\
UpgradeCodes\589C136F0E6FCEA4FAC5EFBABA79F5A0
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\{D046FF69-D86A-42C6-AE7F-B372C680446D}

The trojan will also try to connect to:

http://www.security-udpater.com

So block wthis site in IE/Firefox/Peerguardian etc

Another guide to remove it is HERE (Symantec)
_________________
>>> Aktiv8 <<<
-----------------------------------------------------------
No discs supplied!

*** Discount on discs? Logon to DiskDepot with - username: disqworld password: diskdepot ***

28-04-2008

hellogreg
Guru

off-worlder

Joined: 28 May 2003
Posts: 656

thanx

many thanx m8 giving it a go now .....
_________________
My Refs
Any backups supplied/purchased by me are done on the understanding you/I own the original or they must be destroyed within 24 hours.

*** Discount on discs? Logon to DiskDepot with - username: disqworld password: diskdepot ***

29-04-2008

Display posts from previous:

Jump to:

< Last Thread | Next Thread >

Forum Rules:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /usr/www/users/disq/forums/includes/page_tail.php on line 39