Results 1 to 5 of 5

Thread: apopos spyware keeps coming back after removal

  1. #1
    Friendly Neighborhood Super Moderator phishhead's Avatar
    Join Date
    Apr 2002
    Location
    San Diego, Ca.
    Posts
    3,622

    apopos spyware keeps coming back after removal

    hey guys got a strange one. my very good co-worker's sister keeps getting this pop up from ms antispyware that it finds and deletes this. I've tried cwshredder, ms anti-spyware, spybot. finds it then deletes it. did it in safemode without LAN connection.
    but after awhile comes right back. I've did a search to del manually, but the services, dll, or files are not in the system or in the registry to del.

    anyone got a magic pill that will work on it.



  2. #2
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,735
    I can order the blue magic pills over the weekend Phish...

    This doesnt look good:

    "A secret or undocumented means of getting into a computer system, or software that uses such a means to penetrate a system."

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run


    If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run autoupdater , delete it and reboot the machine immediately.

    If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run autoupdater "c:\program files\autoupdate\autoupdate.exe", delete it and reboot the machine immediately.

    If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\autoloaderaproposclient, delete it and reboot the machine immediately.

    If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\autoloadertw011aklknla, delete it and reboot the machine immediately.

    If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\autoupdater, delete it and reboot the machine immediately.

    If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\pm7r36p, delete it and reboot the machine immediately.


    unregister these dlls
    cxtpls.dll
    proxystub.dll

    dude, there are heaps more files and crap etc in c:\windwos and system etc etc....

    Really looks like a format job... hey, at least you get more time at home

    --- 0wN3D by 3gG ---

  3. #3
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    http://esd.element5.com/publisher/50...r/FixAprop.exe

    Removal tool from Symantec - may work.

    Otherwise post HijackThis log and we have the technology to help you.
    I'm using Windows 7 - you got a problem with that?

  4. #4
    Platinum+ Member
    Join Date
    Nov 2004
    Location
    India
    Posts
    684
    Why not use System Restore?

  5. #5
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,415
    Reformat. Like everyone always tells me. Unless it's just a cookie - those always come back just by visiting this one message board I go to.

    **edit - that's a browser helper object. Yeah, you can use Hijack this or maybe winpatrol will remove it and keep an eye on it. Winpatrol and other like (registry watchers) - won't allow a BHO unless I allow it.

    I'm not sure why I'm unable to get to this site but it shows how to: http://66.102.7.104/search?q=cache:M...&hl=en&start=7


    Apropos.bho manual removal:
    Delete registry values:
    'HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB}
    'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows CurrentVersion \ Explorer \ Browser Helper Objects \ {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB}'

    Delete directories:
    \APROPOSCLIENT
    Full name: Apropos.bho

    Type: Adware

    Related files: APROPOSPLUGIN.DLL

    Severity scale: Apropos.bho severity scale is 23 Apropos.bho severity scale is 23 Apropos.bho severity scale is 23 Apropos.bho severity scale is 23 Apropos.bho severity scale is 23 Apropos.bho severity scale is 23 Apropos.bho severity scale is 23 Apropos.bho severity scale is 23 Apropos.bho severity scale is 23 Apropos.bho severity scale is 23 (23 / 100)

    Apropos.bho description: Apropos.bho is a browser helper object, variant of the PeopleOnPage software.
    Apropos Ads may be displayed in a variety of formats including:
    -- Pop-Up or Pop-Under Windows which will appear as windows on top of or beneath other windows on the computer screen.
    -- Sliding Skyscraper Windows which will appear as sliding images displayed over POP! content.

    Download URL: h**p://www.peopleonpage.com/download.html-don't go there!

    Apropos.bho properties:
    Changes browser settings
    Hides from the user
    Stays resident in background
    Last edited by lynchknot; May 12th, 2005 at 17:13 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •