crypkey is it spyware?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

carol perez

Thread Starter
Joined
Apr 17, 2004
Messages
15
I am running XP and recently I went to a site and got the peper trojan and a few other trojans which were detected in Kephyr.com. I removed them and then purchased Spyhunter and also run Adaware. So now I scan with Adaware, Norton, Spyhunter and Bazooka. Since the trojan my coimputer is running very slow. In Spyhunter I have deleted several files....but it keeps telling me I have the Crypkey crypserv.exe file and that it should be deleted. For some reason I am not sure if I should delete that file. Is it okay to delete it?? :confused:
 
Joined
Mar 8, 2004
Messages
2,326
Do you use Crypkey software security?If not it should be safe to delete it but I would first check in add/remove and uninstall it there.

Just a note,but before running ANY scan for virus,trojan,worm etc. you should ALWAYS turn off System Restore as copies of everything you are trying to get rid of are in System Restore just waiting for you to put them back where they came from in the first place.

Another good thing to do before running the scans is to clear out your TIF and other temp files.
In Internet Options, under the General tab click the Delete temporary internet files, choose to delete all Offline content.
Also, go to Start - Search - Files or folders - in the named box, type: *.tmp and choose Edit - select all - File - delete.
Empty the contents of the C:\Windows\temp folder and C:\temp folder, if you have one. Empty Recycle bin.

Once you have cleaned your system and have it running the way it should,turn System Restore back on.
 

carol perez

Thread Starter
Joined
Apr 17, 2004
Messages
15
rude said:
Do you use Crypkey software security?If not it should be safe to delete it but I would first check in add/remove and uninstall it there.

Just a note,but before running ANY scan for virus,trojan,worm etc. you should ALWAYS turn off System Restore as copies of everything you are trying to get rid of are in System Restore just waiting for you to put them back where they came from in the first place.

Another good thing to do before running the scans is to clear out your TIF and other temp files.
In Internet Options, under the General tab click the Delete temporary internet files, choose to delete all Offline content.
Also, go to Start - Search - Files or folders - in the named box, type: *.tmp and choose Edit - select all - File - delete.
Empty the contents of the C:\Windows\temp folder and C:\temp folder, if you have one. Empty Recycle bin.

Once you have cleaned your system and have it running the way it should,turn System Restore back on.
Thank you...I have this little program called Winclean and used it to delete all the temporary files... .bak .old .tmp etc. Then I turned off the System Restore....Hmmm wonder if the trojans are lurking in there. Anyway I am about to delete the crypserv.exe file as soon as the scan turns it up again.
 
Joined
Feb 23, 2003
Messages
16,274
First please get Spybot S&D to clear out most of the spyware.

Short tutorial and download link here:
http://tomcoyote.org/SPYBOT/

Fix everything SpybotSD labels in red.

Then after reboot:
Download 'Hijack This!'. http://www.tomcoyote.org/hjt/
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
__________________
 

carol perez

Thread Starter
Joined
Apr 17, 2004
Messages
15
ok here it is....

Logfile of HijackThis v1.97.7
Scan saved at 12:01:08 AM, on 4/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\eBayTBar.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ACD Systems\ACDSee\ACDSee.exe
C:\Program Files\Lily_Utils\WinClean\WinClean.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
F0 - system.ini: Shell=
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\eBayBand.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\eBayBand.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: eBay Toolbar.LNK = ?
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Free Software - C:\Program Files\Cool Web Scrollbars\hh.html
O9 - Extra button: MktBrowser (HKLM)
O9 - Extra 'Tools' menuitem: MarketBrowser (HKLM)
O9 - Extra button: eBay Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: eBay Toolbar (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: NeoTrace It! (HKCU)
O9 - Extra button: WeatherBug (HKCU)
O9 - Extra button: AddaButton (HKCU)
O9 - Extra 'Tools' menuitem: AddaButton (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {001F2570-5DF5-11D3-B991-00A0C9BB0874} (eBay Helper Object) - http://download.ebay.com/toolbar/eBayTBar.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37876.2181018519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 
Joined
Feb 23, 2003
Messages
16,274
Download CWShredder:
http://www.spywareinfo.com/~merijn/files/CWShredder.exe
Run and hit the ->fix tab to fix all found problems

CWS takes advantage of security holes in windows so you should install all critical as well as hotfixes available from windows update.

Then Rescan and put a check next to each of these then close all browser windows and click "fix checked"

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)

F0 - system.ini: Shell=

F2 - REG:system.ini: Shell=

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O8 - Extra context menu item: Free Software - C:\Program Files\Cool Web Scrollbars\hh.html
O9 - Extra button: MktBrowser (HKLM)
O9 - Extra 'Tools' menuitem: MarketBrowser (HKLM)
 

carol perez

Thread Starter
Joined
Apr 17, 2004
Messages
15
Message well taken ....I uninstalled Spyhunter and will refuse to pay for it on my credit card. Thanks.
-carol
 
Joined
Nov 28, 2002
Messages
2,985
Hello carol, I had it myself over a year ago, but I wasn't tricked into it. Nor were there any strange files on my computer.
I had my money refunded within 48 hours. As far as I can remember I dealt with the company that collects their money, they gave Spyhunter a couple of days to sort it out. I reported they were not answering my emails, next thing was an email telling of refund.
 

carol perez

Thread Starter
Joined
Apr 17, 2004
Messages
15
Yup....I just sent and email to Enigma requesting a refund and I removed the program from my computer in the add/remove. Thanks for the info ...I don't need bad stuff screwing up my computer!
Thanks
carol
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top