Tried below tools... HijackThis TCPMon FileMon RegMon -- o/p need to be analyzed Autoruns Security Task manager
But, No Output observed till now.....any alternative On Jul 30, 10:15 pm, Phani <[email protected]> wrote: > Hi Naik, > > Try to run the tool "autoruns.exe" or "Filemon.exe" from sysinternals and > see what all the files or etc.. are invoked during above said operation. > > This may help to trace out the issue. > > > > > > On Fri, Jul 30, 2010 at 9:48 PM, Srinivas Naik <[email protected]> wrote: > > Hi Geeks, > > > Since two days I am running behind a spyware called *Cookie Tracker*(this > > is what Symentic Software displays). The AV software was unable to > > remove it, after some time this spyware gets activated. So, tried solving > > this issue manually. > > > After going through all the hard drives and registry I found none to > > suspect!!! > > > Then as known tried clearing Browser cookies ( Firefox & IE). Also cleared > > the hidden folder "Application Data/ Microsoft" contents. > > > Later I was going through the Recycler folder in C:\ drive. In which I saw > > temp files @ S-xx-xx-1003 folder, immediately started deleting the contents > > > then I observed that after deleting and re-entering into the folder it has > > new files ( earlier DCX1, DCX2,DCX3,.........DCX8. and after deleting those > > files it started DCx9 DCX10...... and so I went till DCX548...... still the > > files get created) > > > Also the file named INFO2 was having some information which was decoded, I > > also cleared it. Even this file gets cleared and updated when the Folder > > gets refreshed. > > > I am in a fuzz !!!!!!! There was no suspect service running and how come > > these Stunts are performed??? > > > Can someone focus on this issue..... > > > Thanks & Regards, > > 0xN41K > > > -- > > You received this message because you are subscribed to the Google Groups > > "nforceit" group. > > To post to this group, send an email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]<nforceit%[email protected]om> > > . > > For more options, visit this group at > >http://groups.google.com/group/nforceit?hl=en-GB. > > -- > Phani- Hide quoted text - > > - Show quoted text - -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
