Nictech NEW spyware alert.

markw007 · Guest

AsTIVEDS.DLL is another new spyware dated 5/9/2004. It also drops a randomly named .dll also dated 5/9/2004 into your \system32 directory and adds the HKEY_LOCAL_MACHINE\SOFTWARE\WindowsNT\GuardianXXXX registry entry onto your system. It's removal seems to be the same as AkTIVEDS so do a search on that for help. I just wanted to post this new threat because I could not find it specifically anywhere YET!

Gadgets · Cadet Joined: May 11, 2004 Posts: 2 Location: USA

i do tech support for a company and i currently have three w2k computers(out of ~80) on this network with problems thanks to nictech. adaware hasn't caught them and i do not have the "permissions" option available in regedit so that i can disable the reg key these files are attached to, per dj van's suggestion in the other topic concerning nictech.

my observations concerning these files:
currently, it appears that the files are generated with similar names to legitimate files in the winnt\system32 folder. however all the questionable files are 310 kb in length and will have an identical creation date. one can rename and even remove all but one(or two) of the .dlls directly. the one(or two) that cannot be removed is the one that is listed in the registry.

please pardon(and inform me of) any faux pas in this post.

gadgets.

Guest · Posted: Wed May 12, 2004 6:43 pm Post subject:

http://www.tek-tips.com/gviewthread.cfm/pid/760/qid/834037

Gadgets · Cadet Joined: May 11, 2004 Posts: 2 Location: USA

WyeKnottMe · Guest

I used regedt32 and I deleted the GUARDIAN key and I watched it pop back up immediately after deletion.

What does it take to make this junk go away permanently?
Do I have to re-install Windows 2000?

I've been at this for 12 hours now and it's lost its appeal!
Evil or Very Mad

WyeKnottMe · Guest

I used regedt32 and I deleted the GUARDIAN key and I watched it pop back up immediately after deletion.

What does it take to make this junk go away permanently?
Do I have to re-install Windows 2000?

I've been at this for 12 hours now and it's lost its appeal!
Evil or Very Mad

Stephanyr · Guest

tried this within safe mode too? Perhaps there is another dll lurking.

guest · Guest

This file may be related to the VX2 spyware. I had the same problem with astiveds.dll and it eventually disappeared, but other files took its place. These files attached themselves to an unknown application and could not be deleted by AdAware or Norton Antivirus while this application was running. I ggogled VX2 and found a removal tool "VX2Finder.exe", which elimnated all of these problems. Hope this helps.

DanR · Guest

I have this same problem too. I have Win 98 and I have no idea where this thing came from. Its messing with Adaware and spy bot search and destroy. there is DLL files in my windows/system directory with ILFARED.DLL or other similar name FARED DLLs. Each one was placed by NicTech. I had no idea it was even there untill EXPLORER starting crashing on start up. The only way to use my computer is to move the error message off the edge of the screen. Everytime I boot up its allways saying "windows is updating files" etc even though i havent changed anything.


	Home ˇ Topics ˇ Submit News ˇ Top 10 This entire site, Cops Themes, and Computer Cops are Š 2002 - 2004 Computer Cops, LLC. All rights reserved. You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0. Acceptable Use Policy. Use signifies your agreement. Engine Copyright Š 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member. Paul Laudanski, Member of Computer Cops, LLC Server Load: 1449 pages served in previous 5 minutes. Page Rendered: 1.676 seconds.