Hi essexboy,
Just to get better at it still, I compiled what needs to be killed or deleted for the simple ISpyNow malware:
Kill the following processes and
stop the following iSpyNOW processes:
ispynow.exe
configure.exe
isn_builder.exe
softmod32.exe
uninstall-ispynow.exe
Stop iSpyNOW processes:
C:\Program Files\iSpyNOW\ispynow.exe
C:\Program Files\iSpyNOW\1500 nokia ringtones.exe
C:\Program Files\iSpyNOW\Virtuagirl_brianabanks_full.exe
C:\Program Files\iSpyNOW\grand theft auto vice city.exe
C:\Program Files\iSpyNOW\turbo tax key code.exe
C:\Program Files\iSpyNOW\Keygen super bounce out.exe
C:\Program Files\iSpyNOW\a (1).exe
C:\Program Files\iSpyNOW\TURBO_TAX_KEY_CODE.EXE
C:\Program Files\iSpyNOW\AolPassHack.exe, BIKO.EXE
C:\Program Files\iSpyNOW\UOGAMER.EXE
C:\Program Files\iSpyNOW\EBLASTER.EXE
perfectdefender2009.exe
c:\Program Files\Perfect Defender 2009\pdefendr.exe
UserProfile%\Local Settings\Temp\ikbmqvex.exe
ikbmqvex.exe
C:\Program Files\iSpyNOW\ispynow.exe
C:\Program Files\iSpyNOW\1500 nokia ringtones.exe
C:\Program Files\iSpyNOW\Virtuagirl_brianabanks_full.exe
C:\Program Files\iSpyNOW\grand theft auto vice city.exe
C:\Program Files\iSpyNOW\turbo tax key code.exe
C:\Program Files\iSpyNOW\Keygen super bounce out.exe
C:\Program Files\iSpyNOW\a (1).exe
C:\Program Files\iSpyNOW\TURBO_TAX_KEY_CODE.EXE
C:\Program Files\iSpyNOW\AolPassHack.exe, BIKO.EXE
C:\Program Files\iSpyNOW\UOGAMER.EXE
C:\Program Files\iSpyNOW\EBLASTER.EXE
Get rid of dll's:
C:\Program Files\iSpyNOW\ISNSYS.dll
UserProfile%\Desktop\sccmsk.dll
UserProfile%\My Documents\PerfectDefender2009\SDBHO.dll
C:\Program Files\iSpyNOW\ISNSYS.dll
Delete folders:
C:\Program Files\iSpyNOW\
c:\Program Files\Perfect Defender 2009\
Delete files:
C:\Program Files\iSpyNOW\Joi2A6.tmp
C:\Program Files\iSpyNOW\Joi2D0.tmp
c:\Program Files\Perfect Defender 2009\dbbase.div
UserProfile%\My Documents\PerfectDefender2009\sdcfg.dat
Delete these registry entries
Remove the following iSpyNOW registry keys:
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsofttray
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\microsoft tray
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Run\isntray
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\UninstalliSpyNOW
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “asus32″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PDefender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Perfect Defender 2009″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Perfect Defender 2009
Remove the following files:
configure.exe,
disclaimer.txt,
help.htm,
isn_builder.exe
ispynow configuration wizard.lnk,
ispynow.exe
ispynow disclaimer.lnk,
ispynow password - important!!.lnk,
ispynow readme.lnk,
ispynow users guide.lnk,
ispynow-setup.reg,
license agreement.lnk,
license.txt, password - important!!.txt,
readme.txt,
remove ispynow 2.0.lnk,
uninstal.log,
uninstall-ispynow.exe.
softmod32.exe
Hopes this helps a bit in the hunt on this dangerous hacking malware,
polonus