Hkey rat

S

sbailey0001

New Member
Ive got the following:

hkey_local_machine\software\microsoft\windows\currentversion\run

CMJSpy 0.5 RAT Spyware

And my Anti-spy is saying it cannot quarantine due to administrative rights or something, anyone know how i get rid of it??
 

My Computer

System One

What anti spyware program are you using? Malwarebytes is good, A squared Free and Spybot SD are also good. Do you have an Antivirus program installed as well? If not, Avast Home is very good, I would suggest you install it and run a boot time scan and a normal scan. One of these programs should get rid of it. If it tells you that you can not quarentine because of admin rights then close the program and right click on the icon and click run as administrator, then scan.
 

My Computer

System One

  • Manufacturer/Model
    Airbot 2.0
    CPU
    Core i7 920 (D0) @ 4Ghz, 26c idle- 65c full load on air
    Motherboard
    Asus P6X58D Premium -Sata 6Gb/s - USB 3.0
    Memory
    12GB Corsair Dominator -CMD12GX3M6A1600C8
    Graphics Card(s)
    EVGA Nvidia GTX 480 -Fermi
    Sound Card
    ASUS Xonar D2X
    Monitor(s) Displays
    LG 24" Flatron W2453V-PF Full HD 1080p 2ms response time
    Screen Resolution
    1920x1080@60hz
    Hard Drives
    1 OCZ Vertex2 180GB SSD
    1 TB Samsung Spinpoint F1 7200RPM 32MB cache
    2 500GB WD Caviar Blacks 7200RPM 32MB cache (WD5001AALS)

    Pioneer DVD Burner DVR-S18M
    PSU
    Corsair HX1000W
    Case
    Cooler Master HAF 932
    Cooling
    Case Fans -3 230mm, 1 140mm/CPU - Tuniq Tower 120 Extreme
    Keyboard
    Logitech Wireless MK700
    Mouse
    Logitech Wireless MK700
    Internet Speed
    100 MBPS DL 30.17Mbps UL 0.98Mbps
    Other Info
    Windows 7
    Processor-7.7 RAM- 7.9 Graphics-7.9 Gaming Graphics- 7.9 HDD- 7.8

    W.E.I final score= 7.7

    Windows Vista=5.9
Im using Yahoo toolbar Antispy, i've got Avast home aswell but its not picking it up, i've seen on another thread how to get to the following:

Start key -Run,
Type REGEDIT and hit return

I dont know what to do from there though....:confused:
 

My Computer

System One

If it's from yahoo toolbar antispy, it's probably a false positive. I could not trust Yahoo antispyware because it gave me too many FPs.Try those other programs and run them as they are all free and see what you get. If it doesn't come up in any of those, it's probably a false positive. Try cleaning your temp files. You can use CCleaner to do that. It might clear it. There are also online scanners that don't need to be installed, ESET NOD online scanner, Dr. Web, etc. Post back if any of that helps.
 

My Computer

System One

  • Manufacturer/Model
    Airbot 2.0
    CPU
    Core i7 920 (D0) @ 4Ghz, 26c idle- 65c full load on air
    Motherboard
    Asus P6X58D Premium -Sata 6Gb/s - USB 3.0
    Memory
    12GB Corsair Dominator -CMD12GX3M6A1600C8
    Graphics Card(s)
    EVGA Nvidia GTX 480 -Fermi
    Sound Card
    ASUS Xonar D2X
    Monitor(s) Displays
    LG 24" Flatron W2453V-PF Full HD 1080p 2ms response time
    Screen Resolution
    1920x1080@60hz
    Hard Drives
    1 OCZ Vertex2 180GB SSD
    1 TB Samsung Spinpoint F1 7200RPM 32MB cache
    2 500GB WD Caviar Blacks 7200RPM 32MB cache (WD5001AALS)

    Pioneer DVD Burner DVR-S18M
    PSU
    Corsair HX1000W
    Case
    Cooler Master HAF 932
    Cooling
    Case Fans -3 230mm, 1 140mm/CPU - Tuniq Tower 120 Extreme
    Keyboard
    Logitech Wireless MK700
    Mouse
    Logitech Wireless MK700
    Internet Speed
    100 MBPS DL 30.17Mbps UL 0.98Mbps
    Other Info
    Windows 7
    Processor-7.7 RAM- 7.9 Graphics-7.9 Gaming Graphics- 7.9 HDD- 7.8

    W.E.I final score= 7.7

    Windows Vista=5.9
Well if you know how to open the registry editor (Start - Run - Regedit <enter> ),

then you can manually navigate to

hkey_local_machine\software\microsoft\windows\currentversion\run

by pressing the + sign next to each of the above in the above order.
When you reach to RUN, on the right side you will find several listings.

Select the "CMJSpy 0.5 RAT Spyware" item or anything containing that and delete it. (right click-delete).

Close the regisry editor and it's gone.
Restart and if you see it again, you'll need one of the programs Airbot mentioned before

Regards
 

My Computer

System One

  • Manufacturer/Model
    Limneos
    CPU
    Intel Core2Duo E4500 2.2GHz
    Motherboard
    Asus P5LD2-X/1333
    Memory
    2GB 800Mhz Kingston DDR2
    Graphics Card(s)
    Nvidia 8500GT
sbailey0001 said:
Ok im up to that point but dont know which one is the ''Rat'' ...... Im confused :confused:
Click to expand...



Well if you see
hkey_local_machine\software\microsoft\windows\currentversion\run (monitor) then delete it and restart.
Read this
CMJSpy


Or any entry that says cmj rat then that would be it but if nothing looks out of place then like I said, it's probably a false positive. You should be able to run your browser as administator and run the toolbar and then quarantine it if you're worried. Right click on your browser icon and run as admin. If you ran all those programs and none of them picked it up then it's most likely that the toolbar is recognizing some entry as spyware when in fact it isn't. Yahoo antispy is far from perfect, as I said it picked up false positives for me when there was no infection.

Read this, if you see any startup entries that look out of place or say cmj rat then disable it and delete.

http://www.vistax64.com/tutorials/79612-startup-programs-enable-disable.html

Post back with results.
 

My Computer

System One

  • Manufacturer/Model
    Airbot 2.0
    CPU
    Core i7 920 (D0) @ 4Ghz, 26c idle- 65c full load on air
    Motherboard
    Asus P6X58D Premium -Sata 6Gb/s - USB 3.0
    Memory
    12GB Corsair Dominator -CMD12GX3M6A1600C8
    Graphics Card(s)
    EVGA Nvidia GTX 480 -Fermi
    Sound Card
    ASUS Xonar D2X
    Monitor(s) Displays
    LG 24" Flatron W2453V-PF Full HD 1080p 2ms response time
    Screen Resolution
    1920x1080@60hz
    Hard Drives
    1 OCZ Vertex2 180GB SSD
    1 TB Samsung Spinpoint F1 7200RPM 32MB cache
    2 500GB WD Caviar Blacks 7200RPM 32MB cache (WD5001AALS)

    Pioneer DVD Burner DVR-S18M
    PSU
    Corsair HX1000W
    Case
    Cooler Master HAF 932
    Cooling
    Case Fans -3 230mm, 1 140mm/CPU - Tuniq Tower 120 Extreme
    Keyboard
    Logitech Wireless MK700
    Mouse
    Logitech Wireless MK700
    Internet Speed
    100 MBPS DL 30.17Mbps UL 0.98Mbps
    Other Info
    Windows 7
    Processor-7.7 RAM- 7.9 Graphics-7.9 Gaming Graphics- 7.9 HDD- 7.8

    W.E.I final score= 7.7

    Windows Vista=5.9
If you're having trouble, you can upload an image of your Run contents in the registry and we'll try to identify the rat. Although Spybot-SD is usually able to clean all these after an update and a full scan
 

My Computer

System One

  • Manufacturer/Model
    Limneos
    CPU
    Intel Core2Duo E4500 2.2GHz
    Motherboard
    Asus P5LD2-X/1333
    Memory
    2GB 800Mhz Kingston DDR2
    Graphics Card(s)
    Nvidia 8500GT
Glad to be of help. Can you tell us exactly how you fixed it?
 

My Computer

System One

  • Manufacturer/Model
    Airbot 2.0
    CPU
    Core i7 920 (D0) @ 4Ghz, 26c idle- 65c full load on air
    Motherboard
    Asus P6X58D Premium -Sata 6Gb/s - USB 3.0
    Memory
    12GB Corsair Dominator -CMD12GX3M6A1600C8
    Graphics Card(s)
    EVGA Nvidia GTX 480 -Fermi
    Sound Card
    ASUS Xonar D2X
    Monitor(s) Displays
    LG 24" Flatron W2453V-PF Full HD 1080p 2ms response time
    Screen Resolution
    1920x1080@60hz
    Hard Drives
    1 OCZ Vertex2 180GB SSD
    1 TB Samsung Spinpoint F1 7200RPM 32MB cache
    2 500GB WD Caviar Blacks 7200RPM 32MB cache (WD5001AALS)

    Pioneer DVD Burner DVR-S18M
    PSU
    Corsair HX1000W
    Case
    Cooler Master HAF 932
    Cooling
    Case Fans -3 230mm, 1 140mm/CPU - Tuniq Tower 120 Extreme
    Keyboard
    Logitech Wireless MK700
    Mouse
    Logitech Wireless MK700
    Internet Speed
    100 MBPS DL 30.17Mbps UL 0.98Mbps
    Other Info
    Windows 7
    Processor-7.7 RAM- 7.9 Graphics-7.9 Gaming Graphics- 7.9 HDD- 7.8

    W.E.I final score= 7.7

    Windows Vista=5.9
You must log in or register to reply here.
Back
Top