Vista - Hkey rat

**sbailey0001** · 12-17-2008

Ive got the following:

hkey_local_machine\software\microsoft\windows\currentversion\run

CMJSpy 0.5 RAT Spyware

And my Anti-spy is saying it cannot quarantine due to administrative rights or something, anyone know how i get rid of it??

**Airbot** · 12-17-2008

What anti spyware program are you using? Malwarebytes is good, A squared Free and Spybot SD are also good. Do you have an Antivirus program installed as well? If not, Avast Home is very good, I would suggest you install it and run a boot time scan and a normal scan. One of these programs should get rid of it. If it tells you that you can not quarentine because of admin rights then close the program and right click on the icon and click run as administrator, then scan.

**sbailey0001** · 12-17-2008

Im using Yahoo toolbar Antispy, i've got Avast home aswell but its not picking it up, i've seen on another thread how to get to the following:

Start key -Run,
Type REGEDIT and hit return

I dont know what to do from there though....

**Airbot** · 12-17-2008

If it's from yahoo toolbar antispy, it's probably a false positive. I could not trust Yahoo antispyware because it gave me too many FPs.Try those other programs and run them as they are all free and see what you get. If it doesn't come up in any of those, it's probably a false positive. Try cleaning your temp files. You can use CCleaner to do that. It might clear it. There are also online scanners that don't need to be installed, ESET NOD online scanner, Dr. Web, etc. Post back if any of that helps.

**sbailey0001** · 12-17-2008

Im running that Spybot SD now, hopefully that will sort it out, its looking like its picked up a few things so far...

Thanks for the advice

**limneos** · 12-17-2008

Well if you know how to open the registry editor (Start - Run - Regedit <enter> ),

then you can manually navigate to

hkey_local_machine\software\microsoft\windows\currentversion\run

by pressing the + sign next to each of the above in the above order.
When you reach to RUN, on the right side you will find several listings.

Select the "CMJSpy 0.5 RAT Spyware" item or anything containing that and delete it. (right click-delete).

Close the regisry editor and it's gone.
Restart and if you see it again, you'll need one of the programs Airbot mentioned before

Regards

**sbailey0001** · 12-18-2008

Ok im up to that point but dont know which one is the ''Rat'' ...... Im confused

**Airbot** · 12-18-2008

Quote: Originally Posted by sbailey0001

Ok im up to that point but dont know which one is the ''Rat'' ...... Im confused

Well if you see
hkey_local_machine\software\microsoft\windows\currentversion\run (monitor) then delete it and restart.
Read this
CMJSpy

Or any entry that says cmj rat then that would be it but if nothing looks out of place then like I said, it's probably a false positive. You should be able to run your browser as administator and run the toolbar and then quarantine it if you're worried. Right click on your browser icon and run as admin. If you ran all those programs and none of them picked it up then it's most likely that the toolbar is recognizing some entry as spyware when in fact it isn't. Yahoo antispy is far from perfect, as I said it picked up false positives for me when there was no infection.

Read this, if you see any startup entries that look out of place or say cmj rat then disable it and delete.

Startup Programs - Enable or Disable

Post back with results.

**limneos** · 12-18-2008

If you're having trouble, you can upload an image of your Run contents in the registry and we'll try to identify the rat. Although Spybot-SD is usually able to clean all these after an update and a full scan

**sbailey0001** · 12-18-2008

Cheers its gone...

You've been a great help

12-17-2008	#1 (permalink)
sbailey0001 Vista Home Premium 32bit 6 posts	Hkey rat Ive got the following: hkey_local_machine\software\microsoft\windows\currentversion\run CMJSpy 0.5 RAT Spyware And my Anti-spy is saying it cannot quarantine due to administrative rights or something, anyone know how i get rid of it??
My System Specs

12-17-2008	#2 (permalink)
Airbot Vista Ultimate SP2 x64 Windows 7 Ultimate x64 TECHNET 1,661 posts	Re: Hkey rat What anti spyware program are you using? Malwarebytes is good, A squared Free and Spybot SD are also good. Do you have an Antivirus program installed as well? If not, Avast Home is very good, I would suggest you install it and run a boot time scan and a normal scan. One of these programs should get rid of it. If it tells you that you can not quarentine because of admin rights then close the program and right click on the icon and click run as administrator, then scan.
My System Specs

12-17-2008	#3 (permalink)
sbailey0001 Vista Home Premium 32bit 6 posts	Re: Hkey rat Im using Yahoo toolbar Antispy, i've got Avast home aswell but its not picking it up, i've seen on another thread how to get to the following: Start key -Run, Type REGEDIT and hit return I dont know what to do from there though....
My System Specs

12-17-2008	#4 (permalink)
Airbot Vista Ultimate SP2 x64 Windows 7 Ultimate x64 TECHNET 1,661 posts	Re: Hkey rat If it's from yahoo toolbar antispy, it's probably a false positive. I could not trust Yahoo antispyware because it gave me too many FPs.Try those other programs and run them as they are all free and see what you get. If it doesn't come up in any of those, it's probably a false positive. Try cleaning your temp files. You can use CCleaner to do that. It might clear it. There are also online scanners that don't need to be installed, ESET NOD online scanner, Dr. Web, etc. Post back if any of that helps.
My System Specs

12-17-2008	#5 (permalink)
sbailey0001 Vista Home Premium 32bit 6 posts	Re: Hkey rat Im running that Spybot SD now, hopefully that will sort it out, its looking like its picked up a few things so far... Thanks for the advice
My System Specs

12-17-2008	#6 (permalink)
limneos Vista Ultimate 102 posts	Re: Hkey rat Well if you know how to open the registry editor (Start - Run - Regedit <enter> ), then you can manually navigate to hkey_local_machine\software\microsoft\windows\currentversion\run by pressing the + sign next to each of the above in the above order. When you reach to RUN, on the right side you will find several listings. Select the "CMJSpy 0.5 RAT Spyware" item or anything containing that and delete it. (right click-delete). Close the regisry editor and it's gone. Restart and if you see it again, you'll need one of the programs Airbot mentioned before Regards
My System Specs

12-18-2008	#7 (permalink)
sbailey0001 Vista Home Premium 32bit 6 posts	Re: Hkey rat Ok im up to that point but dont know which one is the ''Rat'' ...... Im confused
My System Specs

12-18-2008	#8 (permalink)
Airbot Vista Ultimate SP2 x64 Windows 7 Ultimate x64 TECHNET 1,661 posts	Re: Hkey rat Quote: Originally Posted by sbailey0001 Ok im up to that point but dont know which one is the ''Rat'' ...... Im confused Well if you see hkey_local_machine\software\microsoft\windows\currentversion\run (monitor) then delete it and restart. Read this CMJSpy Or any entry that says cmj rat then that would be it but if nothing looks out of place then like I said, it's probably a false positive. You should be able to run your browser as administator and run the toolbar and then quarantine it if you're worried. Right click on your browser icon and run as admin. If you ran all those programs and none of them picked it up then it's most likely that the toolbar is recognizing some entry as spyware when in fact it isn't. Yahoo antispy is far from perfect, as I said it picked up false positives for me when there was no infection. Read this, if you see any startup entries that look out of place or say cmj rat then disable it and delete. Startup Programs - Enable or Disable Post back with results.
My System Specs

12-18-2008	#9 (permalink)
limneos Vista Ultimate 102 posts	Re: Hkey rat If you're having trouble, you can upload an image of your Run contents in the registry and we'll try to identify the rat. Although Spybot-SD is usually able to clean all these after an update and a full scan
My System Specs

12-18-2008	#10 (permalink)
sbailey0001 Vista Home Premium 32bit 6 posts	Re: Hkey rat Cheers its gone... You've been a great help
My System Specs

Similar Threads
Thread	Forum
vista ultimate 32bit HKEY problems	Vista security
hkey	Vista performance & maintenance
can't find HKey...soft\Jet in Vista registry; re MaxLocksPerFile	Vista General