Recently lots of people have infected the spyware called cpmsky or cpmsky.biz.
the sounds asking for help similarly like this:
How can I removed cpmsky.biz from my pc and what is it?
HELP! RUNDLL ERROR windows system32 cpmsky.dll always appear upon pc start up?
I have been hit by cpmsky. Cann you help me fix it?
How to get rid of cpmsky.dll?
the commond feature of the computer with cpmsky spyware in their Hijachthis log:
O2 - BHO: cpmsky browser optimizer - {b9c57b8d-cf96-63cf-2299-33cfc675999d} - C:\WINDOWS\system32\{5b00464b-3760-e7c5-c29f-24599b358526}.dll
O4 - HKLM\..\Run: [{eb74667a-959f-eb38-45e2-9c77928cd111}] C:\WINDOWS\System32\Rundll32.exe “C:\WINDOWS\system32\{5b00464b-3760-e7c5-c29f-24599b358526}.dll” DllInit
O2 - BHO: cpmsky browser optimizer - {c778c5b3-faea-0b98-9c5b-94fead140c0a} - C:\WINDOWS\system32\{103503c1-b5dc-c646-cf0a-d8236937decc}.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [{f511bb53-c3b2-07eb-c9d4-dff16797a703}] C:\WINDOWS\System32\Rundll32.exe “C:\WINDOWS\system32\{103503c1-b5dc-c646-cf0a-d8236937decc}.dll” DllInit
O2 - BHO: cpmsky browser optimizer - {0a00e8ae-330a-ff4e-ea83-ef87ac32b286} - C:\Windows\system32\{de6a4f84-c2aa-8541-0173-d79c83c7315d}.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [{805ba053-d864-d9ea-8de4-4d01cf66f379}] C:\Windows\System32\Rundll32.exe “C:\Windows\system32\{de6a4f84-c2aa-8541-0173-d79c83c7315d}.dll” DllInit
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe “C:\WINDOWS\system32\{2e078b9e-52cf-da35-0006-e039d4be5175}.dll” DllInit
O2 - BHO: cpmsky browser optimizer - {b9c57b8d-cf96-63cf-2299-33cfc675999d} - C:\WINDOWS\system32\{5b00464b-3760-e7c5-c29f-24599b358526}.dll
You may find something above
the key malware file is:
1. C:\WINDOWS\system32\{5b00464b-3760-e7c5-c29f-24599b358526}.dll
—it is a random dll in your system folder
2. ALCMTR.EXE
Both of them has autostart on your system startup,you just only remove the entry like this
1.) Reboot into Safe Mode by presing F8 during boot.
2.) Download and run HiJackThis, looking for and deleting an entry along the lines of:
O4 - HKLM\..\Run: [PostSetupCheck] C:\WINDOWS\System32\Rundll32.exe “C:\WINDOWS\system32\cpmsky.dll” DllStart
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O2 - BHO: cpmsky browser optimizer - {0a00e8ae-330a-ff4e-ea83-ef87ac32b286} - C:\Windows\system32\{de6a4f84-c2aa-8541-0173-d79c83c7315d}.dll
O4 - HKLM\..\Run: [{eb74667a-959f-eb38-45e2-9c77928cd111}] C:\WINDOWS\System32\Rundll32.exe “C:\WINDOWS\system32\{5b00464b-3760-e7c5-c29f-24599b358526}.dll” DllInit
3.) Browse to C:\Windows\System32 and delete the file cpmsky.dll (if found).
4.) Click on Fix Checked when finished and exit HijackThi,Reboot back into Normal Mode and verify the problem is resolved.
For farther scan to removal other spyware ,Recommend The Official Spyware Remover!
If you feel computer is slow,you can do registry cleaner using RegistrySmart
August 17, 2008
Ive done this and im still getting a pop up at the top right hand corner, it comes for 1 second then disappers please help me its poping up