cpmsky.biz

How to Get rid of Cpmsky

Posted by admin on June 16, 2008
Trojan / 1 Comment

Recently lots of people have infected the spyware called cpmsky or cpmsky.biz.
the sounds asking for help similarly like this:

How can I removed cpmsky.biz from my pc and what is it?
HELP! RUNDLL ERROR windows system32 cpmsky.dll always appear upon pc start up?
I have been hit by cpmsky. Cann you help me fix it?
How to get rid of cpmsky.dll?

the commond feature of the computer with cpmsky spyware in their Hijachthis log:

O2 - BHO: cpmsky browser optimizer - {b9c57b8d-cf96-63cf-2299-33cfc675999d} - C:\WINDOWS\system32\{5b00464b-3760-e7c5-c29f-24599b358526}.dll
O4 - HKLM\..\Run: [{eb74667a-959f-eb38-45e2-9c77928cd111}] C:\WINDOWS\System32\Rundll32.exe “C:\WINDOWS\system32\{5b00464b-3760-e7c5-c29f-24599b358526}.dll” DllInit

O2 - BHO: cpmsky browser optimizer - {c778c5b3-faea-0b98-9c5b-94fead140c0a} - C:\WINDOWS\system32\{103503c1-b5dc-c646-cf0a-d8236937decc}.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [{f511bb53-c3b2-07eb-c9d4-dff16797a703}] C:\WINDOWS\System32\Rundll32.exe “C:\WINDOWS\system32\{103503c1-b5dc-c646-cf0a-d8236937decc}.dll” DllInit

O2 - BHO: cpmsky browser optimizer - {0a00e8ae-330a-ff4e-ea83-ef87ac32b286} - C:\Windows\system32\{de6a4f84-c2aa-8541-0173-d79c83c7315d}.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [{805ba053-d864-d9ea-8de4-4d01cf66f379}] C:\Windows\System32\Rundll32.exe “C:\Windows\system32\{de6a4f84-c2aa-8541-0173-d79c83c7315d}.dll” DllInit

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe “C:\WINDOWS\system32\{2e078b9e-52cf-da35-0006-e039d4be5175}.dll” DllInit
O2 - BHO: cpmsky browser optimizer - {b9c57b8d-cf96-63cf-2299-33cfc675999d} - C:\WINDOWS\system32\{5b00464b-3760-e7c5-c29f-24599b358526}.dll

You may find something above

the key malware file is:
1. C:\WINDOWS\system32\{5b00464b-3760-e7c5-c29f-24599b358526}.dll
—it is a random dll in your system folder
2. ALCMTR.EXE

Both of them has autostart on your system startup,you just only remove the entry like this

1.) Reboot into Safe Mode by presing F8 during boot.
2.) Download and run HiJackThis, looking for and deleting an entry along the lines of:

O4 - HKLM\..\Run: [PostSetupCheck] C:\WINDOWS\System32\Rundll32.exe “C:\WINDOWS\system32\cpmsky.dll” DllStart
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O2 - BHO: cpmsky browser optimizer - {0a00e8ae-330a-ff4e-ea83-ef87ac32b286} - C:\Windows\system32\{de6a4f84-c2aa-8541-0173-d79c83c7315d}.dll
O4 - HKLM\..\Run: [{eb74667a-959f-eb38-45e2-9c77928cd111}] C:\WINDOWS\System32\Rundll32.exe “C:\WINDOWS\system32\{5b00464b-3760-e7c5-c29f-24599b358526}.dll” DllInit

3.) Browse to C:\Windows\System32 and delete the file cpmsky.dll (if found).
4.) Click on Fix Checked when finished and exit HijackThi,Reboot back into Normal Mode and verify the problem is resolved.

For farther scan to removal other spyware ,Recommend The Official Spyware Remover!

If you feel computer is slow,you can do registry cleaner using RegistrySmart

Tags: , , , , , , ,


 Powered by Max Banner Ads