| EBlaster removal| Spyware EBlaster Information |
|---|
Name: EBlaster
Category: Keylogger
Date: 2003-06-17
Dangerous: Yes |
EBlaster is Keylogger - spyware.
From the doc: ´eBlaster will AUTOMATICALLY monitor PC activity from a remote location. Install eBlaster once on the PC & walk away. Theres no need to return to the computer...EVER! Once installed, eBlaster records the PC & then supplies detailed activity reports right to your e-mail address, as frequently as every 30 minutes. eBlaster monitors: All Web Sites Visited All Programs Run All Typed-in key sequences Typed All Chat Conversations All Instant Messages [including both sides of a Yahoo, MSN or AOL instant message session] eBlaster is 100 percent compatible with AOL 5.0, AOL 6.0 & AOL 7.0.´ You should remove it from your system as soon as possible.
EBlaster description by publisher: From the eBlaster Web Site: Automatically sends you an EXACT COPY of their Chats, Instant Messages & Emails. Now with optional Remote Install if you don´t have physical access to the computer you wish to monitor. eBlaster Internet spy software is the ONLY software in the world that will capture their incoming & outgoing email, chats & instant messages - then IMMEDIATELY forward you an EXACT COPY. Example: ò You´re at work & your child is home from school. ò She receives an email from John at 3:00 PM. ò Within 2nds, you receive a COPY of that email sent to your email address. ò A few minutes later, she replies to John´s email. ò Within 2nds, you receive a COPY of what she sent to John. Additionally, eBlaster spy software monitors ALL emails, chats, instant messages, web sites visited, typed-in key sequences typed, applications executed & peer-to-peer (P2P) any file downloaded - then forwards it to you through email in the form of a detailed Activity Report. Receive your Activity Reports as frequently as once every hour or once a day - it is your choice.
This Keylogger is also known as: •Trj/Reboot.htm - named by Panda.
>> Delete EBlaster automatically - Download Spyware Doctor
| EBlaster Removal Instructions |
|---|
Kill the following processes biosboot.exe, eb50setup.exe, eblaster.exe, ebsetup.exe, msrac32.exe, chkdisk.exe, logmon.exe, netbcam.exe, netutil.exe, profwin.exe, svrwin.exe, v32wsock.exe, usbw32.exe, w32sub.exe | Unregister the following DLLs and reboot ceract.dll, chkcer.dll, hosthex32.dll, mserrtrc.dll, msrac32.dll, msu00mwin.dll, netras.dll, perfboot.dll, rmtcore.dll, rtfmidi.dll, statslink.dll.
autprof.dll, biosuni.dll, catmidi.dll, cfgtcp.dll, cfgvga.dll, compserver.dll, conflib32.dll, ctldde.dll, ctldll.dll, ddectl.dll, devcrypt.dll, dhcpkbd.dll, dllcmd.dll, httpsserver32.dll, ipdll32.dll, kbdman.dll, macnetb32.dll, midical.dll, modipx.dll, modstats.dll, msdde.dll, netbaut.dll, netipx.dll, odbckey.dll, olehost.dll, regdb.dll, rtfftp.dll, sqlhost32.dll, statip.dll, tcpterm.dll, uniserver.dll, vgalog.dll, xmlbot32.dll, xpcmd.dll in Windows\system32\
mstv9swin.dll, mswebhlp.dll in Windows\system\
| Delete these registry entries HKEY_CLASSES_ROOT\clsid\{6314e760-e667-11d2-ba98-0080c8e9491a}\ole\shell\commands
HKEY_CLASSES_ROOT\clsid\{89044184-f260-4fdd-8fab-2662814846e5}
HKEY_CLASSES_ROOT\clsid\{deca39c1-f713-11d2-ba99-0080c8e9491a}\inprocserver32
HKEY_LOCAL_MACHINE\software\classes\clsid\{0e289927-69b7-4c4c-8502-354e048c8e92}
HKEY_LOCAL_MACHINE\software\classes\clsid\{191922d9-d5ae-453d-b290-f26a9c270402}
HKEY_LOCAL_MACHINE\software\classes\clsid\{27474baa-705f-4769-a44f-e13a8be4e610}
HKEY_LOCAL_MACHINE\software\classes\clsid\{2be166ed-f16c-46de-b623-3575fd9b5d6d}\wivdevenum
HKEY_LOCAL_MACHINE\software\classes\clsid\{2efe6983-b0bf-4ebf-9637-a7c10ec3eebb}
HKEY_LOCAL_MACHINE\software\classes\clsid\{30b92215-0e32-400e-a05d-e583bf1d6c49}
HKEY_LOCAL_MACHINE\software\classes\clsid\{5343160f-29a0-49e3-8782-c08b11e0675f}
HKEY_LOCAL_MACHINE\software\classes\clsid\{75c3efc9-45ba-48f4-96a9-f4708a4b32db}
HKEY_LOCAL_MACHINE\software\classes\clsid\{812e1c52-8b82-4bc7-bdfa-cfdaedb63f41}
HKEY_LOCAL_MACHINE\software\classes\clsid\{81cdda69-0eec-4142-8eb4-de2a433c91a2}
HKEY_LOCAL_MACHINE\software\classes\clsid\{855edf42-f91b-4818-8df1-b58ca6043290}
HKEY_LOCAL_MACHINE\software\classes\clsid\{99c193ba-d72b-4934-8612-6bc25640cb1f}
HKEY_LOCAL_MACHINE\software\classes\clsid\{b7013911-76cf-4750-b174-2b573bc2f14c}
HKEY_LOCAL_MACHINE\software\classes\clsid\{ce0babb4-3a61-4dbb-a6c7-f69896a47540}
HKEY_LOCAL_MACHINE\software\classes\clsid\{e4b58522-89aa-45ed-bf8d-ebe7207a5d2a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{89044184-f260-4fdd-8fab-2662814846e5}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload\caleng
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload\lanras
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload\netbcab
| Remove the following files appms.drv, biosboot.exe, ceract.dll, chkcer.dll, eb50setup.exe, eblaster 5.0.txt, eblaster.exe, ebsetup.exe, hosthex32.dll, mserrtrc.dll, msqkvowin.msj, msqkvowin.rcv, msquf32.msj, msquf32.rcv, msrac32.dll, msrac32.exe, msrevgwin.ocx, msu00mwin.dll, msu00mwin.ocx, msu00mwin.rcv, netras.dll, new.reg, perfboot.dll, rmtcore.dll, rtfmidi.dll, shdocew.chm, statslink.dll, system.dat, system.ini, usbw32.exe, user.dat, w32sub.exe, windows explorer.lnk, wininit.ini, winmsu00mwin.drv.
autprof.dll, biosuni.dll, catmidi.dll, cfgtcp.dll, cfgvga.dll, chkdisk.exe, compserver.dll, conflib32.dll, ctldde.dll, ctldll.dll, ddectl.dll, devcrypt.dll, dhcpkbd.dll, dllcmd.dll, httpsserver32.dll, ipdll32.dll, kbdman.dll, logmon.exe, macnetb32.dll, midical.dll, modipx.dll, modstats.dll, msdde.dll, netbaut.dll, netbcam.exe, netipx.dll, netutil.exe, odbckey.dll, olehost.dll, profwin.exe, regdb.dll, rtfftp.dll, sqlhost32.dll, statip.dll, svrwin.exe, tcpterm.dll, uniserver.dll, v32wsock.exe, vgalog.dll, xmlbot32.dll, xpcmd.dll in Windows\system32\
ctlstats.drv in Windows\system32\ddecom\
statfat.drv in Windows\system32\ipxip\
diskstats.drv in Windows\system32\modnetb\
docmfc.drv in Windows\system32\niccam\
diskmod.drv in Windows\system32\submon\
macreg.drv in Windows\system32\termme\
termlink.drv in Windows\system32\usbdel\
mstv9swin.dll, mstv9swin.ocx, mswebhlp.dll, winmstv9swin.drv in Windows\system\
| Remove the following directories Windows\system32\ddecom
Windows\system32\ipxip
Windows\system32\modnetb
Windows\system32\niccam
Windows\system32\submon
Windows\system32\termme
Windows\system32\usbdel
|
Bookmark EBlaster page
|