spoler.exe - Dangerous
spoler.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
This worm will receive instructions from an IRC channel on a specific IRC server.
One of these commands will start it to spread across the network.
There are some remote instructions from IRC server:
ntscan: Performs the scan of a specific computer with weak administrator passwords and copies itself to these machines.
cdkey: Collects cd keys of many popular games and sends them back to the IRC channel.
sysinfo: Retrieves the infected machine's information, such as CPU speed, memory, and so on.
Copies itself to computers that have weak administrator passwords, as \\
Attempts to spread itself in the network, randomly generated IP addresses.
To remove this worm please delete the value:
"helpmanager" = %System%\spoler.exe
in the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Or use the Greatis RegRun Security Suite to perform this operation automatically.