| Spyware.TupInsight removal process |
|
| Author:admin CopyFrom:web Hits: UpdateTime:2008-6-6 7:54:25 |
Begin of the article Spyware.TupInsight removal process
1.DownloadGoogle recommend safer browser Web browser, For more safe , Stay Secure on the Web and stay far away virus,Download URL http://www.oral8.net/firefox/firefox.htm
2. Temporarily Disable System Restore (Windows Me/XP).
3. Update the virus definitions. Reboot computer in SafeMode
4. Run a full system scan and clean/delete all Spyware.TupInsight infected files and Delete/Modify any values added to the registry.
Navigate to the subkey and delete the valuesas following:
The program can be downloaded from www.tupsoft.com and must be manually installed.
When the program is installed, it creates the following files:
- %UserProfile%\Local Settings\Temp\[RANDOM FOLDER NAME].tmp\Disk1\data1.cab
- %UserProfile%\Local Settings\Temp\[RANDOM FOLDER NAME].tmp\Disk1\data1.hdr
- %UserProfile%\Local Settings\Temp\[RANDOM FOLDER NAME].tmp\Disk1\data2.cab
- %UserProfile%\Local Settings\Temp\[RANDOM FOLDER NAME].tmp\Disk1\ikernel.ex_
- %UserProfile%\Local Settings\Temp\[RANDOM FOLDER NAME].tmp\Disk1\layout.bin
- %UserProfile%\Local Settings\Temp\[RANDOM FOLDER NAME].tmp\Disk1\Setup.exe
- %UserProfile%\Local Settings\Temp\[RANDOM FOLDER NAME].tmp\Disk1\Setup.ini
- %UserProfile%\Local Settings\Temp\[RANDOM FOLDER NAME].tmp\Disk1\setup.inx
- C:\Documents and Settings\All Users\Start Menu\Programs\Tupsoft TupInsight\Console.lnk
- C:\Documents and Settings\All Users\Start Menu\Programs\Tupsoft TupInsight\User Guide.lnk
- %ProgramFiles%\WinPcap\daemon_mgm.exe
- %ProgramFiles%\WinPcap\INSTALL.LOG
- %ProgramFiles%\WinPcap\npf_mgm.exe
- %ProgramFiles%\Tupsoft\TupInsight\Console\ACM.exe
- %ProgramFiles%\Tupsoft\TupInsight\Console\ACM.INI
- %ProgramFiles%\Tupsoft\TupInsight\Console\CommClient.dll
- %ProgramFiles%\Tupsoft\TupInsight\Console\Console.ldb
- %ProgramFiles%\Tupsoft\TupInsight\Console\Console.mdb
- %ProgramFiles%\Tupsoft\TupInsight\Console\DbBak\DbBak_[DATE]
- %ProgramFiles%\Tupsoft\TupInsight\Console\DbBak\DbBak_[DATE]
- %ProgramFiles%\Tupsoft\TupInsight\Console\FileTranClient.dll
- %ProgramFiles%\Tupsoft\TupInsight\Console\RAClient.dll
- %ProgramFiles%\Tupsoft\TupInsight\Console\Tips.ini
- %ProgramFiles%\Tupsoft\TupInsight\Console\TupInsight.chm
- %ProgramFiles%\Tupsoft\TupInsight\Engine\CommServer.dll
- %ProgramFiles%\Tupsoft\TupInsight\Engine\Data.ldb
- %ProgramFiles%\Tupsoft\TupInsight\Engine\Data.mdb
- %ProgramFiles%\Tupsoft\TupInsight\Engine\Engine.ini
- %ProgramFiles%\Tupsoft\TupInsight\Engine\Engine.ldb
- %ProgramFiles%\Tupsoft\TupInsight\Engine\Engine.mdb
- %ProgramFiles%\Tupsoft\TupInsight\Engine\FileLib.dll
- %ProgramFiles%\Tupsoft\TupInsight\Engine\FileTranServer.dll
- %ProgramFiles%\Tupsoft\TupInsight\Engine\Ftp.dll
- %ProgramFiles%\Tupsoft\TupInsight\Engine\Http.dll
- %ProgramFiles%\Tupsoft\TupInsight\Engine\Local.ini
- %ProgramFiles%\Tupsoft\TupInsight\Engine\log\TupInsight.log
- %ProgramFiles%\Tupsoft\TupInsight\Engine\PacketCap.dll
- %ProgramFiles%\Tupsoft\TupInsight\Engine\PopMail.dll
- %ProgramFiles%\Tupsoft\TupInsight\Engine\PortMonitor.dll
- %ProgramFiles%\Tupsoft\TupInsight\Engine\RAClient.dll
- %ProgramFiles%\Tupsoft\TupInsight\Engine\RAServer.exe
- %ProgramFiles%\Tupsoft\TupInsight\Engine\TupInsight.exe
- %ProgramFiles%\Tupsoft\TupInsight\Engine\TupInsightService.exe
- %ProgramFiles%\Tupsoft\TupInsight\Engine\zlib.dll
- %System%\Microsoft\Protect\S-1-5-18\User\5b0a07e4-e65a-411f-8685-ec62ce9d0efa
- %System%\WinWsExt.ini
- %Windir%\Temp\[RANDOM FILE NAME].tmp
It also creates the following registry subkeys:
- HKEY_CLASSES_ROOT\WsSysSet
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WsSysSet
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WsSysSet\WsSysInfoExt
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89CA9704-64BD-4620-8BB3-CA3F4C937034}
- HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Tupsoft TupInsight
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinPcapInst
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TUPINSIGHTCAPTUREENGINE
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TUPINSIGHTCAPTUREENGINE
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TUPINSIGHTCAPTUREENGINE
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TupInsightCaptureEngine
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TupInsightCaptureEngine
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TupInsightCaptureEngine
The program registers itself as a system service with the following characteristics:
Display Name: TupInsightCaptureEngine
Image Path: C:\Program Files\Tupsoft\TupInsight\Engine\TupInsightService.exe
Description: Network monitoring and management
The program consists of the following two components:
- A monitoring and logging engine that runs in stealth mode
- A console for retrieval of logs by a remote attacker
The program allows the following information to be logged and subsequently retrieved:
- Web sites visited
- Chat sessions
- Files transferred
- Email sent and received
- Games played
5. Exit registry editor .
6.delete the IE temp files or you may download ATF temp files cleaner to run a full cleaning.and restart the computer.
8. Now you may remove Spyware.TupInsight successfully.
|
| howtoremoveInputer:admin Editor:admin |
| End Of The Article how to remove Spyware.TupInsight |
|
Back 个howtoremove:Spyware.SpyBossPro
Next 个howtoremove: Hacktool.Rootkit!inf |
