spyware removal instructions

EBlaster 5.0 removal

Spyware EBlaster 5.0 Information
Name: EBlaster 5.0
Category: Keylogger
Date: 2004-12-25
Dangerous: Yes
Eblaster is keylogger software, which, by definition, isn´t malware, but it could be used for malicious purposes. It is recommended to use some sort of spyware remover if you suspect your computer to be infected.
>> Delete EBlaster 5.0 automatically - Download SpyHunter

EBlaster 5.0 Removal Instructions
Kill the following processes
biosboot.exe, eb50setup.exe, chkdisk.exe, logmon.exe, netbcam.exe, netutil.exe, profwin.exe, svrwin.exe, v32wsock.exe, usbw32.exe, w32sub.exe
Unregister the following DLLs and reboot
ceract.dll, chkcer.dll, hosthex32.dll, netras.dll, perfboot.dll, rtfmidi.dll, statslink.dll.
autprof.dll, biosuni.dll, catmidi.dll, cfgtcp.dll, cfgvga.dll, compserver.dll, conflib32.dll, ctldde.dll, ctldll.dll, ddectl.dll, devcrypt.dll, dhcpkbd.dll, dllcmd.dll, httpsserver32.dll, ipdll32.dll, kbdman.dll, macnetb32.dll, midical.dll, modipx.dll, modstats.dll, msdde.dll, netbaut.dll, netipx.dll, odbckey.dll, olehost.dll, regdb.dll, rtfftp.dll, sqlhost32.dll, statip.dll, tcpterm.dll, uniserver.dll, vgalog.dll, xmlbot32.dll, xpcmd.dll in Windows\system32\
Delete these registry entries
HKEY_LOCAL_MACHINE\software\classes\clsid\{0e289927-69b7-4c4c-8502-354e048c8e92}
HKEY_LOCAL_MACHINE\software\classes\clsid\{191922d9-d5ae-453d-b290-f26a9c270402}
HKEY_LOCAL_MACHINE\software\classes\clsid\{27474baa-705f-4769-a44f-e13a8be4e610}
HKEY_LOCAL_MACHINE\software\classes\clsid\{2be166ed-f16c-46de-b623-3575fd9b5d6d}\wivdevenum
HKEY_LOCAL_MACHINE\software\classes\clsid\{2efe6983-b0bf-4ebf-9637-a7c10ec3eebb}
HKEY_LOCAL_MACHINE\software\classes\clsid\{30b92215-0e32-400e-a05d-e583bf1d6c49}
HKEY_LOCAL_MACHINE\software\classes\clsid\{5343160f-29a0-49e3-8782-c08b11e0675f}
HKEY_LOCAL_MACHINE\software\classes\clsid\{75c3efc9-45ba-48f4-96a9-f4708a4b32db}
HKEY_LOCAL_MACHINE\software\classes\clsid\{812e1c52-8b82-4bc7-bdfa-cfdaedb63f41}
HKEY_LOCAL_MACHINE\software\classes\clsid\{81cdda69-0eec-4142-8eb4-de2a433c91a2}
HKEY_LOCAL_MACHINE\software\classes\clsid\{855edf42-f91b-4818-8df1-b58ca6043290}
HKEY_LOCAL_MACHINE\software\classes\clsid\{99c193ba-d72b-4934-8612-6bc25640cb1f}
HKEY_LOCAL_MACHINE\software\classes\clsid\{b7013911-76cf-4750-b174-2b573bc2f14c}
HKEY_LOCAL_MACHINE\software\classes\clsid\{ce0babb4-3a61-4dbb-a6c7-f69896a47540}
HKEY_LOCAL_MACHINE\software\classes\clsid\{e4b58522-89aa-45ed-bf8d-ebe7207a5d2a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload\caleng
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload\lanras
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload\netbcab
Remove the following files
appms.drv, biosboot.exe, ceract.dll, chkcer.dll, eb50setup.exe, eblaster 5.0.txt, hosthex32.dll, msqkvowin.msj, msqkvowin.rcv, msquf32.msj, msquf32.rcv, netras.dll, perfboot.dll, rtfmidi.dll, statslink.dll, usbw32.exe, w32sub.exe.
autprof.dll, biosuni.dll, catmidi.dll, cfgtcp.dll, cfgvga.dll, chkdisk.exe, compserver.dll, conflib32.dll, ctldde.dll, ctldll.dll, ddectl.dll, devcrypt.dll, dhcpkbd.dll, dllcmd.dll, httpsserver32.dll, ipdll32.dll, kbdman.dll, logmon.exe, macnetb32.dll, midical.dll, modipx.dll, modstats.dll, msdde.dll, netbaut.dll, netbcam.exe, netipx.dll, netutil.exe, odbckey.dll, olehost.dll, profwin.exe, regdb.dll, rtfftp.dll, sqlhost32.dll, statip.dll, svrwin.exe, tcpterm.dll, uniserver.dll, v32wsock.exe, vgalog.dll, xmlbot32.dll, xpcmd.dll in Windows\system32\
ctlstats.drv in Windows\system32\ddecom\
statfat.drv in Windows\system32\ipxip\
diskstats.drv in Windows\system32\modnetb\
docmfc.drv in Windows\system32\niccam\
diskmod.drv in Windows\system32\submon\
macreg.drv in Windows\system32\termme\
termlink.drv in Windows\system32\usbdel\
Remove the following directories
Windows\system32\ddecom
Windows\system32\ipxip
Windows\system32\modnetb
Windows\system32\niccam
Windows\system32\submon
Windows\system32\termme

Bookmark EBlaster 5.0 page

Visitor Comments on EBlaster 5.0
2005-09-16 00:36:29, Guest:
If you are using Salfeld's Child Control software, your spyware detector may alert you that you have EBlaster on your system. I think one of Salfeld's files is named "winsvr.exe."
2006-01-25 20:40:59, Guest:
Yes, and the same file is also labelled as svrwin.exe
 Previous Spyware: Remove EBlaster 2.1  Next Spyware: Remove EBomb