|
EBlaster 5.0 removal
Spyware EBlaster 5.0 Information |
Name: EBlaster 5.0
Category: Keylogger
Date: 2004-12-25
Dangerous: Yes
|
Eblaster is keylogger software, which, by definition, isn´t malware, but it could be used for malicious purposes. It is recommended to use some sort of spyware remover if you suspect your computer to be infected.
>> Delete EBlaster 5.0 automatically - Download SpyHunter
EBlaster 5.0 Removal Instructions |
Kill the following processes
biosboot.exe, eb50setup.exe, chkdisk.exe, logmon.exe, netbcam.exe, netutil.exe, profwin.exe, svrwin.exe, v32wsock.exe, usbw32.exe, w32sub.exe
|
Unregister the following DLLs and reboot
ceract.dll, chkcer.dll, hosthex32.dll, netras.dll, perfboot.dll, rtfmidi.dll, statslink.dll.
autprof.dll, biosuni.dll, catmidi.dll, cfgtcp.dll, cfgvga.dll, compserver.dll, conflib32.dll, ctldde.dll, ctldll.dll, ddectl.dll, devcrypt.dll, dhcpkbd.dll, dllcmd.dll, httpsserver32.dll, ipdll32.dll, kbdman.dll, macnetb32.dll, midical.dll, modipx.dll, modstats.dll, msdde.dll, netbaut.dll, netipx.dll, odbckey.dll, olehost.dll, regdb.dll, rtfftp.dll, sqlhost32.dll, statip.dll, tcpterm.dll, uniserver.dll, vgalog.dll, xmlbot32.dll, xpcmd.dll in Windows\system32\
|
Delete these registry entries
HKEY_LOCAL_MACHINE\software\classes\clsid\{0e289927-69b7-4c4c-8502-354e048c8e92}
HKEY_LOCAL_MACHINE\software\classes\clsid\{191922d9-d5ae-453d-b290-f26a9c270402}
HKEY_LOCAL_MACHINE\software\classes\clsid\{27474baa-705f-4769-a44f-e13a8be4e610}
HKEY_LOCAL_MACHINE\software\classes\clsid\{2be166ed-f16c-46de-b623-3575fd9b5d6d}\wivdevenum
HKEY_LOCAL_MACHINE\software\classes\clsid\{2efe6983-b0bf-4ebf-9637-a7c10ec3eebb}
HKEY_LOCAL_MACHINE\software\classes\clsid\{30b92215-0e32-400e-a05d-e583bf1d6c49}
HKEY_LOCAL_MACHINE\software\classes\clsid\{5343160f-29a0-49e3-8782-c08b11e0675f}
HKEY_LOCAL_MACHINE\software\classes\clsid\{75c3efc9-45ba-48f4-96a9-f4708a4b32db}
HKEY_LOCAL_MACHINE\software\classes\clsid\{812e1c52-8b82-4bc7-bdfa-cfdaedb63f41}
HKEY_LOCAL_MACHINE\software\classes\clsid\{81cdda69-0eec-4142-8eb4-de2a433c91a2}
HKEY_LOCAL_MACHINE\software\classes\clsid\{855edf42-f91b-4818-8df1-b58ca6043290}
HKEY_LOCAL_MACHINE\software\classes\clsid\{99c193ba-d72b-4934-8612-6bc25640cb1f}
HKEY_LOCAL_MACHINE\software\classes\clsid\{b7013911-76cf-4750-b174-2b573bc2f14c}
HKEY_LOCAL_MACHINE\software\classes\clsid\{ce0babb4-3a61-4dbb-a6c7-f69896a47540}
HKEY_LOCAL_MACHINE\software\classes\clsid\{e4b58522-89aa-45ed-bf8d-ebe7207a5d2a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload\caleng
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload\lanras
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload\netbcab
|
Remove the following files
appms.drv, biosboot.exe, ceract.dll, chkcer.dll, eb50setup.exe, eblaster 5.0.txt, hosthex32.dll, msqkvowin.msj, msqkvowin.rcv, msquf32.msj, msquf32.rcv, netras.dll, perfboot.dll, rtfmidi.dll, statslink.dll, usbw32.exe, w32sub.exe.
autprof.dll, biosuni.dll, catmidi.dll, cfgtcp.dll, cfgvga.dll, chkdisk.exe, compserver.dll, conflib32.dll, ctldde.dll, ctldll.dll, ddectl.dll, devcrypt.dll, dhcpkbd.dll, dllcmd.dll, httpsserver32.dll, ipdll32.dll, kbdman.dll, logmon.exe, macnetb32.dll, midical.dll, modipx.dll, modstats.dll, msdde.dll, netbaut.dll, netbcam.exe, netipx.dll, netutil.exe, odbckey.dll, olehost.dll, profwin.exe, regdb.dll, rtfftp.dll, sqlhost32.dll, statip.dll, svrwin.exe, tcpterm.dll, uniserver.dll, v32wsock.exe, vgalog.dll, xmlbot32.dll, xpcmd.dll in Windows\system32\
ctlstats.drv in Windows\system32\ddecom\
statfat.drv in Windows\system32\ipxip\
diskstats.drv in Windows\system32\modnetb\
docmfc.drv in Windows\system32\niccam\
diskmod.drv in Windows\system32\submon\
macreg.drv in Windows\system32\termme\
termlink.drv in Windows\system32\usbdel\
|
Remove the following directories
Windows\system32\ddecom
Windows\system32\ipxip
Windows\system32\modnetb
Windows\system32\niccam
Windows\system32\submon
Windows\system32\termme
|
Bookmark EBlaster 5.0 page
Visitor Comments on EBlaster 5.0 |
2005-09-16 00:36:29, Guest:
If you are using Salfeld's Child Control software, your spyware detector may alert you that you have EBlaster on your system. I think one of Salfeld's files is named "winsvr.exe."
2006-01-25 20:40:59, Guest:
Yes, and the same file is also labelled as svrwin.exe
|
Previous Spyware: Remove EBlaster 2.1
|
Next Spyware: Remove EBomb
|
|