Hidden Spyware Removal

Just a quick note to say that during a recent incident I found spyware that seemed to repeatedly re-infect a Windows XPSP2 system with all the latest, greatest antivirus and antispyware utilities. It would reappear a few seconds after I had removed it with the Spybot S&D utility. I ran Mark’s RootkitRevealer and it reported that the Firefox cache had numerous hidden items in its cache as well discrepancies in the cookie.txt file itself. That was all I needed to realize that clearing the Firefox cache would prevent the re-infection, but it raises the issue of how the browser cache/cookies are set to reinfect a system with malware, yet the anti-spyware doesn’t pick them up in the scan(s). My objective was to get the system to a stable/clean state, but if I have more time and see another case I will dissect the code and see if I can get the spyware utilities to clean more thoroughly.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.