MoonPoint Support Logo


Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals

Advanced Search
Sun Mon Tue Wed Thu Fri Sat
  4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30        
Jul Aug Sep
Oct Nov Dec

Sun, Dec 03, 2006 10:12 pm


I ran a scan of a system, G, with BazookaTM Adware and Spyware Scanner v1.13.03. It found Exploit on the system.

The uninstall procedure on the Kephyr webage suggested using "Add or Remove Programs" in the Windows® Control Panel to remove the malware. I looked for "SpySheriff" and "WeirdOnTheWeb" entries as suggested, but found none.

The Kephyr site indicates that the presence of any of the files or directories listed below may indicate a system is infected with this malware.


%WinDir% is a variable. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\WINNT (Windows NT/2000).

%SystemDir% is a variable. By default, this is C:\Windows\System (Windows 95/98/Me), C:\WINNT\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

%ProgramsDir% is a variable. By default, this is C:\Program Files.

The file svchost.exe is part of the list, but is also a file normally found on Windows systems. On Windows NT and later systems, though, it is found in %WinDir%\system32, rather than in %WinDir%. The Kephyr webpage indicates its presence in the %WinDir% directory indicates the presence of this malware.

I created a batch file, searchterror-files.bat to search for any intances of the above files or directories on the system. The script did not find either of the two directories associated with the malware %WinDir%\cdmweb\ nor %ProgramsDir\%WeirdOnTheWeb\. The only file from the list which it found was C:\temp.txt, which had a creation timestamp of Thursday, December 23, 2004, 4:21:31 PM. When I renamed that file, Bazooka no longer reported the presence of Exploit on the system. Since it didn't find any registry entries associated with the malware, I believe the report was a false positive.


  1. Exploit

[/security/spyware/searchterror] permanent link

Once You Know, You Newegg AliExpress by

Shop Amazon Local - Subscribe to Deals in Your Neighborhood

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo