Welcome to SecurityForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

spoolsvr.exe / fl32.exe / loadadv.exe / Tibs -- all connec..

  
   Security Forums (Home) -> General Discussions RSS
Next:  User account deleted and administrator account wi..  
Author Message
Scanner

External


Since: Jul 23, 2006
Posts: 1



(Msg. 1) Posted: Sun Jul 23, 2006 3:55 am
Post subject: spoolsvr.exe / fl32.exe / loadadv.exe / Tibs -- all connected.
Archived from groups: alt>comp>virus (more info?)
spoolsvr.exe / fl32.exe / loadadv.exe / Tibs -- all connected.

- Location: windows\spoolsvr.exe
- Registry Key :
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\prntspman\ > ImagePath
c:\windows\spoolsvr.exe

- AT bootup spoolsvr.exe will recreate C:\fl32.exe
&
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet
Files\Content.IE5 > in one of the folder loadadv77(1).exe or other number .

Note: Local Service folder is hidden, you have to enter this path in the
address box and press enter.


Anti-Virus and Spyware Killers might fail to detect and remove them.

Remove them this way:

SOLUTION : Delete the whole registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\prntspman\
If you want to be safe then save this key first using export from Registry.

Reboot and delete spoolsvr.exe, fl32.exe and loadadv.exe from the respective
directories

 >> Stay informed about: spoolsvr.exe / fl32.exe / loadadv.exe / Tibs -- all connec.. 
Back to top
Login to vote
David H. Lipman

External


Since: Jul 04, 2003
Posts: 1735



(Msg. 2) Posted: Sun Jul 23, 2006 12:55 pm
Post subject: Re: spoolsvr.exe / fl32.exe / loadadv.exe / Tibs -- all connected. [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
From: "Scanner" <xx.RemoveThis@xx.com>

| spoolsvr.exe / fl32.exe / loadadv.exe / Tibs -- all connected.
|
| - Location: windows\spoolsvr.exe
| - Registry Key :
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\prntspman\ > ImagePath
| c:\windows\spoolsvr.exe
|
| - AT bootup spoolsvr.exe will recreate C:\fl32.exe
| &
| - C:\Documents and Settings\LocalService\Local Settings\Temporary Internet
| Files\Content.IE5 > in one of the folder loadadv77(1).exe or other number .
|
| Note: Local Service folder is hidden, you have to enter this path in the
| address box and press enter.
|
| Anti-Virus and Spyware Killers might fail to detect and remove them.
|
| Remove them this way:
|
| SOLUTION : Delete the whole registry key
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\prntspman\
| If you want to be safe then save this key first using export from Registry.
|
| Reboot and delete spoolsvr.exe, fl32.exe and loadadv.exe from the respective
| directories
|

I hope you took the time to at least submit the files to Virus Total to discern who
recognizes this Trojan. All submissions sent to Virus Total are provided to participating
AV vendors.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

 >> Stay informed about: spoolsvr.exe / fl32.exe / loadadv.exe / Tibs -- all connec.. 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
What is W32/Tibs.UT ? - My F-prot virus program identifys C:\WINDOWS\SYSTEM32\WINDEV-40C0-F1F.SYS as a virus W32/Tibs.UT and yet I cannot find any information on it on the web. Can anyone identify it and give any ideas on how to remove. When I go look for the file..

Tibs autodialer broke my modem - I had a virus, tibs3 autodialer. It adds a new modem connection to your machine and dials up to remote destinations, causing you to have a huge phone bill. I removed the virus, but now I cannot dial-up via my modem. The modem detects no dial tone. I..

Viking/Looked/TIBS-AKO worm annoy - Somehow I managed to get a worm on my network called Viking/Looked/TIB- AKO, and all the machines except one had AVG installed and still they got them. I am trying Avast Home Ediition but it's trying to get rid of every EXE cause it infected every EXE on...

Netspy trogan - Hi all, new here and I think I got a problem? My Norton firewall reports a trogan and here is the information: Netspy Trogan Horse program: windows.exe protocol: TCP inbound remote address 127.0.0.1:3012 Local address: all local adapters:1024 I don't....

about virus - Hello, Help me please. When I browse internet, I often get virus warning messages: Virus name: W32/Deloder.worm Infected file: C:\WINNT\system32\Dvldr32.exe and Virus name: BackDoor-ARG.dr Infected file: C:\WINNT\system32\inst.exe Neither files can be....
   Security Forums (Home) -> General Discussions All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]