Thursday, January 13
Removing binnet.exe spyware
Had to get rid of some nasty spyware yesterday.
The program BINNET.EXE was causing the CPU load to go to 100% shortly after user started Internet Explorer.
Found a reference to BINNET.EXE in the Run key of the registry, *BINNET.EXE in C:\WINDOWS\MICROSOFT.NET
However, checking this directory, it appeared to be empty. Searching for the file on the PC also yielded no files. Then I had an idea, I went into the View settings and unchecked the box to “Hide System Files”. All of the sudden, binnet.exe and four tennib files were visible in that directory. I could also find references to the tennib files in the registry.
Deleting the registry keys was fruitless, they just regen a second later.
Could not delete the files because they were system files.
Tried using pskill.exe to kill the binnet.exe process, but it would just come back with a new process id number.
Finally, I used a Windows XP OEM Preinstallation Kit CD ROM to boot to the Windows XP Preinstallation environment. This puts you at a D: prompt in a DOS window.
From there I went to the C:\WINDOWS\MICROSOFT.NET directory. Run the command, “attrib –h –s *.*”, this will make the files visible. Then delete all the tenet and tennib files.
Reboot the system and you can clear the entries from the registry now.
If I find the person that wrote this hunk of crap, I will kill them and hide the body.
The program BINNET.EXE was causing the CPU load to go to 100% shortly after user started Internet Explorer.
Found a reference to BINNET.EXE in the Run key of the registry, *BINNET.EXE in C:\WINDOWS\MICROSOFT.NET
However, checking this directory, it appeared to be empty. Searching for the file on the PC also yielded no files. Then I had an idea, I went into the View settings and unchecked the box to “Hide System Files”. All of the sudden, binnet.exe and four tennib files were visible in that directory. I could also find references to the tennib files in the registry.
Deleting the registry keys was fruitless, they just regen a second later.
Could not delete the files because they were system files.
Tried using pskill.exe to kill the binnet.exe process, but it would just come back with a new process id number.
Finally, I used a Windows XP OEM Preinstallation Kit CD ROM to boot to the Windows XP Preinstallation environment. This puts you at a D: prompt in a DOS window.
From there I went to the C:\WINDOWS\MICROSOFT.NET directory. Run the command, “attrib –h –s *.*”, this will make the files visible. Then delete all the tenet and tennib files.
Reboot the system and you can clear the entries from the registry now.
If I find the person that wrote this hunk of crap, I will kill them and hide the body.
Number of people who will never get their time back from reading this page:
