Thursday, January 13

Removing binnet.exe spyware

Had to get rid of some nasty spyware yesterday.

The program BINNET.EXE was causing the CPU load to go to 100% shortly after user started Internet Explorer.

Found a reference to BINNET.EXE in the Run key of the registry, *BINNET.EXE in C:\WINDOWS\MICROSOFT.NET
However, checking this directory, it appeared to be empty. Searching for the file on the PC also yielded no files. Then I had an idea, I went into the View settings and unchecked the box to “Hide System Files”. All of the sudden, binnet.exe and four tennib files were visible in that directory. I could also find references to the tennib files in the registry.

Deleting the registry keys was fruitless, they just regen a second later.

Could not delete the files because they were system files.

Tried using pskill.exe to kill the binnet.exe process, but it would just come back with a new process id number.

Finally, I used a Windows XP OEM Preinstallation Kit CD ROM to boot to the Windows XP Preinstallation environment. This puts you at a D: prompt in a DOS window.

From there I went to the C:\WINDOWS\MICROSOFT.NET directory. Run the command, “attrib –h –s *.*”, this will make the files visible. Then delete all the tenet and tennib files.

Reboot the system and you can clear the entries from the registry now.

If I find the person that wrote this hunk of crap, I will kill them and hide the body.

Comments: Post a Comment

<< Home

Number of people who will never get their time back from reading this page:
Counters