Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Seekmo_kyf.dat


  • Please log in to reply
8 replies to this topic

#1 eromusofwom

eromusofwom

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 16 July 2006 - 06:12 PM

I often run spyware doctor as a spywar detection utility on my computer....and I have done so with fantastic results.

While I was watching it scan my c:\program files , I noticed it scanning files within the folder, such as seekmo_kyf.dat This file...if you search for it via windows search...will come up with nothing. Nor will enabling hidden files show anything of the sort.

After googling the file name, I get very little data on the file...save for this:

http://www.spywaredata.com/spyware/malware...kmo_kyf.dat.php

It appears to be some form of spyware...located in %PROGRAM_FILES%. Is this a registry location? There seems to be multiple files located here, that SD scans, but I'm unable to manually inspect them.

Thus I have two questions:

1. What is this file...and if it is spyware...why isn't it being detected?

2. Why are there files in my program files folder that are completely invisible to me and yet spyware doctor is finding them an scanning them?

Such file properties...particularly those in the program files...make me highly suspicious.

Please any information or light you can shed on this would be most appreciated. Btw I recently posted a hijack this log and it was certified clean. In addition to spyware doctor, I run windows Onecare incorporated firewall and antivirus.

Thanks

Ero

Edited by eromusofwom, 16 July 2006 - 06:26 PM.


BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:15 PM

Posted 17 July 2006 - 01:44 PM

Was you having this problem when you submitted your Hjt log? or has this arisen since?
i only ask because i can't see any reference to this problem in your log speech.
I've found this....

180Solutions.SEEKMO is an adware from 180Solutions that is installed as a Search Assistant. This Adware keep tracks on user browsing activities and disply ads according to that.

Is there no folder by this name ( or 180 solutions) in your Program files?

Edited by Starbuck, 17 July 2006 - 01:52 PM.

BBPP6nz.png


#3 eromusofwom

eromusofwom
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 17 July 2006 - 07:54 PM

There is not a folder visible anywhere on my computer that contains this file...and yet SD finds it and scans it each time.

I know my computer quite well...can't find anything manually...but SD is able to scan and find rootkits and other hidden files.

There was nothing in my HJT log to indicate this as a problematic file...yet information was found online regarding it.

Perhaps it was a remanent of a malicious file?

Edited by eromusofwom, 17 July 2006 - 07:56 PM.


#4 eromusofwom

eromusofwom
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 20 July 2006 - 10:30 AM

I would really like to know how to delete this file and other such files which appear to be made purposely inaccessible within the program files directory.

Could you give me directions for this?

#5 eromusofwom

eromusofwom
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 24 July 2006 - 12:17 PM

I understand you guys are busy...and I will wait patiently.

I hope that eventually someone will address my question?

Thanks

Ero:)

#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:15 PM

Posted 24 July 2006 - 05:48 PM

I found this topic that may help you.....Remove Seekmo_kyf_dat
But first i would try using Ewido Anti-Spyware V4 (unless you have already tried it)
Please download Ewido anti-spyware 4; it is a 30 day trial version of the program.
  • Install ewido security suite
  • Ewido will automatically run at the end.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the top row of the main screen click update.
    • Then click on "Start Update".
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the top will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Don't run it yet.

Reboot into SAFE MODE
By pressing the F8 key right when Windows starts, usually right after you hear your computer
beep when you reboot it (some versions of windows will display 'Starting Windows' with a grey progress bar)
you will be brought to a menu where you can choose to boot into safe mode.

Open Ewido anti-malware
Click on the scanner button in the top row.
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom left of the screen and click the "Save Scan Report" button.
  • Click on "Save Report As".
  • Save the report to your desktop
Close Ewido

Please reboot back to normal mode

Let us know how you get on.

BBPP6nz.png


#7 eromusofwom

eromusofwom
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 28 July 2006 - 12:12 PM

Again nothing is detected...nor do I have reason to believe my computer is "infected" at this point. Rather there is a file where it shouldn't be.

I would just like to know why this file exists in this location...clearly a reminant of spyware once removed or something else...and yet I cannot access it nor can I delete it.

I would like to know whether such a program exists to view this file and other files with such hidden attributes that make removal difficult.

Thanks again for your help.

I have spyware doctor 4.0 running at all times...and I have not detected anything with this program nor any others.

Nor did my hijack this log provide any useful information.

#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:15 PM

Posted 28 July 2006 - 12:38 PM

Hi eromusofwom

I would like to know whether such a program exists to view this file and other files with such hidden attributes that make removal difficult.

Sorry.... i have no idea on this. Maybe someone else could shed some light on it for you.

I have spyware doctor 4.0 running at all times...and I have not detected anything with this program nor any others.
Nor did my hijack this log provide any useful information.


I think we could say then, that this is probably just a stray file that didn't get deleted and shouldn't cause any problem.

BBPP6nz.png


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:15 AM

Posted 29 July 2006 - 05:47 AM

Have you tried performing any online virus scans? 180Solutions.Seekmo and related files are in etrust's database so its web scanner should detect them if on your computer.

[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.]
eTrust Antivirus Web Scanner. Be sure to read the eTrust Antivirus Scanner Help Guide before scanning.

When done I would also recommend performing a Trend Micro Housecall Scan.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users