1

We have a Windows XP spk3(I know I know winXP, please refrain, but it is necessary for one of our lab systems) system that has a service running called: crazy_shopperama_helper_service .exe

I googled it and nothing came up.

Trying to get rid of it…any ideas or suggestions on how to remove this?

I have already gone through the registry and have run virus tools and malware tools…it will not go away…Help!!

8 Spice ups
2

If you have scanned & cannot ID the infection, I’m with Hicks on this one:

cpl-hicks.jpg

Nuke it from orbit… its the only way to be sure.

Wipe it & reinstall… it going to take less time to do that than it will to research the infection, kill it & ensure the machine is clean enough for production.

4 Spice ups
3

have you used Malwarebytes, sounds like one of those ‘friendly’ search helpers

1 Spice up
4

Use Revo uninstaller to check for anything odd and remove it.

Search the file structure of C: for anything odd, specifically with that name.

Check for odd browser extensions.

Kill all services.

Search the registry for any portion of that name, delete all instances you find.

Search all of the above a second time to make sure.

Reboot.

Check to see if service runs.

1 Spice up
5

Try running Autoruns to see where it might be.

1 Spice up
6

Run task manager and kill the explorer.exe task.

Then use the run command in task manager to execute rkill (this kills known running malware processes, you will need to download it)

then run malwarebytes or whatever malware tools you use

*If that doesnt work try booting in safe mode and running tools there.

7

Sounds legit… any good deals on there?

8

Give credit where credit is due, Ripley said it first:

download__3_.jpg

1 Spice up
9

images__3_.jpg

(I really wanted to use this after i saw it…)

10

Merryworks has a great suggestion. Autoruns will show you where that process is located and will allow you to unhook it from explorer.exe.

11

Try adwcleaner ( http://www.bleepingcomputer.com/download/adwcleaner/ ), JRT ( http://www.bleepingcomputer.com/download/junkware-removal-tool/ ), CCleaner ( Speed up, optimize and clean your PC for free | CCleaner for PC ), Spybot 2 ( https://ninite.com/ ), and of course Malware Bytes. If you run all of these and it’s still not gone…NUKE IT.

12

Blow and go. If you wasted more than 30 minutes on it you are wasting your time. You can re-image the machine in less time and have the piece of mind that it is totally clean.

1 Spice up
13

if you are setup to image

if the image you have has the software needed

if the image does not have the software needed do you still have access to it?

1 Spice up
14

True… but this operation is under military jurisdiction and Hicks is next in chain of command.

1 Spice up
15

but Hicks just wants in Ripley’s pants…

16

I’m soooo going to be watching Aliens tonight… there goes my plan to be productive

273ce8c99f971a4414b0212a17ca59598b19beef767f025ff24a41d57023ea89.jpg

17

We (Wife and I) started playing (me playing, her watching) Alien:Isolation and had to go back and rewatch 1 and 2. both are favorites but their was a lot more depth now that we know the story of Prometheus and the initial storyline of the game.

18

Remove drive from computer and run a scan with another machine. However before running anymore scans be sure to have a full backup. Review spice works history as to when and what has been installed. Use sysjnternals process explore to get more information on the exe. Zip the exe and send to me.

19

Thank you everyone for all the helpful advise. I was able to track it down and get rid of it.

20

with what method?

1 Spice up