Last updated 14/05/2005
Copyright © 1999 - 2004, Sandra Hardmeier, All Rights Reserved Worldwide

Spyware Home Page

 

WINSERVN caused an invalid page fault in module WININET.DLL

 

Installing by "PurityScan".  AdAware will detect this foistware.

 

I installed "PurityScan" for testing purposes and report the following:

 

Executables used by PurityScan

 

purityscan.exe

rs.exe

lsem.exe

winservn.exe

 

lsem.exe and winservn set to run automatically via the registry key:

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

 

lsem is listed as "Amac".  winservn.exe is listed as "ContentService".

 

lsem.exe can be found at ..\documents and settings\<username>\application data\lmserv.exe

winservn.exe can be found at ..\windows\system32\winservn.exe

 

sear1 continued to connect to the internet even after purityscan was shut down.

 

Uninstalling PurityScan removed winservn.exe but did not remove lsem.exe

 

Manual removal instructions:

 

Uninstall PurityScan (there is a download link for an uninstaller in the PurityScan scan window).

 

Use Task Manager (ctrl, alt, del) to shut down lsem.exe

 

Delete lsem.exe

 

Delete the reference to lsem.exe (Amac) at the registry key:

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

 

Delete the following registry key entries:

 

HKEY_CURRENT_USER\Software\PurityScan

HKEY_LOCAL_MACHINE\Software\Microsoft\Shared\Clickflag

 

You should check for further spyware/hijackware/foistware. Go to IE tools, internet options, general tab. Click on the cache settings button and then 'view objects'. Delete anything you don't recognise. If you are unsure, or no objects appear, for diagnosis purposes I REALLY like BHODemon, available at http://www.definitivesolutions.com/bhodemon.htm   It does not need installing - simply unzip and run the EXE programme. It is very easy to use.

I find this programme is a better option than IE6's ability to turn off "Enable third-party browser extensions (requires restart)". This disables *all* plug-ins and makes troubleshooting very difficult.

Many people like AdAware, available at www.lavasoft.de . Make sure you keep the signature files up to date and remember, AdAware may only remove the
current installation of spyware; it may not do anything about software that reinstalls itself, so unless you want to get stuck in an endless loop of hijack/cleanout/hijack/cleanout make sure you get rid of whatever is installing the junk. See my Troubleshooting advice for information about how to track down and get rid of spyware completely.

An excellent replacement for AdAware is Spybot. Again, it is a free programme which can be downloaded from:
http://spybot.eon.net.au/