Seekeen
Malware - Rogues
seekeen.com seems to be kind of search engine, and it offers a software called Seekeen desktop search. But the credentials of the site are doubtful. Although the site mentions that you can uninstall their progam through the add/remove applet. Instances of seekeen.dll and seekeen.exe are found on infected computers.  It is described as a potentially unwanted adware program designed to deliver various advertisements to the infected computers. There are several different filenames listed on this page. [All the tools/ software mentioned in this article are fully functional freeware] You are welcome to add at the end of this article if you have any questions/ suggestions etc
Check your security and your browsing habits: Insecure browsing habits will bring you more trouble than you expect, specially in the days to come. Click here to read more... 
Trojan Removers:  As you know, that this malware could be installed by a Trojan, therefore you will also need to remove that Trojan as well. Try these free tools. Click here to read more...  
Preparation: Search for and keep the windows operating system disk ready, if you got one with your computer. Or check if there is a Restore Partition on your hard disk, in that case you won't require an extra disk. It is advisable to have a functioning antivirus application on your computer. You will also need to install CCleaner, and a Firewall application, you can choose one of the firewall applications listed at the end of this article.
Turn off - system restore : The malicious files are saved in the system restore backup. You need to turn system restore off to remove them. You can turn it ON after cleaning the computer. Click here to read more...

If you are unable to open Task Manager
Sometimes you are not able to open the task manager, the run command etc. The virus does this. There are free tools to solve this problem.  They are listed here. See which is helpful for you. Click here to read more...


   Remove Processes from Task Manager
Press Ctrl Shift Esc to open Task Manager. See in the list of the processes for a processes named seekeen.exe , seekeen140.exe, select if found and press the End Process button. It will prompt you , say yes, and then close the Task Manager. Although the file names may differ. There may be more processes belonging to this malware. If you use a freeware tool called "Zenturi program checker"  You may be able to see the path of a process in the task manager, and from the list of malware files given in this article you may be able to locate the malware processes from windows genuine processes .		 
 Removing a Program from windows startup: The system configuration utility can be started in xp and in vista by typing msconfig in the run box. The run box can be opened in xp by clicking on Start > run
The best part of windows startup is that the setting is reversible, therefore you can check / uncheck any entry from windows startup any number of times. So do not hesitate to uncheck anything that you find doubtful. You can always check it back if you later come to know that it is something useful. 

After the system configuration utility window is open, Click on the Startup tab, that will list all the programs that are scheduled to start when you turn your computer On. Expand the middle column using your mouse pointer so that you can see the path of the program on the hard disk, that will give you a clear idea, what program that is. Locate and uncheck the entries if  found
"seekeen.exe"
C:\Documents and Settings\All Users\Application Data\Seekeen\seekeen140.exe (look for any suspicious name) Uncheck the boxes in front of these entries. Also look at other entries, if you find an entry  of any of the malware files listed in this article, uncheck that too. This step is very important. The further cleaning depends on cleaning this list. Press Apply , Press Close/Ok , at the next prompt select "Restart the computer". 

Terminating a Service select Services tab in the System Configuration window, check the box of "Hide all microsoft services",
Uncheck the box of "Seeken service" if found,  Press Apply, press ok, Exit without restarting

 
Searching andd Deleting the Folders / files on the hard disk  After restarting the computer, use the windows search utility to search for "Seekeen". This search will find all its folders on the hard disk , delete the folders from the hard disk. You may find the folder in more than one location. Delete its all instances.There are some more files other than this directory. You may need to enable to view hidden files and folders if you can not see the folders listed below. In XP, Control panel > Folder options > View . Locate "Hidden Files and Folders", select "View hidden files and folders" , press Apply, press ok.

It creates a folders with the name seekeen in one or more places. Delete if found.
C:\Documents and Settings\All Users\Application Data\Seekeen
You may find its files in the location below
C:\Documents and Settings\[UserName]\seekeen.dll
C:\Documents and Settings\[UserName]\seekeen.exe
 

Manually removing malware entries from  Registry  You can edit the registry by using the windows built in registry editor. Click here to read more...

    

These registry keys may be found on an infected computer. Delete them if found. If you delete the keys, then the values are also removed, so the first para lists the registry keys, and second para lists the values assigned to those keys. In case of removal, you can limit yourself to the first para, no need to get bogged down looking at so many registry entries. 

  • The following Registry Keys were created:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Seekeen
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SEEKEEN_SERVICE
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SEEKEEN_SERVICE\0000
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SEEKEEN_SERVICE\0000\Control
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Seekeen Service
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Seekeen Service\Security
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Seekeen Service\Enum
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SEEKEEN_SERVICE
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SEEKEEN_SERVICE\0000
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SEEKEEN_SERVICE\0000\Control
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Seekeen Service
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Seekeen Service\Security
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Seekeen Service\Enum
  • The newly created Registry Values are:
    • [HKEY_LOCAL_MACHINE\SOFTWARE\Seekeen]
      • Primary = 0x00002A00
      • DllPath = "seekeen.dll"
      • Version = 0x00010028
      • Cid = "5064ea8074c9466c8c9e650c78a922e5"
      • Partner = "SEEKEEN140"
      • src="/welcome/rundll32"
      • Initial = 0x00000001
      • ShowToolbarButton = 0x00000000
      • ShowBarSign = 0x00000000
    • [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SEEKEEN_SERVICE\0000\Control]
      • *NewlyCreated* = 0x00000000
    • [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SEEKEEN_SERVICE\0000]
      • Service = "Seekeen Service"
      • Legacy = 0x00000001
      • ConfigFlags = 0x00000000
      • Class = "LegacyDriver"
      • ClassGUID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
      • DeviceDesc = "Seekeen Service"
    • [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SEEKEEN_SERVICE]
      • NextInstance = 0x00000001
    • [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Seekeen Service\Enum]
      • 0 = "Root\LEGACY_SEEKEEN_SERVICE\0000"
      • Count = 0x00000001
      • NextInstance = 0x00000001
    • [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Seekeen Service\Security]
      • Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0
    • [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Seekeen Service]
      • Type = 0x00000010
      • Start = 0x00000002
      • ErrorControl = 0x00000000
      • ImagePath = ""%CommonAppData%\Seekeen\seekeen140.exe" "seekeen.dll" Service"
      • DisplayName = "Seekeen Service"
      • ObjectName = "LocalSystem"
      • Description = "Update and control for Seekeen"
    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SEEKEEN_SERVICE\0000\Control]
      • *NewlyCreated* = 0x00000000
    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SEEKEEN_SERVICE\0000]
      • Service = "Seekeen Service"
      • Legacy = 0x00000001
      • ConfigFlags = 0x00000000
      • Class = "LegacyDriver"
      • ClassGUID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
      • DeviceDesc = "Seekeen Service"
    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SEEKEEN_SERVICE]
      • NextInstance = 0x00000001
    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Seekeen Service\Enum]
      • 0 = "Root\LEGACY_SEEKEEN_SERVICE\0000"
      • Count = 0x00000001
      • NextInstance = 0x00000001
    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Seekeen Service\Security]
      • Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0
    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Seekeen Service]
      • Type = 0x00000010
      • Start = 0x00000002
      • ErrorControl = 0x00000000
      • ImagePath = ""%CommonAppData%\Seekeen\seekeen140.exe" "seekeen.dll" Service"
      • DisplayName = "Seekeen Service"
      • ObjectName = "LocalSystem"
      • Description = "Update and control for Seekeen"

 


Using CCleaner:  CCleaner is a freeware temp files and registry cleaner. We need to use this type of software because almost all the infection that occur through internet, come through the temp files, and unfortunately windows does not remove temp files automatically.

Run the Cleaner and the registry menus in CCleaner. Click here to read more...
 

Using Antivirus Application: Follow this step, if even after applying all the above steps, the virus still shows its presence in the computer. Your best helper is the antivirus program on your computer. Keep it always updated. Click here to read more...

 

Using the system file checker (optional)

Follow this step if you notice trouble in the normal functioning of windows. This utility will check and replace the damaged/ altered or missing system files. It is a necessary step. Click here to read more...

If you are unable to access one or more sites during the repair process

- if possible use another computer to download the software needed for repairing your computer, and then copy and transfer it to the infected computer using any available means like a pen drive.
- if you are using only internet explorer, and if it is blocked from visiting some of the security related sites, try to download/ install Firefox browser, and see if you can use it for the same purpose. 

Block the following connections / sites

The Malware tries to connect to  following sites . Block them if you find them in your firewall. (nt.ldreptavxp.com , int.avcntxp.com )

(Reference with permission from ThreatExpert)
Comments
Add New Search
sanjay   |115.109.12.xxx |2009-01-23 03:20:01
this is a comment
Reply
Write comment
Name:
Email:
 
Title:
 

3.26 Copyright (C) 2008 Compojoom.com / Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."

< Prev   Next >
 
Privacy Policy