vicious spyware - HELP!

I have a program showing up in memory called keyplay.exe I sent Spybot S&D after it and it didn't find it. I sent spysweeper after it and it found it but can't remove it. spysweeper says that it is in a folder called "font" but it's not in that folder. When I run a start menu search on it, it doesn't find it. It shows up on processes in task manager using about 15,000-18,000K but you can't shut it down from there. Anyone have any other bright ideas?

Sometimes you have too much spyware gumming things up and it just can't be undone.

You can use Firefox instead and just uninstall MSIE. The spyware is written for microsoft products, so not using their products helps a great deal.

It seems to work pretty well, though it wouldn't get rid of spyware from something called "brilliant digital." I ended up having to reformat the hard drive to clean it out. Sheesh.

Anyhow, you might give ad aware a try. Good luck!

http://www.spectorsoft.com/products/eblaster_windows/help/v50/webhelp/activity_report_descriptions/application_summary.htm

Do you know who sent it to you?

on edit......forgot to tell you this.....

Stealth Technology
eBlaster does not show up as an icon, does not appear in the Windows system tray, does not appear in Windows Programs, does not show up in the Windows task list, cannot be uninstalled without the eBlaster password YOU specify, and eBlaster does not slow down the operation of the computer it is recording. eBlaster does not initiate connections to the Internet and will only forward email and send activity reports when the monitored computer is already connected to the Internet.

It is also illegal to install it unless you are an employer or family member. The install file can be named ANYTHING the installer wishes. It must be either an exe or zip file.

I assure you it was unintentional. If it's showing up in memory, it's draining resources right? It's not really doing anything bad except that and not allowing me to get rid of it. You seem to know what you are talking about. How am I going to specify a password to get rid of it? Thanks in advance.

the password or phrase and it will uninstall itself. It can be installed remotely, BTW with an exe or zip file - named anything the installer wants to name it - like "iloveu.exe" - you get my drift. Once you've clicked on that file, it will self install on your computer. If you can go back thru your emails and see who sent you that file, you can threaten them - unless it is a wife or husband. If it is your wife or husband, you have problems anyway.

I was having problems and did some research. I am/was a mainframe person - this was not my forte.

Run Ad Aware and then when it finishes fix what needs to be fixed then reboot, it will run again by itself and repair things that could not be removed before.

spybot S&D and ad aware find the exact same things. Maybe it was just coincidence. Do they find different stuff for you?

it does best on a reboot.

If you feel comfortable changing the registry, try looking for it in there.

only 1 link came up ... and it's Microsoft.

Keyplay.exe is a sample that inserts a buffer into the hardware key event stream for the purpose of increasing/pacing the key buffering in general. The calls can be used for filtering or injecting new keys.

http://support.microsoft.com/default.aspx?scid=%2Fsupport%2Fddk%2Fwinddk%2FSamples%2Fdefault.asp

appears to be a microsoft device driver.

Spysweeper can't delete it because it's running. I would reboot in safe mode, then run your spysweeper again.

I know it's not hard, I've seen people do it, but never done it myself.

or causing any harm?