NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove ClientMan. Description and removal instructions

 
Title: ClientMan
Type: Browser Plugins
Severity scale:ClientMan severity is 30  (30 / 100)
 
Clientman Makes all targeted words in all web pages links with a yellow background, pointing to ClientMan's server odysseusmarketing.com. This may redirect to a search results site such as 1stblaze.com or epilot.com.
According to wired news:
ClientMan 'appears to be able to change settings on older versions of the popular free ZoneAlarm firewall program without user consent. When ClientMan tries to connect to the Internet, ZoneAlarm flashes a warning and asks the user to confirm whether the program should be allowed to connect or not. Instead of waiting for user approval, ClientMan clicks the Yes button and checks the Always checkbox. Now ClientMan has permission to access the network whenever it chooses.'

FORUM:
Discuss ClientMan in
spyware removal forum

ClientMan properties:
• Changes browser settings
• Shows commercial adverts
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Automatic ClientMan removal:

remover for ClientMan

ClientMan manual removal:

Kill processes:
msccof.exe, msckin.exe, msdm.exe, msgdmf.exe, msmc.exe, msmm.exe, msvc32.exe, svc.exe, uinfo4-decoded.exe, uinfo5.exe, uinfo7-decoded.exe, uinfo7.exe, unpacked-svc.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_CLASSES_ROOT\clsid\{00a0a40c-f432-4c59-ba11-b25d142c7ab7}
HKEY_CLASSES_ROOT\clsid\{166348f1-2c41-4c9f-86bb-eb2b8ade030c}
HKEY_CLASSES_ROOT\clsid\{25f7fa20-3fc3-11d7-b487-00d05990014c}
HKEY_CLASSES_ROOT\clsid\{96be1d9a-9e54-4344-a27a-37c088d64fb4}
HKEY_CLASSES_ROOT\clsid\{a097840a-61f8-4b89-8693-f68f641cc838}
HKEY_CLASSES_ROOT\clsid\{cc916b4b-be44-4026-a19d-8c74bbd23361}
HKEY_CLASSES_ROOT\clsid\{f76fda04-87fa-4717-91f6-4bb5be9fd2bb}
HKEY_CLASSES_ROOT\clsid\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb}
HKEY_CURRENT_USER\software\climan
HKEY_CURRENT_USER\software\ipend
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runclientman1
HKEY_LOCAL_MACHINE\bjects\{00a0a40c-f432-4c59-ba11-b25d142c7ab7}
HKEY_LOCAL_MACHINE\bjects\{166348f1-2c41-4c9f-86bb-eb2b8ade030c}
HKEY_LOCAL_MACHINE\bjects\{25f7fa20-3fc3-11d7-b487-00d05990014c}
HKEY_LOCAL_MACHINE\bjects\{96be1d9a-9e54-4344-a27a-37c088d64fb4}
HKEY_LOCAL_MACHINE\bjects\{a097840a-61f8-4b89-8693-f68f641cc838}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runclientman
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runclientman1
HELP:
how to remove registry entries

Delete files:
ause3-decoded.exe, browserhelper-decoded.dll, browserhelper.dll, browserhelpere90a5c6.dll, msccof.exe, msckin.exe, msdm.exe, msdpdm.dll, msgdmf.exe, mskceo.dll, msmc.exe, msmm.exe, msvc32.exe, searchrep6706569a.dll, svc.exe, taggerbhoe884facd.dll, trackurl5f9d991e.dll, trackurl7f663945-decoded.dll, trackurl7f663945.dll, uinfo4-decoded.exe, uinfo5.exe, uinfo7-decoded.exe, unpacked-browserhelper.dll, unpacked-svc.exe
HELP:
how to remove harmful files

Other programs to remove ClientMan:

• SUPERAntiSpyware - Review - Download
• CounterSpy - Review - Download
• Windows Defender - Review - Download

Information added: 19/03/04
Information updated: 06/04/05

Additional resources related to ClientMan:

Attention: If you know or you have a website or page about ClientMan removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about ClientMan parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:


Comments from visitors:

1. re: comment about ClientMan by Michelle. 2005-04-06 20:04:29
I am computer illiterate. Can someone please give me step by step instruction on how to get rid of clientman?

2. by Mark. 2005-01-09 16:01:45
I would not recomend the uninstall from odysseusmarketing.com. I stupidly tryed it and not only did it not remove clientman, but installed something even worse. My computer startup took several minutes before even starting windows. Something infected the BIOS. I finally was able to remove clientman with a combination of manual file and registry deletions as given on this page and running 2 anti-virus and 2 different anti-spyware . I'd also recommend searching the entire drive for msmc.exe and manually deleting all instances before running your anti-virus and anti-spyware software

3. Suceeded! Hooray! by Guest. 2004-10-25 07:10:19
My PC (an me) was suffering from ClientMan (msvc32.exe). I couldn't remove it with usual programs, it even closed down hijackthis and my AVGuard, the regedit and my msconfig! "Giant AntiSpyware" was able to remove it and I could erase all entries in safe mode then - no more msvc32.exe!

4. eTrust antirus by Guest. 2004-10-22 11:10:46
The latest signature on CA's eTrust antivirus deletes or renames MSGKED and MSMC

5. bar86 by Guest. 2004-10-10 00:10:48
I've noticed that my disk led flashes every second when the pc is idle. I suspect that this shit loads itself to the ram once a second, deletes the file and than waits a second, writes down and so on. This way the chance to list the file is very low.
In safe mode this does not happen therefor removing the msgked is possible.

6. Doremar by Guest. 2004-09-24 17:09:30
As a computer repair tech, I find myself removing spyware/adware quite frequently. I've been wrestling this one since last night. There's something I thought I'd add to this discussion.

Having tried all of my usual tricks (Spybot, Hijack-This, deleting temp files, etc.) and most of the manual removal advice I'd found on the internet, and being unable to find pretty much any of the files referred to in those articles, I then found the "official" uninstall "program" through this Microsoft knowledge-base article http://support.microsoft.com/?kbid=829785

Here's where it gets fun. Supposedly you go onto this web-site and download uninstall.exe, run it, and off you go. I am unable to browse that web-site (www.odysseusmarketing.com says page cannot be displayed) from the infected computer! I can see it fine through other computers on the same network (same firewall), and the infected computer has no trouble browsing other websites.

So, clever me, I downloaded the .exe from a computer that can browse that domain. Stuck it on a disk, transferred and executed it. Not only does it come back with an error indicating to run the file while browsing the odysseusmarketing webpage, it also goes ahead and DELETES the uninstall file for you! My, aren't they helpful?!

Sure wouldn't mind hearing some other ways people have successfully removed this quaint little piece of crapware.

Thanks in advance! =)

7. by arrgh. 2004-06-17 15:06:23
has anyone tried the 'official' odysseus uninstall? did it work? I'm suspicious...

8. by crankeye. 2004-06-13 02:06:29
heres the official unistall: http://www.odysseusmarketing.com/uninstall/ or try http://www.odysseusmarketing.com/uninstall/download.php

9. by Jackie. 2004-06-12 15:06:01
Thanks for the link to the removal software. It doesn't work!!!!! I guess it will take me a week to get rid of this spyware too!

10. by Craig. 2004-06-11 22:06:01
I am on windows XP home.
Spy sweeper got rid of all my spyware except all of clientman. It removed 1 version of clientman but left part of another version called clientman.bho2.
That pesky msgked.exe was still there even though the clientman wasn't actuall running.
It kept loading at restart and reinstalling client man.
It was impossible to delete msgked.exe and even removing the run command from the registry did not work because it rewrote the registry itself within 30 seconds. Even if you disable it in startup of msconfig, after rebooting it resets itself to run msgked again and clientman is back in business.
I finally got rid of it by running spy sweeper which got rid of most of it automatically. Then I deleted msmc.exe. After that I went into the registry an did a search for msgked.exe. I found 2 instances one in the run folder which I deleted. The other instance was in a folder called msmc with several keys, I deleted the whole folder. Then I searched again for msgked.exe. I found it had not reappeared yet. After a few seconds it appeared again. I then deleted the key quickly and pulled the plug on my computer. After I rebooted it was gone.
This after a 2 day battle.

11. by FrostyFlakes. 2004-06-01 07:06:04
The best way to remove spyware that keeps re-initializing itself in memory and "putting back" those files you deleted is to start your Windows in SAFE MODE. Reboot, when it boots up, keep hitting the F8 key to get to a menu that asks a whole bunch of things. Select SAFE MODE and then remove all the spyware here (you can select networking components too, but go normal SAFE MODE to avoid loading any potential spyware).

12. by Agetec. 2004-05-31 06:05:58
Check out this topic, it really helped me get rid of it. http://www.security-forums.com/forum/viewtopic.php?t=14361

13. by Dave. 2004-05-31 04:05:36
I think I've managed to get rid of this one. For those who aren't techies, the simplest way I've found to delete that pesky msgked.exe was to restart in Safe mode, and it didn't seem to be able to respawn ... so far. I first downloaded a spyware program (I used SpyHunter but there are loads) to get the registry files and other bits and pieces that need to be deleted. But it's the respawning msgked.exe that's the main culprit I think.

14. by osmodian. 2004-05-29 19:05:53
i got rid of the msmc.exe type by simply deleting the msmc.exe file and clearing my startup programs in msconfig, it hasnt come back yet

15. by pecham. 2004-05-25 12:05:17
to remove msgked.exe you need to delete
system32msdjgk.dll
system32 msgked.exe
in current_user.......run deleted the key where is calling the file msgked.exe
This file doesn't permit you to close the windows, when you delete it you are going to be able to close the ie windows

16. by D.W.. 2004-05-25 09:05:08
I have successfully removed this and others like it recently. A few tips: use System Information to identify the loaded .dll's such as msgked.dll and you will find that the modified date is very recent. Reboot into safe mode, open the system folder and arranged icons by date. This will put all recently installed files together. This one had 10 copies with slightly varied names. Careful, a few real system files have similar names but the date and company give the malware away. Also, ending task on the executables causes them to recopy themselves and respawn. After removing the files and registry entries as much as possible, pull the power plug so they don't have a shutdown command which gives them time to replicate.

17. by Jase. 2004-05-24 06:05:00
Highly annoying piece of scumware this is. I've tried everything and cannot remove this msgked.exe file - it just keeps coming right back at ya. I've used all the obvious tools, disabled most services, removed all the reg entries and files listed above that i could find - but within seconds that file is back again. All BHOs disabled with BHODemon.

How can this file keep coming back when my process list is clean? How the hell does it do it?

I would be overjoyed to hear from someone who has fixed this sucker ... please post solution here, or send email to jasejennings@blueyonder.co.uk.

Thanks

18. by Simranjit Singh. 2004-05-22 01:05:44
msmc.exe, the osama bin laden of spyware world.
Use auto removal utility.

19. by gravity. 2004-05-21 13:05:56
I have found Clientman 2in1 on my computer, and have tried to get rid of it for 2 days. Spybot Search and Destroy doesn't do it. Nor does Hijack This, or Trojan Remover, or CWShredder, or any other program I've found. I've tried manually deleting it through the registry and THAT doesn't work. Every time I delete a file called msgked.exe, it comes back, as does another file, msmc.exe. It puts itself back on my computer in less than 30 seconds. The programs aren't running, and I've unregistered the .dll files that I think came with them, but I still want to get get it off my computer. Any suggestions would be gladly put to use.

20. by bri. 2004-05-20 12:05:40
This is the most difficult spyware program I've ever had to remove....As a network administrator, I'm very cautious about spyware, viruses, and such and never had this much difficulty removing something like this before. There seem to be about 10 versions of it out there which complicate things much more. Be sure you delete the 'Browser Helper Objects' or else IE will continue to redirect even after you've cleaned the PC of all ClientMan objects. Very frustrating piece of junk software!!

See more comments about ClientMan >>>
Related news:
Similar parasites:
Related articles:
Related discussions:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.