|
Posted by RJK on March 25, 2008, 5:05 pm
If you were Registered and logged in, you could reply and use other advanced thread options
..(4) Kaspersky sweep is running on it atm, am tempted to terminate it !
...just what are all those "error : delete wrong pointer" 's ? :-)
regards, Richard
>
> | Hi,
> |
> | I've got a XP Pro SP2 machine on the bench that has/had/or maybe still
> has a
> | keylogger in it.
> | AVG / Ewido scan found it and seemed to remove it, but, I'm sure
> there's
> | something quite nasty still in there.
> | AVG anti-virus wouldn't install - it's as though something is blocking
> it
> | from being installed.
> | Adaware didn't really find anything, and seems to be not functioning
> | properly in Safe Mode - it becomes unresponsive.
> |
> | ...and Multi-av - which I copied across in Safe mode from a USB
> pen-drive =
> | press 1 for the Sophos sweep and multi-av just vanishes. Press (2) for
> | Trend, and apparantly psapi.dll is missing (it's not - it is present in
> | system32).
> | ...anyhow (1) Sophos and (2) Trend scans will not run.
> | Several previous attempts to start multi-AV sweeps 1 and 2, in Normal
> and
> | Safe Mode caused XP to shut down !
> |
> | ....Mcafee (3) in multi-av is running in Windows "Diagnostic startup -
> basic
> | services etc" mode ...is that any good ?
> |
> | This machine was built and configured by a real PC clever clogs, who
> built
> | it for his girlfriend, ...long story ...relationship broke up, ...PC has
> | been a nightmare ever since, ...I'm told by the young ladys' father !!!
> I
> | have a strong suspicion that this keylogger was installed by him and not
> | picked up on the web, ...though of course that could be complete
> rubbish.
> |
> | ....where do I start ?
> |
> | Mcafee just found "Generic Pup.a.Temp\DealioKit1-stub-0.exe ... "
> | ...I'll Google on that in a minute....
> | ....interesting Google results....
> |
> | any tips appreciated,
> |
> | regards, Richard
> |
>
>
>
> 1. Download and execute HiJack This! (HJT)
> http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
>
> 2. Disable Notepad's word wrap:
> In Notepad.exe; Format --> uncheck; "Word wrap"
>
> 3. Download/run Deckard's System Scanner:
> http://www.techsupportforum.com/sectools/Deckard/dss.exe
>
> 4. Save the scan results (Main.txt and Extra.txt)
>
> 5. And then post the contents of Main.txt and Extra.txt in your post in
> one of the below
> expert forums...
>
>
> { Please - Do NOT post the HJT and Deckard's System Scanner Logs here ! }
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
| 
XML site map