Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

CWS, Trojans and Keylogger havin' a party [CLOSED]


  • This topic is locked This topic is locked

#76
Bobbi Flekman

Bobbi Flekman

    The Computer Whisperer

  • Expert
  • 3,761 posts
  • MVP

Hi Bobbi,

I think I got the file you wanted to see uploaded in the bleeping forum.

I loaded ZA and it is giving me grief. so much to keep an eye on using this...ignorance is bliss with the Micro firewall... :tazz:

Thanks Ruth

Thanks... I'll check out the file... As far as Zone Alarm is concerned. You can tell it to remember the answer you give. After a while you will get no questions asked anymore :)
  • 0

Advertisements


#77
Bobbi Flekman

Bobbi Flekman

    The Computer Whisperer

  • Expert
  • 3,761 posts
  • MVP
Hey Ruth,

I looked at the file, and to me it looks like a log file from some sort of web server, or backdoor.

I PM'd you... If this is personal data, I don't want to spread it out on the net :tazz:
  • 0

#78
Bobbi Flekman

Bobbi Flekman

    The Computer Whisperer

  • Expert
  • 3,761 posts
  • MVP
Hi Ruth,

as said in PM this is generic fix for this infection.

Launch Notepad, and copy/paste the box below into a new text file. Save it as fixme.reg and save it on your Desktop.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Srv32Win"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\%Windir%\unvise32.exe"=-

[-KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KeyCaptor]

Locate fixme.reg on your Desktop and double-click on it.
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

The above Registry file was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Delete the following files in red (it could be that they are deleted already):

C:\WINNT\kcopts.dat
C:\WINNT\NTInvisible.dll
C:\WINNT\SystemSA32.dll
C:\WINNT\unvise32.exe
C:\WINNT\spysplash.dat

Delete the following folders in red (it could be that they are deleted already):

C:\Program Files\KeyCaptor
C:\Documents And Settings\Ruth\Start Menu\Programs\Keycaptor

Can you post a log from SpywareDoctor and HijackThis after this. Thanks.
  • 0

#79
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP