Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Program unistalled but still running...


  • Please log in to reply

#1
woldo

woldo

    Member

  • Member
  • PipPip
  • 33 posts
:tazz: :) :) :)

Hello guys and thanks for your time. A while ago I downloaded and installed family home keylogger. After a couple of hours I had what I need so I uninstalled the program....and here the journey starts....every time my computer (XP SP2) is online (not IE necessarily running) it lags for about 1/2 sec. every 10/15 sec. It slows when I'm writing, surfing, opening folders, etc. The curious thing is that when my McAffe firewall and/or McAffe antivirus are off the lag doesn't occur... :)

I hope you can help me.
I tried the following software (all updated)

-AdAware SE personal
-Spybot
-Microsoft AntiSpyware
-cwshredder
-CleanUp!
-Microsoft Baseline Security Analyzer 2.0

as well as I defragmented, clean cookies, offline files, disk cleanup, etc..

I'm including also a SpybotSD.ActiveX report, just in case...no idea what for but since I'm not an expert I thought it might help...I also posted HiJackThis report a week ago but still no answer, perhaps there is nothing to worry on it....I don't know what else to say...here it has been raining all day and I feel weak...I guess I better sush...

Thank you very much for your help and for your time.

Ciao

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-10-03 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-09-30 Includes\Cookies.sbi
2005-09-30 Includes\Dialer.sbi
2005-09-30 Includes\Hijackers.sbi
2005-09-30 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-09-30 Includes\Malware.sbi
2005-09-30 Includes\PUPS.sbi
2005-09-30 Includes\Revision.sbi
2005-09-30 Includes\Security.sbi
2005-09-30 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-09-30 Includes\Trojans.sbi
  • 0

Advertisements


#2
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
i don't know how to respond to this.....the fact that this program's author's website is no longer available, plus the inability to detect a keylogger in the first place (what woudl be the point of a keylogger all can see), would make me very, very uneasy if it were my machine.

I would be concerned that the author is logging info, perhaps.

Either way, I am nervous about helping someone who felt the need to log other people's activity on a PC
  • 0

#3
woldo

woldo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Hi and thanks for answering.
I downloaded the keylogger on my PC too check if my kid was looking for [bleep]. I needed the software for a couple of hours and I found what I need. He's good with the PC but the father was better....but not that better! :)
I download the software from download.com and both editor and users' reviews were good. No one mentioned any uninstall problems or the fact the author of the software is now escaped in a tropical island....anyway, I think the problem might be the keylogger software, perhps it is something else...I HOPE! :tazz:

Thanks for your time

Ciao

i don't know how to respond to this.....the fact that this program's author's website is no longer available, plus the inability to detect a keylogger in the first place (what woudl be the point of a keylogger all can see), would make me very, very uneasy if it were my machine.

I would be concerned that the author is logging info, perhaps.

Either way, I am nervous about helping someone who felt the need to log other people's activity on a PC

View Post


  • 0

#4
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
the problem with such a program is that it is designed not to be seen...so discovering it--or the debris it leaves behind, makes it difficult to find.

This is what I would do to try and see if you can nail it down...

run a program like installspy
http://www.2brightsp...eeware-hub.html

reinstall the program with it running, then uninstall the program the normal way and then hunt down the remaining files/registry settings from the installspy log.
  • 0

#5
woldo

woldo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Thanks for the tip. I did what you suggest me: I installed the software again with InstallSpy running...the only problem is that the report that came out was 12 pages long!!!
Now I uninstalled the keylogger, but should I now check file by file? What about those files or folders in the report that have only been "modified"? I mean in the report there folders/files created that I can eliminate, but the one just modified?

Thanks again for your patience and help

Ciao
  • 0

#6
woldo

woldo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Quick thing. I run a very basic and simple search on all files (start/search) and I left blank the search field but I set for today search all files created with today date. These are the files, I hope it can help...thanks

WINZIP32.EXE-2F3C90C9.pf---C:\WINDOWS\Prefetch---PF File
HOMEKEYLOGGER-SETUP.EXE-09822F88.pf---C:\WINDOWS\Prefetch--- PF File
KEYLOGGER.EXE-0429C9EE.pf--- C:\WINDOWS\Prefetch --- PF File
gcDeterminationDataUser.gcd --- C:\Program Files\Microsoft AntiSpyware---GCD File
UNINSTALL.EXE-387840BA.pf--- C:\WINDOWS\Prefetch--- PF File
A~NSISU_.EXE-040A6A19.pf---- C:\WINDOWS\Prefetch--- PF File
INSTALLSPY.EXE-1D118926.pf---- C:\WINDOWS\Prefetch--- PF File
  • 0

#7
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
prefetch files are little info files windows uses when defragmenting your drive to improve performance, so they are not relevent here.

As for the 12 pages...I never said it would be easy...i woulf focus on the new first and if that does not improve the problem, then turn to the modified--do it in phases--but there is not really a quick way to do something like this.
  • 0

#8
woldo

woldo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Hi and thanks again.
I did eliminate all the files and key registers that the software created. But still the computer lags. I made also a little bubu. By mistake I erased 2 keys that the software created and I was trying to add the other 2 that has been deleted. So I knew how to add the stringe, but when it came to the value I was lost! I attached the mess that I did. I hope you can help me. Thanks.

Key name Type of change Time
\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\ Modified 12:24:47 AM
Value name Old value New value
HRZR_EHACVQY:%pfvqy2%\Ubzr Xrl Ybttre\Havafgnyy.yax Binary (16 bytes) Binary (16 bytes)
HRZR_EHACNGU:P:\Cebtenz Svyrf\UbzrXrlybttre\XrlYbttre.rkr Binary (16 bytes) Deleted
HRZR_EHACVQY:%pfvqy2%\Ubzr Xrl Ybttre\Ubzr Xrl Ybttre.yax Binary (16 bytes) Deleted
HRZR_EHACVQY:%pfvqy2%\Ubzr Xrl Ybttre\Bgure Cebqhpgf.yax Created Binary (16 bytes)
HRZR_EHACVQY:%pfvqy2%\Ubzr Xrl Ybttre\SND.yax Created Binary (16 bytes)
  • 0

#9
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
before we move on....did you try a system restore from a time previous to the install of this key?
  • 0

#10
woldo

woldo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Yes, first thing I did, but the restore was "unsuccessful".I tried it many times. I used windows restore last year for a similar problem with a spyware/malware/Idon'tknoware and it solved, but this time no, it doesn't work....
  • 0

Advertisements


#11
woldo

woldo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
You know I'm not sure if all this trouble it's been caused by the keylogger. As a matter of fact the computer started to lag a few days after the installation/unistal of the keylogger software. I noticed that when my McAffe viruscan or firewall are disabled the computer is just perfect: no lag at all. I remember that during these days McAffe downloaded a lot of new updates and even a new version of Firewall. It might be this the problem?

Thanks for your time
  • 0

#12
wannabe1

wannabe1

    Tech Staff

  • Technician
  • 16,645 posts
woldo...

Are you running XP SP2? If so, do you have both the McAffey and Windows Firewall running at the same time? This would definitely cause you some grief.

wannabe1
  • 0

#13
woldo

woldo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
No, I only have McAffe Firewall running....thanks for helping
  • 0

#14
woldo

woldo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Oh yes, I have XP SP2....
  • 0

#15
peterm

peterm

    Trusted Tech

  • Technician
  • 3,173 posts
Can you roll back before the Macafee updates?
Can you uninstall Macafee updates /
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP