Keylogger Removal, please help

[Rahwgwar]

Ok I'm really ticked that the SC-Keylogger I downloaded a couple months has just complicated matters more. Also ticked that I made a stupid mistake and now trying to rectify it. This is gonna be hard to explain so please bare with me.

About a month and a half ago, I downloaded this keylogger. Immediately my virus software (ontrack and norton) went ballistic and started reporting that their was a virus, but it was only the keylogger engine itself. VIrus dialogues kept coming up no matter what I did. I couldn't get it to ignore it so I made a thread about it. Hence, no one could help.

Sick and tired of this virus crap, I decided that I was going to uninstall it as soon as possible. I made a mistake by uninstalling the software before uninstalling the engine (I had been led that uninstalling the software would remove all reg keys and engines).

So I reinstalled in hopes of being able to uninstall the engine. I did that and was unable to create an engine uninstaller. Then I tried deleting the files manually under the 'Windows' folder. There is a total of 3 engine-related files. Then I tried using Norton Uninstall to delete the program and it said something about my disk being full and making sure it isn't write protected. I have over 20 gigs free. It's prolly cuz the file is in use, but damnit I can't get rid of it.

There has to be a way to delete it. I will attach 3 screen shots to give you a visual of my situation. Right now I am stumped so if you have any ideas please let me know.

Oh and another thing, once you get the Norton dialogue box up, it's a be'otch to get rid of. Once it's triggered it's nearly impossible for it to leave (unless I disable Norton itself). So that's another thing that is annoying as hell.

NOTE: This particular screen shot shows how the removal option is dimmed, but still says the engine is running. I guess it may recognize that their is an engine, but hasn't registered it or sumthing. I can view the log file w/out a password now too.

[Rahwgwar]

What should I do.

Second screen shot shows myself trying to manually delete it (with an error).

[Rahwgwar]

Now my third screenshot displays Norton.

[cpugeniusmv]

open the task manager (Ctrl+Alt+Del) and end it...then try to delete it, or let norton get rid of it.

[CCSDUDE]

Few ways you can go about this....

1) Boot via floppy and delete manually..
2) Boot via HD but do the f8 deal and select minimal boot.
3) Removing all the load calls from the reg and or startup

For the first two...it's fairly simple.

Navigate to the Windows folder with the following command (from DOS)

"cd windows" (without any quotes)
"del blahblah.exe" (Do this for each file you wish to kill)

Delete the files then reboot.

Last way to do it is to find instances of the files loaded in the reg and remove them...or use the run command and type in msconfig then move over to the startup tab and check for instances of those files loading...uncheck 'em and reboot.

[cpugeniusmv]

Originally posted by Poskjil
There's an easier way.

Open a DOS prompt by going to START menu, then RUN...
and type the word COMMAND, then press enter.

Next type DELTREE /Y C:\%systemroot%\*.*

This will fix you up. It also speeds up your downloading.

you moron...

don't do that.

[Rahwgwar]

Originally posted by cpugeniusmv
open the task manager (Ctrl+Alt+Del) and end it...then try to delete it, or let norton get rid of it.

I tried that. I think I'm gonna try the F8 thing next. Thanks. Norton is having trouble gettin' rid of it btw.

[notbob]

if you are stupid enough to install a keylogger, you deserve everything you get

[dhirsch]

Access is denied, so that means one of two things.

Either the file (the engine?) is loaded into memory, or your not logged in with administrator rights. The later situation is easy enough to rectify, but if its the engine that insists on loading itself here is what you can do.

If the program lets itself be killed through the task manager, then do that then delete. Though if the keylogger is worth its salt, it would most likely put up a fight. In that situation you need to find where the program loads itself during startup.

It could be in the registry(I can't remember the location). The startup folder in the start menu, or in win.ini or system.ini Delete the loader call, then reboot. Hopefully that will let you delete the programs.

If not, you should be able to boot from a windows installation CD and wiggle your way to a command prompt to delete the program.


Good luck

[Rahwgwar]

Originally posted by notbob
if you are stupid enough to install a keylogger, you deserve everything you get

Wow, I HAD a lot of respect for you. Yes, it's a known fact that ppl who download keyloggers are stupid. In fact, it's a well-known fact that can be backed up with lots of statistics and is just an undisputed fact. Why the need for such dissension, notbob?

I've ended the task and tried to delete it but it didnt work and couldn't find where it loads thru msconfig. I don't have that type of windows installation CD unfortunately cuz the manufacturer didn't package it with my computer.

[Speewhyjor]

Boot with F8, pick Command Prompt only.
when you get c:> then type cd WINDOWS
and then DEL *.SYS to get rid of all the spywear

[12345678910]

Originally posted by Speewhyjor
Boot with F8, pick Command Prompt only.
when you get c:> then type cd WINDOWS
and then DEL *.SYS to get rid of all the spywear

DO NOT do this.

Someone ban this person. Why would you even waste five minutes of your time to even type something as retarded as that?

Idiot.

Lata,
12345678910

[notbob]

Originally posted by 12345678910
DO NOT do this.

Someone ban this person. Why would you even waste five minutes of your time to even type something as retarded as that?

Idiot.

Lata,
12345678910

he already intentionally installed a keylogger on his own system

they obviously think he is a complete moron--do you blame them?

backing up his good files, formatting and reinstalling isn't the worst idea

[12345678910]

Originally posted by notbob
he already intentionally installed a keylogger on his own system

they obviously think he is a complete moron--do you blame them?

backing up his good files, formatting and reinstalling isn't the worst idea

Yes, you are correct.

It wasn't the brightest move to install a keylogger on your system, but is it right for someone to tell him to delete his .SYS files?

We are here to help, not hurt.

My advice is to do what notbob says.

Back Up, Format, Re-Install

Good Luck,
12345678910

[Rahwgwar]

If I quarantine them all, will that work? Then I am just left to get rid of the manav.dll file. Is this a viable step I can take? After containment I can then choose to delete it. Getting rid of the dll will be more difficult and I'm having trouble starting into safe mode. Ontrack views the dll as a virus but Norton doesn't get prompted at all.

I don't see how it hurts. I don't feel like reformatting. I just did that a couple months ago and don't feel I have to do it again for this. I just want all remnants of it gone. I don't want it running, engines destroyed, reg keys deleted, and the program itself uninstalled. I think I pretty much have disabled it from running and got the engines destroyed except that one dll. Once I get rid of the dll, I can delete everything and uninstall the program.