|
SPYWARE_KEYL_ASTLOG -
Thu, 26 Oct 2006 15:47:25 +0100
uk.people.silversurfers
previous
Flyiñg Ñuñ 2°°6 +...
|
Trend tells me I have the above keylogger spyware on my system. I have
pinned it down to a registry key:
Michaelangelo...
|
rosoft\SearchAssistant|ACMru\5603(001=3DSPYWARE_KEYL_ASTLOG)
|
Michaelangelo...
|
soft\SearchAssistant|ACMru\5603(001=3DSPYWARE_KEYL_ASTLOG)
|
HKEY_USERS\S-1-5-21-1123561945-776561741-725345543-1004\Software\microsoft\SearchAssistant|ACMru\5603(001=SPYWARE_KEYL_ASTLOG)
Is this a really nasty bit of kit, and should I remove it pronto?
If so, anyone any ideas as to the correct removal procedure?
Saxman...
|
I've deleted many thing with Trend without problems.
Why not do a System Restore before you delete it. It backs up the registry.
Ali...
|
You mean set a System Restore Point? So you (or rather FN) can go back if
Trend messes things up.
Saxman...
|
That's correct.
A lot of people get the impression that System Restore restores
everything. It only backs up system files etc.
Best to buy something like Go Back. Got me out of trouble lots of times.
|
|
You can get freeware here that backs up the registry if you want to do
it manually.
Bite the bullet!
Flyiñg Ñuñ 2°°6 +...
|
Thanks for that. Just supposing I do a system restore and doingg the Trend
removal thing mucks up the system - presumably after System Restore it's
back to square 1 then. Funnily enough when I used Regcrawler to find it,
I noticed both regcrawler a(rcw) and housecall (Trend) entries at the same
place, which made me think perhaps Trend had put the little b****r there
just to try and fool me into believing their scan was moch better than
Spybot, Windows Defender and Spybot in finding these things.
http://www.flyingnun.co.uk/regcrawler1.jpg
|
|
TIA
MCC...
|
Finally gave the program time to run and got a clean bill of health - no
nasties on my machine
Looks like Windows Defender is doing its job!
Michaelangelo...
Michaelangelo...
Michaelangelo...
Flyiñg Ñuñ 2°°6 +...
|
Well it couldn't have been on my m/c, I keep ut updated and use it several
times a week for a full scan too. It didn't find it on mine. Even after I
asked Trend Hoysecall to remove it and it said it had, it's still there in
the registry as described above. I'm getting concerned now.
|
Scanning and Cleaning Complete
HouseCall did not find any potential threats on your computer. Make sure
you run HouseCall once a week to keep your PC clean and malware free.
Michaelangelo...
|
Does the registry key have any content? Some scanners like Trend=20
sometimes remove the values from the keys but leave the actual 'empy'=20
key behind. In that state it is harmless but will be detected by=20
subsequent scans - which can be unnecessarily alarming.
Flyiñg Ñuñ 2°°6 +...
|
Sorted Mike - the entry was due to me searching for it earlier - see
screenprint of regcrawler
Michaelangelo...
Michaelangelo...
Have got Trend to clean up and a retest now shows no infection - don't know
how I got it in the first place though.
Michaelangelo...
|
The usual way - dropped in by parachute, from a Lysander aircraft, under=20
cover of darkness. :)
Flyiñg Ñuñ 2°°6 +...
|
I wondered where the Rabbit had been - obviously got her pilot's licence
now. Was that "I'm moving" bit just a subterfuge and she was really out
there taking flying lessons then? :)
Rabbit...
|
No way, sat as a passenger ( I was the only mug who would use the video
camera) in one of those small planes and I wouldn't do it again, well not
unless I could do it without my stomach which complained all the way :-)
|
|
|
|
|
|
|
|
