TechSpot

HackTool.crack

By luckylinda
Apr 4, 2007
  1. Sorry, I realize I posted in the wrong spot, in someone else's thread.

    Am trying to find out if "HackTool.crack" is or is not a "potentially harmful program" or is it a keygen?

    Thanks
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    HackTool.crack is a nasty malware infection.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of luckylinda only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. luckylinda

    luckylinda TS Rookie Topic Starter

    Hi Howard, thanks for your response. I have just spent over 12 hours following (I hope) your directions. Interesting, every program sees something different.

    There was nothing found in the RootKit program.

    I have just finished using the Avg Spware-trial, and when I finished the program said there were no logs. When I rechecked the setting I saw that "save a log for a scheduled scan" was checked and maybe that is why. Or maybe because it's a trial. It did find many things. Even though there was spyware that was quarantined, nothing shows in that section. I was in safe mode while doing this test.

    I cleaned with CCleaner many times and these two things don't go away, although the first one comes back after deleting but with a different size/KB each time. The second one does not get deleted.
    C:\WINDOWS\system32\wbem\Logs\wbemprox.log 608 bytes
    C:\WINDOWS\Internet Logs\ZALog.txt 0.35MB

    I see some programs mentioned in the HJT log that I tried many ways to get rid of. Panda for instance.

    Please let me know if and what I still should do after this...and thanks.

    I have some other questions. Many of these programs that I used to scan and clean with will only reference MS IE as the browser. I use Firefox, does it get looked at? Should it?

    If I am going to download from a Warez site, what can I do for good security. Apparently just using AVG antivirus and Spybot is not enough. What about an antivirus or antispy program that checks as you are downloading?

    There were lots of tracking cookies found with AVG antispy even though I have Firefox delete cookies when I close Firefox. Will my firewall find these things?

    What can I do besides not download??

    When you say to not log in during safe mode as Administrator, but your normal login...what does that mean? I log in as "linda Joy" but I am the administrator.

    The last week my AVG antivirus has been saying that my Partition Table (MBR) has "Changed". Boot sector also. I am wondering if this could be because I recently deleted a partition? Or is that showing virus activity also??

    again...thanks a lot for your efforts and help!
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    The best thing to do as regards warez sites, is stay away from them altogether. Most of the content of these sites is virused.

    The C:\WINDOWS\system32\wbem\Logs\wbemprox.log 608 bytes
    C:\WINDOWS\Internet Logs\ZALog.txt 0.35MB files are perfectly legit and are nothing to worry about.

    Your Combofix log is not correct, you need to follow the instruction in step12 of these instructions.
    Then, post a fresh Combofix log into your next reply. You need to do the same for AVG Antispyware as per this guide HERE and post an AVG Antispyware log.

    Your HJT log is clean. However, you`re running two firewall programmes, Zonealarm and Trend. This is not recommended and can cause serious conflicts. You need to uninstall one of your firewall programmes.

    Post fresh HJT, Combofix and AVG Antispyware logs into your next reply.

    Regards Howard :)

    This thread is for the use of luckylinda only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. luckylinda

    luckylinda TS Rookie Topic Starter

    possibly clean???

    Hello Howard,

    Here are my logs...and thanks again for your time and help. I appreciate it very much.

    linda
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean, but you`re still running two firewall programmes. lets get rid of Panda.

    We need to temporarily disable Spybot search & Destroy`s tea time, as it may interfere with any fix we are trying to run.

    Disable Spybot's TeaTimer. This is a two step process.
    First:
    - Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
    - Choose Exit Spybot S&D Resident
    Second:
    - Open Spybot S&D
    - Click Mode, check Advanced Mode
    - Go To Left Panel, Click Tools, then also in left panel, click Resident
    - If your firewall raises a question, say OK
    - Uncheck the box labeled Resident Tea-Timer and OK any prompts.
    - Use File, Exit to terminate Spybot
    - Reboot your machine for the changes to take effect.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Panda Software
    Panda Antivirus Platinum

    Close control panel.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Panda Firewall Service (PAVFIRES)<Disable the service name and/or the name in brackets.

    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    PavFires.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\Panda Software<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Re-enable SS&D Teatimer.

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of luckylinda only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. luckylinda

    luckylinda TS Rookie Topic Starter

    Hola Howard,

    I've included my HJT log. And yes...I have more questions. First though, thanks very much. I've learned alot about my computer. I'd never done anything with my registry, never used a run command, but understand much clearer now how my programs and Windows are connected.

    I had tried before to get rid of Panda. Also I see entries on the log for Acronis (Privacy Expert) & Kaspersky. I have tried to be rid of them also.

    Are the entries for "Browseui" something that is OK. I have no idea what it is and have searched but still don't understand.

    It appears to me that the Resident Shield of Spybot S&D is only or IE, is this the case? I do not use IE.

    After "disabling" Panda, is it still in my machine? It did not show up in the HJT log.

    I can't find TeaTimer. Don't know why I don't have it. Any ideas how to get it? There was a time when I did have it. I did download a new Spybot following your directions.

    Is it safe to delete files that have been quarantined? Will they really be gone? Sorry if that is a stupid question.

    I have a QooBox Quarantine, and I'm assuming that was one of your "tools".

    I realize you spend a lot of your time helping others, thank you for your time.

    linda

    Howard,

    While seaching for info on the entries I asked you about in my HJT log, I went to a couple of spyware forums other than Techspot.

    Here were the cookies I received:

    -There were 13 from Techspot, although I assume they cause me no problems.
    -Tacoda. net - 6
    -spywaredata.com
    -lavasoft suport.com
    -burstnet.com - 3
    -ad.yieldmanager.com - 4

    Is there anything you would suggest I do about this? I do have the cookies deleted when I close Firefox. Is that good enough? Or well they have "gone" somewhere else? Are any of these tracking and/or malicious? Makes me not want to go search to find out what they are!

    The spyworld of the Internet gets pretty frustrating when you actually have to look at it.

    Again, thanks for you time.

    Uno mas, por favor!

    I see that all those cookies, except lavasoft, and another one called "mediaplex" are all from Techspot. Any comment?

    You have been such a great help, but do I need to stay away from TechSpot? There seems to be a lot of good information here.

    linda
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You need to post a fresh HJT log from normal mode.

    Yes, delete all quarantined files.

    Don`t be concened with the cookies, they aren`t malicious. You can get rid of them by running the Ccleaner programme as per setp9 of the instructions HERE.

    All Techspots cookies are perfectly safe.

    Regards Howard :)

    This thread is for the use of luckylinda only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. luckylinda

    luckylinda TS Rookie Topic Starter

    new HJT log

    Hola,

    Here is my log. I see entries in both the "023" & "09" section for Acronis. I uninstalled Acronis Privacy Expert a long time ago. I still use Acronis Disk Director. I think possibly these entries are for Privacy Expert. I really DISLIKE these programs that won't let me uninstall them. And yes, Panda was one also.

    I see nothing for Panda in the log, which I'd also tried to get rid of, but yesterday I saw that there was still a Panda folder under "all users" - Doc's & Settings.

    I have active at this time, AVG antivirus, Spybot-resident, AVG anti-spy, and Zone Alarm. I do not have the ZA antivirus & antispy active. Would it be Ok to activate them or will it be conflicting?

    I had disabled Defender the other day, but I see it on the log.

    thanks,
    linda
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    Leave them disabled to avod conflicts.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of luckylinda only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. luckylinda

    luckylinda TS Rookie Topic Starter

    Trend Micro

    Hello Howard,

    I was looking in the programs section in Zone Labs and found these entries.

    jsapi.dll
    bpmnt.dll
    jupdate.dll
    ssapi32.dll
    tmengdrv.dll
    tmupdate.dll
    vsapi32.dll

    I had looked everywhere I could think of to check and see if I had Trend Micro or Housecall installed. I never see anything. You had mentioned them in the beginning on my HJT log, but only the first time. I didn't see anything there later. Every once-in-awhile their name comes up somewhere on my computer and I just can't stand it that a program would be installed and I can't even find it or have already uninstalled it.

    I tried using the online checker as you had suggested but it didn't work for me, so I quit it. I had done this once before also. So far I have never seen an online program work as I think it should. And after dealing with TM (and possible that's how I ended up with Panda also) I don't trust any of them.

    So, any comments or can you help me get rid of them. They have no business being on my computer without letting me see that they are there.
    My theory anyway.

    thanks,
    linda
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Run the Trend online scanner and see what it says.


    Run this online virus scanner. You will need to use Internet Explorer for this scanner. It`s one of the very few online scanners that will actually disinfect viruses etc.

    Regards Howard :)

    This thread is for the use of luckylinda only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...