Help with removal of hacktool.rootkit

By eyzia
Sep 10, 2005
Topic Status:
Not open for further replies.
  1. patou

    patou Newcomer, in training

    :bounce: thank you
  2. patou

    patou Newcomer, in training

    thank you jekkoy

    :p
    i wanted to thank you. the first message was the first one i replied to but i found the taskcntr.exe on the server and i removed the file and the problem seemed solved

    i wanted to thank you
  3. aznxcutiegirl4u

    aznxcutiegirl4u Newcomer, in training

    remon.sys

    I am wondering is anyone can help me. I am not good with these system files at all. First,
    What is a HJT file?
    I tried to delete the remon.sys file and i did on safe mode but it just comes back.
    Can someone please explain to me how to fix in like easy computer language please?

    THANK YOU SO MUCH!!
  4. patou

    patou Newcomer, in training

    remon.sys

    symantec now detects that virus with the update from 20th of september.

    also rename the file taskcntr.exe to taskcntr.xxx and then scan your machine with a virus definition update from today and it should detect the virus.
  5. morpeous03

    morpeous03 Newcomer, in training

    Hi guys!

    I got remon.sys too.. :( I tried to delete the file but it keeps coming back...

    I tried to follow the instruction above with regards to sysmanager.exe file and taskcntr.exe file.. but these files does not exist in my PC...

    any help would be greatly appreciated.. Thanks in advance...
  6. morpeous03

    morpeous03 Newcomer, in training

    After going thru live update and scanning windows directory, NAV does detect the virus ( remon.sys ) but still cannot clean it... :(
  7. morpeous03

    morpeous03 Newcomer, in training

    Remon.sys

    BTW,, here is my HJT log file. :angel:

    Logfile of HijackThis v1.99.1
    deleted

    Thanks again!!!
  8. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

  9. blueeyes46818

    blueeyes46818 Newcomer, in training

    This is what I want to know. :giddy:
  10. morpeous03

    morpeous03 Newcomer, in training

    Thanks Mate!!!! -> RealBlackStuff
    I'll try it later... :chef: cheers! (this smiley looks like a beer in a mug doesn't it) :)
  11. Fogelhund

    Fogelhund Newcomer, in training

    Hello, I am having the same problems with remon.sys.

    Thanks for the help in advance.

    Also had this just pop up. taskcntr.exe W32.spybot.worm
     
  12. blueeyes46818

    blueeyes46818 Newcomer, in training

    This thread helped me get rid of that stupid remon.sys virus. Thank you guys so much. I had been fighting with Gateway and Verizon the last 3 days.

    After I learned Verizon's DSL is just a wide open, unprotected network that anyone can send data to whoever, I bought a router and 3 different virus, spyware, and adware programs.

    It is not all Verizon's fault though. Microsoft had better do something quick.

    I felt :dead: for a week. Now I am going to go puke: .
  13. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Fogelhund (I hope you are not DOING that)

    C:\Documents and Settings\Brett\Local Settings\Temp\HijackThis.exe
    put HijackThis in e.g C:\Program Files\HJT and NOT in Temp or on the Desktop!.

    Boot in Safe Mode, see how here.
    In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.

    Next, open Windows Task Manager by pressing CTRL+ALT+DELETE.
    Click the Processes tab, select the process (if there) and click End Process for:
    ViewMgr.exe
    hackmon.exe
    taskcntr.exe

    Next, click Start/Control Panel/Add/Remove Programs. If there, UNinstall anything to do with:
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\UnHackMe\hackmon.exe

    Next, click Start/Run and type services.msc and click OK. Look for the service:
    taskcntr.exe
    Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.

    Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
    ...................................................................................................
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
    Fix ALL O16 - DPF: entries
    O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINNT\taskcntr.exe
    ...................................................................................................
    Now click on the Fix Checked button in HJT. Exit HJT.

    When done, from between the above dotted lines, delete the highlighted bold files.
    When a \directory-name\ is bold, delete everything in it, including that directory itself.
    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Rightclick IE on the desktop, select Properties, click on Delete Cookies, and Delete Files.
    Delete ALL files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
    Boot normal. When all OK, switch System Restore back on.
  14. NoCorndogs

    NoCorndogs Newcomer, in training


    It worked! Thanks a whole lot.


    that stupid remon file is gone, im not getting the virus message anymore either.

    Im not sure what "O23 - Service: ECA (cpanel) - Unknown owner - C:\WINDOWS\javapanel.exe (file missing)" is but i cant get it to go away.. but its not bothering so i dont really mind.

    heres my latest hijack

    and thanks again.
  15. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    You need to try again (in Safe Mode) to get rid of this, using HJT:
    O23 - Service: ECA (cpanel) - Unknown owner - C:\WINDOWS\javapanel.exe (file missing)
    The rest is clean.

    If you can't, click on Start/Run and type in regedit and click OK
    In regedit click on Edit/Find and type in javapanel.exe and press F3
    If found rightclick the entry in the right hand side panel, and select Delete. Fress F3 again and repeat until end of Registry. Then Exit registry.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.