Help with removal of hacktool.rootkit

Status
Not open for further replies.
thank you jekkoy

:p
i wanted to thank you. the first message was the first one i replied to but i found the taskcntr.exe on the server and i removed the file and the problem seemed solved

i wanted to thank you
 
remon.sys

I am wondering is anyone can help me. I am not good with these system files at all. First,
What is a HJT file?
I tried to delete the remon.sys file and i did on safe mode but it just comes back.
Can someone please explain to me how to fix in like easy computer language please?

THANK YOU SO MUCH!!
 
remon.sys

symantec now detects that virus with the update from 20th of september.

also rename the file taskcntr.exe to taskcntr.xxx and then scan your machine with a virus definition update from today and it should detect the virus.
 
Hi guys!

I got remon.sys too.. :( I tried to delete the file but it keeps coming back...

I tried to follow the instruction above with regards to sysmanager.exe file and taskcntr.exe file.. but these files does not exist in my PC...

any help would be greatly appreciated.. Thanks in advance...
 
After going thru live update and scanning windows directory, NAV does detect the virus ( remon.sys ) but still cannot clean it... :(
 
aznxcutiegirl4u said:
I am wondering is anyone can help me. I am not good with these system files at all. First,
What is a HJT file?
I tried to delete the remon.sys file and i did on safe mode but it just comes back.
Can someone please explain to me how to fix in like easy computer language please?

THANK YOU SO MUCH!!

This is what I want to know. :giddy:
 
Thanks Mate!!!! -> RealBlackStuff
I'll try it later... :chef: cheers! (this smiley looks like a beer in a mug doesn't it) :)
 
Hello, I am having the same problems with remon.sys.

Thanks for the help in advance.

Also had this just pop up. taskcntr.exe W32.spybot.worm
 
This thread helped me get rid of that stupid remon.sys virus. Thank you guys so much. I had been fighting with Gateway and Verizon the last 3 days.

After I learned Verizon's DSL is just a wide open, unprotected network that anyone can send data to whoever, I bought a router and 3 different virus, spyware, and adware programs.

It is not all Verizon's fault though. Microsoft had better do something quick.

I felt :dead: for a week. Now I am going to go puke: .
 
Fogelhund (I hope you are not DOING that)

C:\Documents and Settings\Brett\Local Settings\Temp\HijackThis.exe
put HijackThis in e.g C:\Program Files\HJT and NOT in Temp or on the Desktop!.

Boot in Safe Mode, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.

Next, open Windows Task Manager by pressing CTRL+ALT+DELETE.
Click the Processes tab, select the process (if there) and click End Process for:
ViewMgr.exe
hackmon.exe
taskcntr.exe

Next, click Start/Control Panel/Add/Remove Programs. If there, UNinstall anything to do with:
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\UnHackMe\hackmon.exe

Next, click Start/Run and type services.msc and click OK. Look for the service:
taskcntr.exe
Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.

Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
...................................................................................................
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
Fix ALL O16 - DPF: entries
O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINNT\taskcntr.exe
...................................................................................................
Now click on the Fix Checked button in HJT. Exit HJT.

When done, from between the above dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Rightclick IE on the desktop, select Properties, click on Delete Cookies, and Delete Files.
Delete ALL files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
Boot normal. When all OK, switch System Restore back on.
 
RealBlackStuff said:
NoCorndogs

..........


It worked! Thanks a whole lot.


that stupid remon file is gone, im not getting the virus message anymore either.

Im not sure what "O23 - Service: ECA (cpanel) - Unknown owner - C:\WINDOWS\javapanel.exe (file missing)" is but i cant get it to go away.. but its not bothering so i dont really mind.

heres my latest hijack

and thanks again.
 
You need to try again (in Safe Mode) to get rid of this, using HJT:
O23 - Service: ECA (cpanel) - Unknown owner - C:\WINDOWS\javapanel.exe (file missing)
The rest is clean.

If you can't, click on Start/Run and type in regedit and click OK
In regedit click on Edit/Find and type in javapanel.exe and press F3
If found rightclick the entry in the right hand side panel, and select Delete. Fress F3 again and repeat until end of Registry. Then Exit registry.
 
Status
Not open for further replies.
Back