TechSpot

Keylogger/virus help

By KrayonZ
Mar 15, 2006
  1. I was recently downloading something off Limewire and well it had a key logger in it.. Nortan picked it up and said it deleted it but that did nothing.

    I ran Ad-aware professional and Nortan antivirus

    they pickup stuff but im not sure if their doing anything.

    When i press Alt+ctrl+del and click on task manager, the task manager wont come up, so i went through the help menu-> searched for "task manager" and clicked on "Open Task manager" but it says:

    The program could not start
    The operating system could not start this program. This may happen if,

    Your computer is on a Network :Note it is'nt
    You need to install the necessary programs :Note huh??
    You need to install the necessary software :Note: Huh??
    You need to re-install the program file note: I never installed anything??
    You are running on Windows XP 64-bit edition Note: ughh noo..
    You need to access an active directory snap-in Note: Riiight?.. wtf?


    When i Start the computer This comes up:
    Application error cannot start VCClient.exe



    Im also getting billions of popups everytime i key in words as im typing in this and in MSN.

    I am now currently running the free online scan at www.trendmicro.com and hopefully that will pickup something.

    Is their anything or anyone that can help me please?
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

  3. KrayonZ

    KrayonZ TS Rookie Topic Starter

    Ok here is the hijackthis .txt in the attachment.. i wouldnt have a friggen clue what it means sorry.. if anyone could point out please do :p
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Go and follow the instructions HERE.

    Then, once you`ve done that, follow the rest of these instructions.

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel. Uninstall anything to do with(if there).

    C:\Program Files\OptusNet Dial-up Internet

    Close control panel.

    Open your task manager, by pressing the ctrl/alt/delete keys together. Click on the processes tab and end process for(if there).

    DSC.exe
    newfrn.exe
    keyboard2.exe
    mousepad2.exe
    newname2.exe
    stub_113_4_0_4_0.exe
    VCClient.exe
    VCMain.exe

    Close task manager.

    Click start/run and type regsvr32 /u C:\WINDOWS\DH.dll and press the enter key.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optusnet.com.au/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
    R3 - Default URLSearchHook is missing

    O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll

    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

    O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet Dial-up Internet\DSC.exe
    O4 - HKLM\..\Run: [keyboard] C:\\keyboard2.exe
    O4 - HKLM\..\Run: [mousepad] C:\\mousepad2.exe
    O4 - HKLM\..\Run: [newname] C:\\newname2.exe
    O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe

    O4 - HKCU\..\Run: [zurz] C:\stub_113_4_0_4_0.exe
    O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
    O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe

    O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)

    O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/ Only fix this, if it doesn`t belong to either your pc manufacturer, or your ISP provider.

    Fix all 016 DPF entries.

    O17 - HKLM\System\CCS\Services\Tcpip\..\{28432A50-096E-40A8-9257-BA261DA1DC10}: NameServer = 203.2.75.132 198.142.0.51 Only fix this entry, if it doesn`t belong to your ISP.

    O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

    Click on the fix checked button.

    Close HJT.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Locate the above 023 entry and double click on it. If it is running, select stop. Set the startup type to disabled. Click apply/ok.

    Locate and delete the following bold files(if there).

    C:\Program Files\OptusNet Dial-up Internet\DSC.exe
    C:\WINDOWS\newfrn.exe
    C:\WINDOWS\DH.dll
    C:\\keyboard2.exe
    C:\\mousepad2.exe
    C:\\newname2.exe
    C:\WINDOWS\newfrn.exe
    C:\stub_113_4_0_4_0.exe
    C:\Program Files\Common Files\VCClient\VCClient.exe
    C:\Program Files\Common Files\VCClient\VCMain.exe

    Reboot into normal mode and turn system restore back on.

    Post a fresh HJT log.

    Regards Howard :)
     
  5. KrayonZ

    KrayonZ TS Rookie Topic Starter

    Ok i did everything their, and so far soo good :p

    Except Task manager wont work :(

    I try Alt+ctrl+del Right clicking the task bar

    but still nothing :(

    Btw the attachment is my new hijackthis .txt after doing all of the above
     
  6. Tedster

    Tedster Techspot old timer..... Posts: 6,000   +15

    what does norton identify it as?
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I can`t see anything bad in your HJT log.

    The correct sequence of keys is ctrl/alt/delete keys.

    Click start/run and type taskmgr.exe into the run box and press the enter key.

    Does that make the task manager appear?

    Regards Howard :)
     
  8. KrayonZ

    KrayonZ TS Rookie Topic Starter

    yeah i meant to type ctrl/alt/delete , But alt/ctrl/delete also works aswell for me

    Btw when i did start/run typed taskmgr.exe and pressed start this came up.


    "another program is curently using this file."
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Try it from safe mode.

    Also, look in your add remove programmes in your control panel for anything related to surfsidekick, or Vcclient. If you find anything, uninstall it.

    Regards Howard :)
     
  10. KrayonZ

    KrayonZ TS Rookie Topic Starter

    Task manager works in "safe Mode" just wonder why it wont work normally...

    btw i checked for any programs and none.
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    All the instructions I gave you in reply #4, were meant to be carried out in safe mode.

    Regards Howard :)
     
  12. KrayonZ

    KrayonZ TS Rookie Topic Starter

    ohh yeh yehh i did them in safe mode :D
     
  13. KrayonZ

    KrayonZ TS Rookie Topic Starter

    Start/run Msconfig

    Then disabled something called "outlook" in the startup part
    and all is fine :D

    Thanks howard!
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s good news.

    Thanks for letting us know.

    Regards Howard :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...