1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Help with removal of hacktool.rootkit

By eyzia ยท 39 replies
Sep 10, 2005
  1. patou

    patou TS Rookie

    :bounce: thank you
  2. patou

    patou TS Rookie

    thank you jekkoy

    i wanted to thank you. the first message was the first one i replied to but i found the taskcntr.exe on the server and i removed the file and the problem seemed solved

    i wanted to thank you
  3. aznxcutiegirl4u

    aznxcutiegirl4u TS Rookie


    I am wondering is anyone can help me. I am not good with these system files at all. First,
    What is a HJT file?
    I tried to delete the remon.sys file and i did on safe mode but it just comes back.
    Can someone please explain to me how to fix in like easy computer language please?

  4. patou

    patou TS Rookie


    symantec now detects that virus with the update from 20th of september.

    also rename the file taskcntr.exe to taskcntr.xxx and then scan your machine with a virus definition update from today and it should detect the virus.
  5. morpeous03

    morpeous03 TS Rookie

    Hi guys!

    I got remon.sys too.. :( I tried to delete the file but it keeps coming back...

    I tried to follow the instruction above with regards to sysmanager.exe file and taskcntr.exe file.. but these files does not exist in my PC...

    any help would be greatly appreciated.. Thanks in advance...
  6. morpeous03

    morpeous03 TS Rookie

    After going thru live update and scanning windows directory, NAV does detect the virus ( remon.sys ) but still cannot clean it... :(
  7. morpeous03

    morpeous03 TS Rookie


    BTW,, here is my HJT log file. :angel:

    Logfile of HijackThis v1.99.1

    Thanks again!!!
  8. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

  9. blueeyes46818

    blueeyes46818 TS Rookie

    This is what I want to know. :giddy:
  10. morpeous03

    morpeous03 TS Rookie

    Thanks Mate!!!! -> RealBlackStuff
    I'll try it later... :chef: cheers! (this smiley looks like a beer in a mug doesn't it) :)
  11. Fogelhund

    Fogelhund TS Rookie

    Hello, I am having the same problems with remon.sys.

    Thanks for the help in advance.

    Also had this just pop up. taskcntr.exe W32.spybot.worm
  12. blueeyes46818

    blueeyes46818 TS Rookie

    This thread helped me get rid of that stupid remon.sys virus. Thank you guys so much. I had been fighting with Gateway and Verizon the last 3 days.

    After I learned Verizon's DSL is just a wide open, unprotected network that anyone can send data to whoever, I bought a router and 3 different virus, spyware, and adware programs.

    It is not all Verizon's fault though. Microsoft had better do something quick.

    I felt :dead: for a week. Now I am going to go puke: .
  13. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Fogelhund (I hope you are not DOING that)

    C:\Documents and Settings\Brett\Local Settings\Temp\HijackThis.exe
    put HijackThis in e.g C:\Program Files\HJT and NOT in Temp or on the Desktop!.

    Boot in Safe Mode, see how here.
    In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.

    Next, open Windows Task Manager by pressing CTRL+ALT+DELETE.
    Click the Processes tab, select the process (if there) and click End Process for:

    Next, click Start/Control Panel/Add/Remove Programs. If there, UNinstall anything to do with:
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\UnHackMe\hackmon.exe

    Next, click Start/Run and type services.msc and click OK. Look for the service:
    Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.

    Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
    Fix ALL O16 - DPF: entries
    O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINNT\taskcntr.exe
    Now click on the Fix Checked button in HJT. Exit HJT.

    When done, from between the above dotted lines, delete the highlighted bold files.
    When a \directory-name\ is bold, delete everything in it, including that directory itself.
    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Rightclick IE on the desktop, select Properties, click on Delete Cookies, and Delete Files.
    Delete ALL files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
    Boot normal. When all OK, switch System Restore back on.
  14. NoCorndogs

    NoCorndogs TS Rookie

    It worked! Thanks a whole lot.

    that stupid remon file is gone, im not getting the virus message anymore either.

    Im not sure what "O23 - Service: ECA (cpanel) - Unknown owner - C:\WINDOWS\javapanel.exe (file missing)" is but i cant get it to go away.. but its not bothering so i dont really mind.

    heres my latest hijack

    and thanks again.
  15. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    You need to try again (in Safe Mode) to get rid of this, using HJT:
    O23 - Service: ECA (cpanel) - Unknown owner - C:\WINDOWS\javapanel.exe (file missing)
    The rest is clean.

    If you can't, click on Start/Run and type in regedit and click OK
    In regedit click on Edit/Find and type in javapanel.exe and press F3
    If found rightclick the entry in the right hand side panel, and select Delete. Fress F3 again and repeat until end of Registry. Then Exit registry.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...