Re: Keyloger and Spyware,

Operating System: Windows XP Pro, Service Pack 3

Spybot successfully detects Webwatcher from Awareness Technologies but fails to remove it. The files reside in the windows/system32/config directory. Which means they can not be deleted.

The problem is there are 2 files in memory and Spybot asks you if you would like to scan the system at the next startup. But when you do that it still runs into the same problem.

None of the processes are visible in task manager or any process explorer I have used.

Spybots message about Webwatcher in the right window of the seach and destroy operation echos the claim of Awareness technologies and says: "Webwatcher claims that there is no securty tool that can stop its doing"

LOL, This sounds like a strong challenge to Safer networking and Spybot!!


I would love some help in resolving this short of a reinstallation of my OS!!


This software was installed in my computer by an unauthorized user!

God Bless,

Tom

If you are running Spybot 1.6.0.30 and it still fails to correct the problem, consider posting in the Malware Removal forum (http://forums.spybot.info/forumdisplay.php?f=22) and having someone take a look at your system.

If you decide to have an experienced malware removal specialist assist you, please follow the procedure in this link to run scans and produce a HijackThis log:

* "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance (http://forums.spybot.info/showthread.php?t=288)).

After you have completed the required scans and produced the requested logs, start your own thread in the Malware Removal forum (http://forums.spybot.info/forumdisplay.php?f=22), making sure to post the HijackThis log produced from the above instructions.

Hello thosk1051,

Please follow the procedure in this link: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a helper will advise you as soon as available.

Cheers.

I followed the procedure you required and I reposed a new thread in the malware removal forum.

Tom

I have first hand knowledge that the "manual removal" method linked has been overcome and/or nullified by awarenesstech....


You guys need to look at it again.

Btw, they really didn't change much of their program...I think they just rearranged keys and the like...everything is associated with :

C:\Program Files\Yahoo!\Common\yverinfo.dll


I've mixed feeling about posting this as I understand they are using it to catch pedophiles and what not...but my wife put it on my computer because she didn't like me looking at porn(and not kids)....so all's fair in "love and war" so to speak.

Anyway...it's truly nasty software...and it's beyond my reach to disassemble it so I just went to a restore point before she bought the software(via credit card...like most would do) and then let a registry cleaner ferret out the stuff and starting working backwards with regedit. It took a LONG time to get everything and I was able to verify I was successful....I hope that someone with more talent than me here at safer networking can come up with a working update to squish this stuff.