007 Spy Software

KJWilson

KJWilson

New member
This was reported on my last scan - HKEY_CLASSES_ROOT\Interface\{55C904F2-85EB-4982-BF62-C97108367B3A}. The information listed on that key is Name (Default); Type REG_SZ; Data clsSendMail. There are 3 subfolders: Forward, ProxyStubClsid and ProxyStubClsid32. The subfolders contain the same Name & Type information but have different Data. I can not determine what program installed the keys. Should I go ahead and remove the keys? I can not find anything in the forums that tell me what 007 Spy Software is or what type/how much of threat it is. By the way, I did find other helpful information on the forums, thank you for that.
 
More Info Please

Thank you Sword. OK, it is a keylogger. Can you add any information? Does the Data clsSendMail mean my keystrokes are being mailed somewhere? Is there a way to find which application installed the keys so I can delete that program? I have noticed alerts that say "logitech is trying to monitor your keyboard strokes" and I think there was one when I was working in FrontPage that was similar. Do you think one of those programs may be the culprit? Thanks for any help.
 
Hello KJWilson.
  • Open SpyBot, check for and get any updates available,
  • Close all browsers, check for problems and fix everything found in red
  • Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except
  • Uncheck[ ] do not report disabled or known legitimate Items.
  • uncheck[ ] Include a list of services in report.
  • Uncheck[ ] Include uninstall list in report.
  • Now select (near the top) view report.
  • Press export in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report please.
 
Report Log Info

tashi, after viewing my logs, can you remove them? I don't know that it is "safe" to have all my system stuff exposed??
 
Hi there.
I removed your log as per your request.

However if it is of any reassurance, logs of many types are posted at all help support sites.
For instance see our malware removal forum:
Malware Forum
It is the only way we can check the system for problems. :)
 
Thank you tashi

Thank you for removing the log. I guess I should have written if it isn't safe to then remove? If it will help anyone else, you may repost the log. Can you tell from the log which program set the keylogger or how it got into the registry? Tashi, I would like to tell you again I appreciate your help. :)
 
Hi. ;)

I have asked a helper to take a look at the log and respond to you here with his findings.

Cheers.
 
Hi

I see you let SSD fix it, Good.
007 Spy Software: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{55C904F2-85EB-4982-BF62-C97108367B3A}

Delete this run with your startup manager program or SpyBots tools > system startup
command: wjview /cp "C:\Program Files\MyPointsPointAlert\System\Code" Main lp: "C:\Program Files\MyPointsPointAlert"
file: C:\WINDOWS\system32\wjview.exe
Manualy delete the MyPointsPointAlert folder, do not delete wjview
 
Lonnie, Thank you

I followed your instructions. Hope my system is more secure now. Thank you for your assistance. :bigthumb:
 
new guy to forum also needs "Tashi"s HELP

Hi tashi. I'm "chiefcondensor". On Tuesday 1-31-06 I ran my checks and Spybot 1.4 picked up 007 Spy Software. But it is unable to remove it...tried the restart and restart in safe mode. I have Norton Internet Security,Registry Mechanic, Ad-Aware,and Microsoft anti spyware. Only Spybot can detect the 007 Spy Software. So I found this site to get help removing 007. I have followed your instructions to KJWilson....may I send my report to you ?
tashi said:
Hello KJWilson.
  • Open SpyBot, check for and get any updates available,
  • Close all browsers, check for problems and fix everything found in red
  • Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except
  • Uncheck[ ] do not report disabled or known legitimate Items.
  • uncheck[ ] Include a list of services in report.
  • Uncheck[ ] Include uninstall list in report.
  • Now select (near the top) view report.
  • Press export in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report please.
Click to expand...
 
chiefcondensor Spybot report

tashi,
let me know if my Spybot reort attached to this message. I don't see where it is on this message. If you get it, please help with 007 Spy Software removal, and any other problems you see on the report. Used to be that when I ran Spybot 1.4 it came up clean. Since the 007 Spy Software appeared I get a lot of other problems showing up also.
Thanks
chiefcondensor
 
Lonny ,is this the "system32" you wanted to see?

As usual ,I am making things difficult for myself.
C/ Program Files/ system32 has these 3 files in it:
hhctrl.ocx
icm 32 .dll
riched 32.dll
If I try to attach these I get "invalid file" message!
If I could contact you this would go a lot faster. I will hire you, or make a donation to the Safer Networking site.
chiefcondensor
 
chiefcondensor said:
If I could contact you this would go a lot faster. I will hire you, or make a donation to the Safer Networking site.
chiefcondensor
Click to expand...

Hi there.

Sorry but support is given in the forum and not via pm, telephone calls or remote assistance.

Thank you for your understanding. :)
 
You must log in or register to reply here.
Back
Top