How do I edit the registry to remove Boss Everywhere keylogger?
Ad-aware and Spybot don't detect it but Spyware Doctor does.
Any ideas on how to remove it?
How do I edit the registry to remove Boss Everywhere keylogger?
Ad-aware and Spybot don't detect it but Spyware Doctor does.
Any ideas on how to remove it?
X-Block removes it, I'm still trying to find some free advice.
http://securityresponse.symantec.com...verywhere.html
http://securityresponse.symantec.com...rywhere.b.html
Thats information on how to remove both the original and B strain of the spyware.
Glad I could help. :)
Thanks for taking the time to look into this X.
Problem is, I can't see anything?
http://img.photobucket.com/albums/v2...everywhere.jpg
(BTW it was Spy Doctor that said it was Boss Everywhere - I also also have Norton 2003 which doesn't detect it).
I also found this link but there don't appear to be any solutions:-
http://www.wilderssecurity.com/showthread.php?t=61984
??
This is a pretty serious keylogger. Now, my personal solution to everything that goes wrong is to reinstall windows, because I have all my files on an external drive or partition. I realise it isn't that easy for everyone though, but if you aim to get your registry back without infection and corruption after removing the keylogger, it ain't gonna happen.
Sorry to be the bearer of bad news, but the best bet is to reinstall Windows. :(
check in HKCU, more often than not viruses and adware crap use that branch instead of HKLM since only admins can write to HKLM.
Ooo, Gd point. :)
That might work (probably will), but if not, you probs have another 'strain' of the keylogger. Bearing that in mind, reinstallation of Windows is your best bet. You don't need to wipe the disk, a reformat will do. :)
wiping the disk is good for performance thou (why i used to keep a 2nd partition for data before i got a file server.)
I thought I was swish having an external hdd, but a file server....
I want one! ;)
What is HKCU, and how to I navigate to it?Quote:
Originally Posted by aidanjt
HKey_Current_User as aposed to HKey_Local_Machine
I've now runs scans of the following:-
1. Ad-Aware
2. Spybot S&D
3. Norton online scan (in reference to the link above).
4. Spy Sweeper
5. Kaspersky
6. Trend
and none of them detect anything.
The only sweep program thats shows this is Spyware Doctor with the location as HCKR/.dsv
Now because it is trial version, it wont show me the full location or allow me to remove it (Unless I play $30).
Is it likely that this could be a false postive?
I have looked at HKCR which I assume is HKEY_CLASSES_ROOT which lists all file extensions of which .dsv is one - within that path the only .dsv is to something called "VCDEasy.Project" which I am happy to delete as it dosen't sound like anything important. http://www.videohelp.com/tools?tool=39 Also, .dsv looks like a file extension used by that program:
"Trying to reload a videocd.dsv project by dragging and dropping it in the list of picture files caused the list to go blank until VCDEasy restarted. "
http://www.videohelp.com/forum/archive/t150417.html
Any further thoughts?
*** UPDATE ****
Well, I deleted the .dsv registry entry and also uninstalled VCDEasy.
Lo and behold Spyware Doctor no longer comes up with anything! Whoohoooo!
Gd Gd. Glad we could help. :)
Yes, thanks to both of you. Those links were useful otherwise I wouldn't have known what registry path to look down. Cheers. :thumbsup:
My work here is done..........
*Walks away, turns translucent and diappears..........