Page 1 of 2 12 LastLast
Results 1 to 16 of 17

Thread: How do I edit the registry to remove Boss Everywhere keylogger?

  1. #1
    Registered User
    Join Date
    Dec 2004
    Posts
    154
    Thanks
    1
    Thanked
    1 time in 1 post

    How do I edit the registry to remove Boss Everywhere keylogger?

    How do I edit the registry to remove Boss Everywhere keylogger?

    Ad-aware and Spybot don't detect it but Spyware Doctor does.

    Any ideas on how to remove it?

  2. #2
    Xcelsion... In Disguise. Xaneden's Avatar
    Join Date
    Nov 2004
    Location
    United Kingdom
    Posts
    1,699
    Thanks
    0
    Thanked
    0 times in 0 posts
    X-Block removes it, I'm still trying to find some free advice.
    New Sig on the Way...

  3. #3
    Xcelsion... In Disguise. Xaneden's Avatar
    Join Date
    Nov 2004
    Location
    United Kingdom
    Posts
    1,699
    Thanks
    0
    Thanked
    0 times in 0 posts
    http://securityresponse.symantec.com...verywhere.html

    http://securityresponse.symantec.com...rywhere.b.html


    Thats information on how to remove both the original and B strain of the spyware.

    Glad I could help.
    New Sig on the Way...

  4. #4
    Registered User
    Join Date
    Dec 2004
    Posts
    154
    Thanks
    1
    Thanked
    1 time in 1 post
    Thanks for taking the time to look into this X.

    Problem is, I can't see anything?



    (BTW it was Spy Doctor that said it was Boss Everywhere - I also also have Norton 2003 which doesn't detect it).

    I also found this link but there don't appear to be any solutions:-

    http://www.wilderssecurity.com/showthread.php?t=61984

    ??

  5. #5
    Xcelsion... In Disguise. Xaneden's Avatar
    Join Date
    Nov 2004
    Location
    United Kingdom
    Posts
    1,699
    Thanks
    0
    Thanked
    0 times in 0 posts
    This is a pretty serious keylogger. Now, my personal solution to everything that goes wrong is to reinstall windows, because I have all my files on an external drive or partition. I realise it isn't that easy for everyone though, but if you aim to get your registry back without infection and corruption after removing the keylogger, it ain't gonna happen.

    Sorry to be the bearer of bad news, but the best bet is to reinstall Windows.
    Last edited by Xaneden; 15-02-2005 at 08:14 PM.
    New Sig on the Way...

  6. #6
    Gentoo Ricer
    Join Date
    Jan 2005
    Location
    Galway
    Posts
    11,039
    Thanks
    1,014
    Thanked
    944 times in 704 posts
    • aidanjt's system
      • Motherboard:
      • Asus Strix Z370-G
      • CPU:
      • Intel i7-8700K
      • Memory:
      • 2x8GB Corsiar LPX 3000C15
      • Storage:
      • 500GB Samsung 960 EVO
      • Graphics card(s):
      • EVGA GTX 970 SC ACX 2.0
      • PSU:
      • EVGA G3 750W
      • Case:
      • Fractal Design Define C Mini
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • Asus MG279Q
      • Internet:
      • 240mbps Virgin Cable
    check in HKCU, more often than not viruses and adware crap use that branch instead of HKLM since only admins can write to HKLM.

  7. #7
    Xcelsion... In Disguise. Xaneden's Avatar
    Join Date
    Nov 2004
    Location
    United Kingdom
    Posts
    1,699
    Thanks
    0
    Thanked
    0 times in 0 posts
    Ooo, Gd point.

    That might work (probably will), but if not, you probs have another 'strain' of the keylogger. Bearing that in mind, reinstallation of Windows is your best bet. You don't need to wipe the disk, a reformat will do.
    New Sig on the Way...

  8. #8
    Gentoo Ricer
    Join Date
    Jan 2005
    Location
    Galway
    Posts
    11,039
    Thanks
    1,014
    Thanked
    944 times in 704 posts
    • aidanjt's system
      • Motherboard:
      • Asus Strix Z370-G
      • CPU:
      • Intel i7-8700K
      • Memory:
      • 2x8GB Corsiar LPX 3000C15
      • Storage:
      • 500GB Samsung 960 EVO
      • Graphics card(s):
      • EVGA GTX 970 SC ACX 2.0
      • PSU:
      • EVGA G3 750W
      • Case:
      • Fractal Design Define C Mini
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • Asus MG279Q
      • Internet:
      • 240mbps Virgin Cable
    wiping the disk is good for performance thou (why i used to keep a 2nd partition for data before i got a file server.)

  9. #9
    Xcelsion... In Disguise. Xaneden's Avatar
    Join Date
    Nov 2004
    Location
    United Kingdom
    Posts
    1,699
    Thanks
    0
    Thanked
    0 times in 0 posts
    I thought I was swish having an external hdd, but a file server....

    I want one!
    New Sig on the Way...

  10. #10
    Registered User
    Join Date
    Dec 2004
    Posts
    154
    Thanks
    1
    Thanked
    1 time in 1 post
    Quote Originally Posted by aidanjt
    check in HKCU, more often than not viruses and adware crap use that branch instead of HKLM since only admins can write to HKLM.
    What is HKCU, and how to I navigate to it?

  11. #11
    Gentoo Ricer
    Join Date
    Jan 2005
    Location
    Galway
    Posts
    11,039
    Thanks
    1,014
    Thanked
    944 times in 704 posts
    • aidanjt's system
      • Motherboard:
      • Asus Strix Z370-G
      • CPU:
      • Intel i7-8700K
      • Memory:
      • 2x8GB Corsiar LPX 3000C15
      • Storage:
      • 500GB Samsung 960 EVO
      • Graphics card(s):
      • EVGA GTX 970 SC ACX 2.0
      • PSU:
      • EVGA G3 750W
      • Case:
      • Fractal Design Define C Mini
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • Asus MG279Q
      • Internet:
      • 240mbps Virgin Cable
    HKey_Current_User as aposed to HKey_Local_Machine

  12. #12
    Registered User
    Join Date
    Dec 2004
    Posts
    154
    Thanks
    1
    Thanked
    1 time in 1 post
    I've now runs scans of the following:-

    1. Ad-Aware
    2. Spybot S&D
    3. Norton online scan (in reference to the link above).
    4. Spy Sweeper
    5. Kaspersky
    6. Trend

    and none of them detect anything.

    The only sweep program thats shows this is Spyware Doctor with the location as HCKR/.dsv

    Now because it is trial version, it wont show me the full location or allow me to remove it (Unless I play $30).

    Is it likely that this could be a false postive?

    I have looked at HKCR which I assume is HKEY_CLASSES_ROOT which lists all file extensions of which .dsv is one - within that path the only .dsv is to something called "VCDEasy.Project" which I am happy to delete as it dosen't sound like anything important. http://www.videohelp.com/tools?tool=39 Also, .dsv looks like a file extension used by that program:

    "Trying to reload a videocd.dsv project by dragging and dropping it in the list of picture files caused the list to go blank until VCDEasy restarted. "
    http://www.videohelp.com/forum/archive/t150417.html

    Any further thoughts?
    Last edited by Hobart Paving; 17-02-2005 at 12:23 AM.

  13. #13
    Registered User
    Join Date
    Dec 2004
    Posts
    154
    Thanks
    1
    Thanked
    1 time in 1 post
    *** UPDATE ****

    Well, I deleted the .dsv registry entry and also uninstalled VCDEasy.

    Lo and behold Spyware Doctor no longer comes up with anything! Whoohoooo!

  14. #14
    Xcelsion... In Disguise. Xaneden's Avatar
    Join Date
    Nov 2004
    Location
    United Kingdom
    Posts
    1,699
    Thanks
    0
    Thanked
    0 times in 0 posts
    Gd Gd. Glad we could help.
    New Sig on the Way...

  15. #15
    Registered User
    Join Date
    Dec 2004
    Posts
    154
    Thanks
    1
    Thanked
    1 time in 1 post
    Yes, thanks to both of you. Those links were useful otherwise I wouldn't have known what registry path to look down. Cheers.

  16. #16
    One skin, two skin......
    Join Date
    Jul 2003
    Location
    Durham
    Posts
    1,705
    Thanks
    0
    Thanked
    1 time in 1 post
    My work here is done..........


    *Walks away, turns translucent and diappears..........

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •