Re: poison ivy trojan

lid wrote:
> I've found what's been attacking my machine [partially] I need more help, as
> it's a key logger, and the guy is online when I am, and manipulating my
> machine. He's already used my credit card.
>
> I just need more info on how to clean this thing.
> the firefox site was semi helpful, but the program that's doing all the
> activity needs to be removed also. I don't know what that one is [if it isn't
> SFC.EXE] The taskmgr.exe in the windows, and windows\system32 directory can't
> be scanned with SFC.
> I think this things been on my machine for a long time now.
> SFC works on SOME files. But not on the ones I know are bad.
> Also in the task scheduler, I suspect that may have a lot to do with what's
> happening.
>
> Is there a list of tasks that are safe on the web ?

If in fact someone does have access to your machine you have no idea
what he may have hidden there. Removing the keylogger may just be the
tip of the iceberg. this is one of the few instances where I would
recommend a complete format and re install. Change ALL of your passwords
EVERYWHERE.

gls858

lid wrote:
> On Mon, 24 Nov 2008 09:48:09 -0600, gls858 <> wrote:
>
>> If in fact someone does have access to your machine you have no idea
>> what he may have hidden there. Removing the keylogger may just be the
>> tip of the iceberg. this is one of the few instances where I would
>> recommend a complete format and re install. Change ALL of your passwords
>> EVERYWHERE.
>>
>> gls858
>
> Complete format won't do much good with the info he's collected. All that will
> do is waste my time.
>
> But I may have found something that does work to clean them out though it's the
> last thing I wanted.
> I killed power while booting to get the machine into repair mode.
> The registry entry [that I renamed vs remove] has been deleted with the half
> hour repair. I have no idea what else it repaired. Wish I did. Hasn't fixed the
> DEP yet if indeed it's broken.

But once you redo all your passwords and get new accounts numbers,
credit cards etc you don't really want him to have those too do you?
If he's hidden something on your machine that can be activated once
you've rid yourself of the obvious, you may be right back in the same
predicament, but suit yourself it's your info and money.

gls858

lid wrote:
> On Mon, 24 Nov 2008 13:59:20 -0600, gls858 <> wrote:
>
>>> Complete format won't do much good with the info he's collected. All that will
>>> do is waste my time.
>
>> But once you redo all your passwords and get new accounts numbers,
>> credit cards etc you don't really want him to have those too do you?
>> If he's hidden something on your machine that can be activated once
>> you've rid yourself of the obvious, you may be right back in the same
>> predicament, but suit yourself it's your info and money.
>
> That means a complete replacement of thousands of dollars in software &
> Hardware. You tell me you figure on going out and buying a new machine, and all
> new software ?
> The thing needs to be found and removed before taking any other action. For now
> only thing possible is to lock the machine off from the web while finding this
> thing and all bits and pieces, but there's the rub. It's NOT DETECTABLE by any
> virus software.
> Best Trend can offer is the pro version key encryption.

I didn't say to replace all of your programs and hardware. I don't know
where you got that idea. I said you should reformat your hard drive.
Then you reload your operating system and your programs, then the data
files you created from a backup and now you KNOW you have a clean system.
Otherwise if someone really did have access to your machine you can't be
certain that removal of this one item will in fact keep them out of the
system.
If you feel that removing this one problem is sufficient then so be it.
If you can't find a way to remove it then formatting the hard drive is
the only method that will clear it from your system.

gls858