Re: CRIME Monitoring software removal

From: Alan (alan@private)
Date: Fri Apr 12 2002 - 15:10:41 PDT

Next message: Toby: "Re: CRIME Perspective on Criticisms leveled at Microsoft"

Previous message: Heidi Henry: "CRIME Re: monitoring software removal"
In reply to: Heidi Henry: "CRIME Monitoring software removal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Friday 12 April 2002 01:28 pm, Heidi Henry wrote:
> Does anyone have any tips on how to locate and completely remove monitoring
> software that has been installed in a stealth configuration?  I was able to
> locate the program once, and thought I had deleted it from the registry,
> however, after a number of reboots, the program has shown itself again, but
> it cannot be located in the registry as before.  After further research,
> the program is designed to change its name/extensions, so it is difficult
> to identify.  I did a search using $, which evidently is used for hiding
> the program, but I could not locate it a second time.  I have contacted the
> software vendor as I originally I was able to identify the software
> manufacture, but have not heard back from them yet.  The vendor FAQ states
> it cannot be removed without the originating computer or CD, i.e., the
> target computer cannot remove it.  The program  is Winwhatwhere.  If this
> were placed on a computer legally, wouldn't it have to be done with a
> search warrant? This is a private PC, not on a network or in a work place. 
> Thanks for any suggestions you might have, Heidi e-mail: mcps@private

Some spyware can be removed with anti-virus software. (Or at least identified.  
Backorifice and a number of others will show up in this way. Not certain 
about WinWhatWhere)

The program is a keylogger.  It is pretty nasty as it has code to kill other 
anti-spyware.

http://www.trapware.com/ has a program for identifying the program. (90 day 
free trial. Don't know if it removes it.)

Instructions for removal and how it works here: 
http://www.megasecurity.org/Info/doc/winwhatwhere.htm

BoDetect is another product that will find and remove spyware. 
http://www.cbsoftsolutions.com/Products/bodetect.htm

http://www.lavasoft.de/ has AdAware. It gets rid of Ad-based spyware, but not 
WinWhatWhere. It is free for personal use.

If you reinstalled over the regular OS without a format, you will want to make 
sure those registry entries are truly gone.  Since it does not nuke the 
registry and start over installing over the old OS (at least with Win95/98), 
there may be old entries from the software left over.

Hope that helps.

Next message: Toby: "Re: CRIME Perspective on Criticisms leveled at Microsoft"
Previous message: Heidi Henry: "CRIME Re: monitoring software removal"
In reply to: Heidi Henry: "CRIME Monitoring software removal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:40:39 PDT