keyspy

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by tr0z, Jul 19, 2004.

  1. tr0z

    tr0z Private E-2

    my grandmother has a dell pc and got keyspy installed on her system. I downloaded spybot search and destroy and spyblaster but could not remove the file. she called dell up and was kind enough to give the phone to me and dell told me to disable everything on msconfig startup. I did so but this only prevents the program from starting up.

    so, I went back into msconfig and found a file called srvecx.exe located in c:\windows\system32. I deleted it and wanted to know if I am in the clear?

    please help me, I want my life back...
     
    tr0z, Jul 19, 2004
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    An educated guess is that you dont have spyware as such but have a virus/trojan and this one to be exact

    Backdoor.Servsax
    http://securityresponse.symantec.com/avcenter/venc/data/backdoor.servsax.html

    removal instructions are included..... I know you have the process stoped from starting as you disabled it in msconfig, which is good now its just a case of removing it for good, I dont know what AV scanner your grandmother has so I will aim you at this very good online scanner

    Trends Housecall ( free )
    http://housecall.trendmicro.com/housecall/start_corp.asp


    YOU should aslo before running the AV Scans, turn off System Restore as you may remove the trojan but on reboot system restore can put it back.

    instructions on disabling system restore
    http://forums.majorgeeks.com/showthread.php?t=31668

    once disabled reboot to clear all restore points ( I would at this stage backup any important info she may have )

    once rebooted run the Online scan from trend and remove what it finds, if it doesnt find anything the long way of removing is in the Symantec page earlier asn involves the registry.

    IF Trend removes the trojan reboot and scan again just to make sure then it will be ok to turn system restore back on.



    what Anti Virus does she have if any?
    if she has one get any updates for it and any updated virus definition files.

    if she doesnt have one then this is Free and Auto updateing
    http://www.majorgeeks.com/download1968.html

    just let us know how you get on ;)
     
    DavidGP, Jul 20, 2004
    #2
  3. tr0z

    tr0z Private E-2

    thanks for the help.

    She has norton anti virus. I installed it on her pc last month and it is up to date. My cousin uses the computer frequently and I think he is how the trojan got on in the first place.

    thanks again, I will work on it tonight and let you know how it goes.
     
    tr0z, Jul 20, 2004
    #3
  4. tr0z

    tr0z Private E-2

    hmm, didn't see an edit post so I am going to double post here, not sure if thats ok or not...

    thanks for the help the problem is resovled. the programs worked great, thanks!
     
    tr0z, Jul 20, 2004
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds