Winvestigator 2.5

[Spectre] · Oct 27, 2005

Anyone know how to remove this? Found it on a PC I am working on.......zone alarm reports it as spyware.....which from the description I found sounds correct.

kjm2003 · Oct 27, 2005

Spybot, AdAware, Hijack, Manualy searching for it, startup properties (MSCONFIG), add/remove programs...lol im serious....

kyle

[Spectre] · Oct 27, 2005

kjm2003 said:
Spybot, AdAware, Hijack, Manualy searching for it, startup properties (MSCONFIG), add/remove programs...lol im serious....

kyle

Spybot, adaware, ewido. and symantec don't flag it.....only zonelarm's online scanner.

I already went to do the manual removal route after it was detected...but I found nothing. None of the registry setting associated with it are there. The only one close is:
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsCurrentVersion\Run

But "loaddll" is supposed to be "loaddll.exe" with this particular program but on the machine it is "C:\winnt\wins\math.exe C:\winnt\wins\pluged.exe"

So I am basically wondering if it was a false positive or if the manual removal instructions from Symantec are wrong.

[Spectre] · Oct 27, 2005

Anyone?

Malk-a-mite · Oct 28, 2005

Looking at the description this looks like a hell of a lot more than spyware.

http://fileforum.betanews.com/detail/Winvestigator/1008381203/1

Winvestigator starts on boot and runs undetectable in Windows capturing keystrokes, URLs, mouse clicks, and screen shots to an encrypted log file. It can be set to e-mail the log for remote viewing. Its settings are fully customizable. Each Settings section has mouse-over help that displays a quick explanation at the top of the screen. A Web style interface and thorough help make this powerful tool simple to use.

...

[Spectre] · Oct 28, 2005

Malk-a-mite said:
Looking at the description this looks like a hell of a lot more than spyware.

http://fileforum.betanews.com/detail/Winvestigator/1008381203/1

...

Yeah that is why I kind of wanted to know if anyone knew how to get rid of it.

vmerc · Oct 28, 2005

Spectre said:
Yeah that is why I kind of wanted to know if anyone knew how to get rid of it.

Reformat!

Seriously though. Are you using the infected computer to solicit help? LOL! I can imagine the contoller of the spyware. "0h n0es!!!!111 He'z g01ng t0 De1ete mY CrEaT10n!!!111"

[Spectre] · Oct 28, 2005

vmerc said:
Reformat!

I wish.

Seriously though. Are you using the infected computer to solicit help? LOL! I can imagine the contoller of the spyware. "0h n0es!!!!111 He'z g01ng t0 De1ete mY CrEaT10n!!!111"

No, I did unfortunately log into my email from the unit to pull a couple of files i had saved there before I started combing through it

I went ahead and deleted the registry entry that was detected by zonealarm's scanner (it no longer finds it and it doesn't seem to have reappeared) but I am still curious about the fact that just one (possibly since the value wasn't the same) of the many listed entries that is supposed to be associated with it was there..........

So if anyone has an ideas.........

Winvestigator 2.5

[Spectre]

[H] Admin

kjm2003

[H]ard|Gawd

[Spectre]

[H] Admin

[Spectre]

[H] Admin

Malk-a-mite

[H]ard|Gawd

[Spectre]

[H] Admin

vmerc

Limp Gawd

[Spectre]

[H] Admin