PLEASE HELP REMOVING ACE PASSWORD SNIFFER

   Zip files are one thing (which many refuse to open), but a zip containing a Word file..... 

Anyway, cross-posting has occurred, and the thread continues here, so this thread will now close.

Author	Message Share Topic Printable Version Delicious Digg Facebook Furl Google MySpace Newsvine reddit StumbleUpon Translate Twitter Windows Live Yahoo Bookmarks Topic Search Topic Options Post Reply Create New Topic
namrehto Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 23 June 2005 Location: Scotland Online Status: Offline Posts: 3861	Topic: PLEASE HELP REMOVING ACE PASSWORD SNIFFER Posted: 15 June 2006 at 4:19am
	Zip files are one thing (which many refuse to open), but a zip containing a Word file..... Anyway, cross-posting has occurred, and the thread continues here, so this thread will now close.
	Gil

EP_X0FF Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 08 March 2006 Location: Russian Federation Online Status: Offline Posts: 4753	Posted: 15 June 2006 at 3:14am
	Boot into safe mode and delete this keys.
	Ring0 - the source of inspiration

billybandit Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 14 June 2006 Location: United Kingdom Online Status: Offline Posts: 4	Posted: 15 June 2006 at 2:56am
	Hi Gil, I have posted the log from the RKR run last night, can you or the team have a look and see what is causing the problem. Also i have the following info:- Ran NOADWARE last night (trial version) and it came up with BACKDOOR.Rtkit.b on system (never seen this before). This was removed and also followed Symantecs removal information on thier website. Their was no sight of the Root kit evidence for this program and symantec said the following would be evident in the registry and said to remove the following:- 2006-06-15_025133_HKEY.zip The only thing present in registry was LEGACY_NPF which was refusing to be deleted!! Cheers

namrehto Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 23 June 2005 Location: Scotland Online Status: Offline Posts: 3861	Posted: 14 June 2006 at 5:45am
	Okay. To help see if something rootkit-like is hiding on your PC, start with PLEASE READ BEFORE POSTING and note the comments there. The link at the top of that thread takes you to the RootkitRevealer webpage. Download rootkitrevealer.zip and unpack into a convenient folder (say a new one on your desktop). In that folder, click on rootkitrevealer.exe, wait 10 seconds after its window opens, then click Scan and walk away from your PC until it finishes (when the button turns from Abort back to Scan). Follow the directions in PLEASE READ BEFORE POSTING for saving the log, then post it here.
	Gil

billybandit Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 14 June 2006 Location: United Kingdom Online Status: Offline Posts: 4	Posted: 14 June 2006 at 5:22am
	Hi Gil, I am only a computer novice so please excuse me if what i about to say is incorrect. I took a copy of the xoftspy log to work and showed it to our IT guys, they reckon it is a root kit, probably some malious software that is re-infecting my registry every time i re-boot. Can you advise of an easy RKR to use that will not only reveal the pain in my life at the moment but also remove it. I have already ran AUTORUN, but nothing stands out as out of the ordinary. Secondly, if this is posted correctly, which would be the best forum to post.

namrehto Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 23 June 2005 Location: Scotland Online Status: Offline Posts: 3861	Posted: 14 June 2006 at 5:09am
	You posted this in the RKR forum. Did you actually run RKR? If so please post the log.
	Gil

billybandit Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 14 June 2006 Location: United Kingdom Online Status: Offline Posts: 4	Posted: 14 June 2006 at 5:00am
	Please help, I am usually armed to the teeth with all things security, anti spy/mal/virus/trojan etc, but i have re-occurring registry value that installs it's self everytime i reboot. Only Xoftspy is identifying this and is defined as a severe threat. Nothing else including spysweeper/AVG/SPYBOT/ADAWARE etc is seeing or identifying as a threat. the key value is located in system\currentcontrolset\services\nm\enum\0:@:root\legac y000 and is being identified as ACE PASSWORD SNIFFER. I do not believe I have ACE Password sniffer installed and have thoughly checked this is the case. How do i permanently remove this or remove the thing, which is driving me crazy. PPPPLLLLLLLEEEEEAAAAASSSSEEEE HELP, all you clever people out there.