Before you answere this question,I have most of the details in the about me section of my profile,about the spy tracker thing I found on my pc the other day.You need to go read it before you answere.If you could please message or email me on Yahoo about this,that would be great.
2006-10-26 03:23:04 · 4 answers · asked by lildolphin603 2 in Computers & Internet ➔ Security
Spyware r malacious programes which keep an eye on ur system.
its very simple to remove it.use a good AV like Mcafee internet suite 8.etc
they automatically detect spyware and removes them.
if you want the link for downloading Mcafee .i can help you downloading it jus PM me.
2006-10-26 03:34:19 · answer #1 · answered by Anonymous · 0⤊ 0⤋
Unless you can identify the IP addresss that the spyware is connecting to, there's no likely way to identify who installed it.
Most of those connections terminate somewhere in the former Soviet Union. There are few if any cyber-security laws there to it's a waste of time trying to locate the guilty party.
Just clean up your machine and get on with life.
2006-10-26 10:58:41 · answer #2 · answered by Bostonian In MO 7 · 0⤊ 0⤋
I'm sorry, but your RAT, is trying to enter the systems of those who try to contact you, so I wouldn't advise your sending any email nor in your answering any PMs now, because it'll infect whoever tries to help you by using your tools, such as the PM or e-mail to get into our system.
My Avast went berserk when I was about to PM you; warning me of the Remote Access Trojans' attempt to connect to my system.
Please watch this message as I guide you through in the "Additions" I'll keep making.
This is an emergency transmission to warn others and you of the problem of any direct contact with you, right now.
First addition:
This information about Remote Access Trojans from Microsoft Technet will educate you all about RATs.
http://www.microsoft.com/technet/security/alerts/info/virusrat.mspx
This is the RAIM virus description :
http://research.sunbelt-software.com/threatdisplay.aspx?name=Remote%20Aim%20(Raim)&threatid=43594
Second addition:
Removal of this Trojan is possible manually.
Please do understand and agree that the advise given here does not in anyway make me liable for any damages due to your omissions and commissions.
Registry Editing is a job for professionals, not amateurs. Please follow advise carefully.
Please go to Start and click on it.
Go to Run and click on it.
In the dialog box that appears, please type in regedit and hit Enter.
In the Registry Editor Panel that opens, please click on Edit.
Move your cursor down in the drop down menu that appears and click on Find.
In the dialog box that appears, please type in the name of the program you want to find, like, for example, Raim Client.exe; and hit Enter.
In the right hand Panel, select the values that appear with this name and delete them one by one by single left clicking on the value and then single right clicking there and choosing the option Delete and single left clicking on it.
When all the values have been deleted, go back to Edit and click on it. This time select the Find next Option and click on it. Type in the same Raim Client.exe again and hit enter. Again, do what you did earlier by selecting and deleting the values that have the name on the right hand side panel; that appear.
Continue doing Find Next and deleting the values till it shows no more values to delete.
As the Remote Access Trojan lodges itself in numerous places, you might have a lot of deleting to do.
When you are certain that you've deleted all the traces and values relevant to the Trojan, exit the Registry Editor and reboot.
This time, I'm sure you'll find the computer is clean and the next time you have a pesky Trojan who cannot be easily removed, you know how to manually remove it.
All the best.
Cheers.
PS,
The Registry Area is a dicey palace for amateurs to fiddle around since deleting the wrong file or folder can have disastrous results. Please exercise extreme caution.
Third addition :
Please remember that RAIM creates other identities to make it difficult to remove, so do the regedit and Find and look for these entries too :
%System%\raim.ocx
Raim Client.exe
RAIM Server Creator.exe
server.exe
Delete all of them in the fashion I'd detailed earlier.
If anyone has made the mistake of PM-ing you or opening your mail to them, please advise them to do this, too. They are all infected by now.
Fourth addition:
Please also look for these entries in the manner described earlier and delete them too :
sniip3r
sniip3r.com
Fifth Addition:
I have looked up all the possible virus definitions regarding RAIM to be able to get you all the names of the files, folders and sub-folders it creates. I might not have got all of them yet.
Please wait, while I try to obtain further updates.
Meanwhile do all this and reboot.
You'll have disabled most of the RAT and it won't be able to proliferate, so, we do have some time on our hands.
Sixth Addition :
I just go some feedback from the Technet, that RAIM lodges itself in .ini file and .ico files.
These are 1Kb or less, so it's usually our habit to ignore these files, and the url gets brought back in by these.
Please look for and delete any values of the earlier combinations with .ini and .ico extensions.
Seventh Addition :
I tend to agree with the Bostonian in that it might just be an easier thing to format the hard disc and reinstall the OS afresh.
Please reboot after the last search and Let's hope and pray that we got all of the damn RAT and removed it.
If it's still there, Uninstall the OS, format the whole disc and Reinstall the OS and all applications afresh.
I know it's going to lose you a lot of stuff, but then, there will be no other alternative.
I think we might have busted the RAT with the regedit, but I cannot garuntee success.
Eight Addition:
The French Doctor is right.
Please alert your Bankers of possible Identity Theft, first. Also alert your Credit Card Companies of possible misuse.
I would also recommend that you download and install Avast from http://www.avast.com as it's an Anti-virus that would've stopped the RAT from getting in like mine did, just now. It's a free of cost home users' license.
All the very best.
Cheers.
2006-10-26 10:36:36 · answer #3 · answered by Anonymous · 0⤊ 0⤋
I am unable to email you as I don't use Yahoo Messenger an I don't want their program on my pc. I only use MSN Messenger to talk with other doctors and my patients.
I read indepth the story in your profile. Nobody has installed any keylogger onto your pc. Your pc has become what is known as a "Bot" by criminals. (ROBOT). You have been hijacked an all of your data is going to criminals where they operate out of Romania. (This country as some of the very best minds in this filed). If you have used your credit card or any other performed any bank transactions, you better call your bank or any other source related to the data that is being stolen.
Your first mistake was to install Nortons. (In my spare time I test antivirus and antispyware to see if they perform as claimed. Nortons is the very worse garbage out there. As been for years and keep getting worse each an ever year. You would think they would evolve, but this is not the case.
If you can shut down Nortons, as you can not run two antivirus programs on your pc, they will cause conflict. You can run three or four antispyware without any conflict.
Download, "avast", free home for personal use. They will ask you for your email address so they can send you a key that is good for one year. After one year you will have to request a new key. They only charge corporate for the program and they are both the same. You get auto updates daily or twice per day. Scans your entire system an is excellent state of the art technology that in my opinion will get rid of this trojan for you..
Being that you will have to go onto the internet, don't remove Nortons until you download. So instead of opening avast file, just click on save to documents or desk, etc. etc,. Then you can either shut down Nortons or get rid of this garbage, that is no good plus it is a hog on system resources.
Then run avast an it should remove the trojan. After you remove any virus from your system always reboot your system.
If this program does not work, your best solution is to reformat your system, or all your data will continue to be stolen.
Here is an important link for the future on how to protect yourself on the internet. I subscribe to the Government of Australia and they send me this atleast daily.
For more information on transacting securely online, check out http://www.staysmartonline.gov.au
Dear National Subscriber, Welcome to the third in this week's series of guides to online security as a part of the Australian Government's National E-Security Awareness week. In today's installment, we discuss identifying online security threats. How are we able to determine who to trust online? There are two major questions we always need to ask when we deal with anyone: - - What is their motivation? - - Can I verify their identity? Questioning the motivation and identity of those we deal with online in email, web pages and Internet chat is the final line of defence against any attempt to defraud you. Ultimately, avoiding online scams relies on your intuition and common sense alone. These are the same techniques you would need to employ if someone knocked on your door and asked for your banking password or offered you a deal which seemed a little too good to be true. When we deal with someone in person, we both subconsciously and rationally decide whether to trust them based on their attire, their speech, their body language and whether what they say appears to be credible. We need to do the same online, but we don't have the benefit of the subconscious techniques we often use when deciding to trust someone we meet in person. So online, we need to be even more thorough when deciding what is legitimate and what is not. By always questioning the motives and identity of those we interact with online, we can avoid many of the common threats on the Internet, such as: Phishing Phishing involves a criminal establishing a fake copy of a real web site, such as a financial institution. The criminal will then contact many people, usually via email, and attempt to capture usernames and passwords by urging them to log into the fake site using their online credentials. * Question their motive: would a financial institution really contact you via email to tell you your account had been compromised? Would they trust email to tell you something so important? * Question their identity: phone the financial institution on a number you can trust (for example, from the phone book) and confirm whether or not they've sent such an email. Malicious software Another popular way for criminals to make money is by installing software on your machine designed to monitor the information you send to institutions you do business with. They usually attempt to entice you to run a program attached to an email message or visit a web site which will attempt to install malicious software. * Question their motive: does an email or instant message claim to have important, highly sensational news? Often, this news may be from someone you've never heard of before - why would they send this to you? * Question their identity: if a piece of news or notice really is so important, can you confirm it through other news agencies or from the supposed sender? Fake jobs, lotteries and business ventures If you've received an email advertising that Nigerian royalty would like you to be the custodian of $20 million with a healthy cut for yourself, or that a company operating out of Eastern Europe would like to give you $1000 a week just for transferring money in and out of bank accounts, you've been the target of a 419 (or 'Nigerian') or money laundering (mule) scam. * Question their motive: why would Nigerian royalty pick you out of the 6 billion people on Earth to entrust with millions of dollars? Why would someone be willing to give you so much money for working so few hours a day? * Question their identity: do some background research. Does the supposed royalty mentioned in a 419 email really exist? Does the company in a mule scam really exist? Be careful though: 419 scammers sometimes use a real news story of a national uprising to explain why they may be fleeing a country, and mule scam operators often set up a very legitimate looking business web site. Of course, as Internet users, we all need to take certain technical precautions such as antivirus software to secure our computers. But just as you would if you were walking through a dangerous neighbourhood, you always need to keep your wits about you and think critically about anything you read or are offered. For further reading, the Stay Smart Online web site
Good Luck to you.
Cinical Psychiatrist, France
Excuse my english please.
2006-10-26 10:49:41 · answer #4 · answered by MINDDOCTOR 7 · 0⤊ 0⤋