stubborn Keylogger !

  • Thread starter Thread starter RJK
  • Start date Start date
R

RJK

Hi,

I've got a XP Pro SP2 machine on the bench that has/had/or maybe still has a
keylogger in it.
AVG / Ewido scan found it and seemed to remove it, but, I'm sure there's
something quite nasty still in there.
AVG anti-virus wouldn't install - it's as though something is blocking it
from being installed.
Adaware didn't really find anything, and seems to be not functioning
properly in Safe Mode - it becomes unresponsive.

....and Multi-av - which I copied across in Safe mode from a USB pen-drive =
press 1 for the Sophos sweep and multi-av just vanishes. Press (2) for
Trend, and apparantly psapi.dll is missing (it's not - it is present in
system32).
....anyhow (1) Sophos and (2) Trend scans will not run.
Several previous attempts to start multi-AV sweeps 1 and 2, in Normal and
Safe Mode caused XP to shut down !

.....Mcafee (3) in multi-av is running in Windows "Diagnostic startup - basic
services etc" mode ...is that any good ?

This machine was built and configured by a real PC clever clogs, who built
it for his girlfriend, ...long story ...relationship broke up, ...PC has
been a nightmare ever since, ...I'm told by the young ladys' father !!! I
have a strong suspicion that this keylogger was installed by him and not
picked up on the web, ...though of course that could be complete rubbish.

.....where do I start ?

Mcafee just found "Generic Pup.a.Temp\DealioKit1-stub-0.exe ... "
....I'll Google on that in a minute....
.....interesting Google results....

any tips appreciated,

regards, Richard
 
From: "RJK"

| Hi,
|
| I've got a XP Pro SP2 machine on the bench that has/had/or maybe still has a
| keylogger in it.
| AVG / Ewido scan found it and seemed to remove it, but, I'm sure there's
| something quite nasty still in there.
| AVG anti-virus wouldn't install - it's as though something is blocking it
| from being installed.
| Adaware didn't really find anything, and seems to be not functioning
| properly in Safe Mode - it becomes unresponsive.
|
| ...and Multi-av - which I copied across in Safe mode from a USB pen-drive =
| press 1 for the Sophos sweep and multi-av just vanishes. Press (2) for
| Trend, and apparantly psapi.dll is missing (it's not - it is present in
| system32).
| ...anyhow (1) Sophos and (2) Trend scans will not run.
| Several previous attempts to start multi-AV sweeps 1 and 2, in Normal and
| Safe Mode caused XP to shut down !
|
| ....Mcafee (3) in multi-av is running in Windows "Diagnostic startup - basic
| services etc" mode ...is that any good ?
|
| This machine was built and configured by a real PC clever clogs, who built
| it for his girlfriend, ...long story ...relationship broke up, ...PC has
| been a nightmare ever since, ...I'm told by the young ladys' father !!! I
| have a strong suspicion that this keylogger was installed by him and not
| picked up on the web, ...though of course that could be complete rubbish.
|
| ....where do I start ?
|
| Mcafee just found "Generic Pup.a.Temp\DealioKit1-stub-0.exe ... "
| ...I'll Google on that in a minute....
| ....interesting Google results....
|
| any tips appreciated,
|
| regards, Richard
|



1. Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe

2. Disable Notepad's word wrap:
In Notepad.exe Format --> uncheck "Word wrap"

3. Download/run Deckard's System Scanner:
http://www.techsupportforum.com/sectools/Deckard/dss.exe

4. Save the scan results (Main.txt and Extra.txt)

5. And then post the contents of Main.txt and Extra.txt in your post in one of the below
expert forums...


{ Please - Do NOT post the HJT and Deckard's System Scanner Logs here ! }

Forums where you can get expert advice for HiJack This! (HJT) and Deckard's System Scanner
Logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Rem...o_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.malwarebytes.org/forums/index.php?showforum=7
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
Big thanks, ...will do,
...(4) Kaspersky sweep is running on it atm, am tempted to terminate it !
....just what are all those "error : delete wrong pointer" 's ? :-)

regards, Richard


"David H. Lipman" wrote in message
news:e0XkLkrjIHA.2304@TK2MSFTNGP05.phx.gbl...
> From: "RJK"
>
> | Hi,
> |
> | I've got a XP Pro SP2 machine on the bench that has/had/or maybe still
> has a
> | keylogger in it.
> | AVG / Ewido scan found it and seemed to remove it, but, I'm sure
> there's
> | something quite nasty still in there.
> | AVG anti-virus wouldn't install - it's as though something is blocking
> it
> | from being installed.
> | Adaware didn't really find anything, and seems to be not functioning
> | properly in Safe Mode - it becomes unresponsive.
> |
> | ...and Multi-av - which I copied across in Safe mode from a USB
> pen-drive =
> | press 1 for the Sophos sweep and multi-av just vanishes. Press (2) for
> | Trend, and apparantly psapi.dll is missing (it's not - it is present in
> | system32).
> | ...anyhow (1) Sophos and (2) Trend scans will not run.
> | Several previous attempts to start multi-AV sweeps 1 and 2, in Normal
> and
> | Safe Mode caused XP to shut down !
> |
> | ....Mcafee (3) in multi-av is running in Windows "Diagnostic startup -
> basic
> | services etc" mode ...is that any good ?
> |
> | This machine was built and configured by a real PC clever clogs, who
> built
> | it for his girlfriend, ...long story ...relationship broke up, ...PC has
> | been a nightmare ever since, ...I'm told by the young ladys' father !!!
> I
> | have a strong suspicion that this keylogger was installed by him and not
> | picked up on the web, ...though of course that could be complete
> rubbish.
> |
> | ....where do I start ?
> |
> | Mcafee just found "Generic Pup.a.TempDealioKit1-stub-0.exe ... "
> | ...I'll Google on that in a minute....
> | ....interesting Google results....
> |
> | any tips appreciated,
> |
> | regards, Richard
> |
>
>
>
> 1. Download and execute HiJack This! (HJT)
> http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe
>
> 2. Disable Notepad's word wrap:
> In Notepad.exe Format --> uncheck "Word wrap"
>
> 3. Download/run Deckard's System Scanner:
> http://www.techsupportforum.com/sectools/Deckard/dss.exe
>
> 4. Save the scan results (Main.txt and Extra.txt)
>
> 5. And then post the contents of Main.txt and Extra.txt in your post in
> one of the below
> expert forums...
>
>
> { Please - Do NOT post the HJT and Deckard's System Scanner Logs here ! }
>

>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
 
From: "RJK"

| Big thanks, ...will do,
| ..(4) Kaspersky sweep is running on it atm, am tempted to terminate it !
| ...just what are all those "error : delete wrong pointer" 's ? :-)
|
| regards, Richard
|

I don't know -- they can be ignored.

Please provide the URL of the expert forum you end up posting to.

BTW: I have updated the Multi-AV to v6.00 which includes the Trend Micro anti spyware
capability and other improvements. It is not yet available on PCTipp. However, if you
email me, I will provide you the URL of a site which will always host the latest build.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
Hi Richard!

I wondered if you would, please, ask Mr Lipman why he doesn't recommend
AumHa for reviewing HJT and Deckard's System Scanner logs. He won't give me
an answer, yet tells me that PA Bear *is* one of the good guys. BTW, I noted
that you never gave him - Mr Bear - the apology he demanded from you!
wink.gif


I'm afraid I fell foul of Mr Castner too. I got a funny feeling, though,
that there was a 'team' of people providing answers, not just one individual
(but all using the same name). Regardless, I may no longer post there - at
least that's what I've been told by Jim Eshelman!
smile.gif


Dave

PS With regard to your suspected Key-logger, I'd save any data required and
then flatten (remove *all* partitions) and re-install Windows from scratch.


"RJK" wrote in message
news:ui4wIwrjIHA.5724@TK2MSFTNGP03.phx.gbl...
> Big thanks, ...will do,
> ..(4) Kaspersky sweep is running on it atm, am tempted to terminate it !
> ...just what are all those "error : delete wrong pointer" 's ? :-)
>
> regards, Richard
 
Castner = waste of time and space :-)

re: the key-logger, the first thing I considered was was flattening it but,
I do love a challenge, ...will probably flatten it in the end !

I've made a bit of progress - since AVG anti-spyware quarantined
"dropper.small" and "Logger.banker,"
AVG anti-virus installed, (which it wouldn't before that), and is now
running a full sweep in Safe Mode.

A Panda online virus scan, earlier today, found two "critical" items but,
wouldn't tell me what they were, or clean them, until I paid, so bye bye
Panda :-)

regards, Richard


"~BD~" wrote in message
news:OlEDbzsjIHA.484@TK2MSFTNGP06.phx.gbl...
> Hi Richard!
>
> I wondered if you would, please, ask Mr Lipman why he doesn't recommend
> AumHa for reviewing HJT and Deckard's System Scanner logs. He won't give
> me an answer, yet tells me that PA Bear *is* one of the good guys. BTW, I
> noted that you never gave him - Mr Bear - the apology he demanded from
> you!
wink.gif

>
> I'm afraid I fell foul of Mr Castner too. I got a funny feeling, though,
> that there was a 'team' of people providing answers, not just one
> individual (but all using the same name). Regardless, I may no longer post
> there - at least that's what I've been told by Jim Eshelman!
smile.gif

>
> Dave
>
> PS With regard to your suspected Key-logger, I'd save any data required
> and then flatten (remove *all* partitions) and re-install Windows from
> scratch.
>
>
> "RJK" wrote in message
> news:ui4wIwrjIHA.5724@TK2MSFTNGP03.phx.gbl...
>> Big thanks, ...will do,
>> ..(4) Kaspersky sweep is running on it atm, am tempted to terminate it !
>> ...just what are all those "error : delete wrong pointer" 's ? :-)
>>
>> regards, Richard
>
>
 
Hi - thanks for responding, Richard.

"RJK" wrote in message
news:OOAIwMtjIHA.1744@TK2MSFTNGP05.phx.gbl...
> Castner = waste of time and space :-)

Please will you expand on that statement, Richard?

Anyone visiting AumHa will quickly see that he's the most prolific poster
there (day and night!) and appears to have an amazing depth of knowledge.

> re: the key-logger, the first thing I considered was was flattening it
> but, I do love a challenge, ...will probably flatten it in the end !

I've been just like you! Best of luck.
wink.gif


> I've made a bit of progress - since AVG anti-spyware quarantined
> "dropper.small" and "Logger.banker,"
> AVG anti-virus installed, (which it wouldn't before that), and is now
> running a full sweep in Safe Mode.

Let us know how you get on.

> A Panda online virus scan, earlier today, found two "critical" items but,
> wouldn't tell me what they were, or clean them, until I paid, so bye bye
> Panda :-)

I detest this kind of 'marketing' - there's no way that we, as users, can
know whether or not Panda is telling the truth. Have you tried Trend
'Housecall'?

> regards, Richard

Cheers, Dave


> "~BD~" wrote in message
> news:OlEDbzsjIHA.484@TK2MSFTNGP06.phx.gbl...
>> Hi Richard!
>>
>> I wondered if you would, please, ask Mr Lipman why he doesn't recommend
>> AumHa for reviewing HJT and Deckard's System Scanner logs. He won't give
>> me an answer, yet tells me that PA Bear *is* one of the good guys. BTW, I
>> noted that you never gave him - Mr Bear - the apology he demanded from
>> you!
wink.gif

>>
>> I'm afraid I fell foul of Mr Castner too. I got a funny feeling, though,
>> that there was a 'team' of people providing answers, not just one
>> individual (but all using the same name). Regardless, I may no longer
>> post there - at least that's what I've been told by Jim Eshelman!
smile.gif

>>
>> Dave
>>
>> PS With regard to your suspected Key-logger, I'd save any data required
>> and then flatten (remove *all* partitions) and re-install Windows from
>> scratch.
>>
>>
>> "RJK" wrote in message
>> news:ui4wIwrjIHA.5724@TK2MSFTNGP03.phx.gbl...
>>> Big thanks, ...will do,
>>> ..(4) Kaspersky sweep is running on it atm, am tempted to terminate it !
>>> ...just what are all those "error : delete wrong pointer" 's ? :-)
>>>
>>> regards, Richard
 
....and it looks like someone needs reporting to MS for abusing MS newsgroup
moderator priveleges !!

regards, Richard


"RJK" wrote in message
news:OOAIwMtjIHA.1744@TK2MSFTNGP05.phx.gbl...
> Castner = waste of time and space :-)
>
> re: the key-logger, the first thing I considered was was flattening it
> but, I do love a challenge, ...will probably flatten it in the end !
>
> I've made a bit of progress - since AVG anti-spyware quarantined
> "dropper.small" and "Logger.banker,"
> AVG anti-virus installed, (which it wouldn't before that), and is now
> running a full sweep in Safe Mode.
>
> A Panda online virus scan, earlier today, found two "critical" items but,
> wouldn't tell me what they were, or clean them, until I paid, so bye bye
> Panda :-)
>
> regards, Richard
>
>
> "~BD~" wrote in message
> news:OlEDbzsjIHA.484@TK2MSFTNGP06.phx.gbl...
>> Hi Richard!
>>
>> I wondered if you would, please, ask Mr Lipman why he doesn't recommend
>> AumHa for reviewing HJT and Deckard's System Scanner logs. He won't give
>> me an answer, yet tells me that PA Bear *is* one of the good guys. BTW, I
>> noted that you never gave him - Mr Bear - the apology he demanded from
>> you!
wink.gif

>>
>> I'm afraid I fell foul of Mr Castner too. I got a funny feeling, though,
>> that there was a 'team' of people providing answers, not just one
>> individual (but all using the same name). Regardless, I may no longer
>> post there - at least that's what I've been told by Jim Eshelman!
smile.gif

>>
>> Dave
>>
>> PS With regard to your suspected Key-logger, I'd save any data required
>> and then flatten (remove *all* partitions) and re-install Windows from
>> scratch.
>>
>>
>> "RJK" wrote in message
>> news:ui4wIwrjIHA.5724@TK2MSFTNGP03.phx.gbl...
>>> Big thanks, ...will do,
>>> ..(4) Kaspersky sweep is running on it atm, am tempted to terminate it !
>>> ...just what are all those "error : delete wrong pointer" 's ? :-)
>>>
>>> regards, Richard
>>
>>
>
>
 
MS newsgroups don't have moderators.

"RxK" wrote in message
news:edGf%23cEkIHA.4664@TK2MSFTNGP03.phx.gbl...
: ...and it looks like someone needs reporting to MS for abusing MS
newsgroup
: moderator priveleges !!
:
: regards, Richard
:
:
: "RJK" wrote in message
: news:OOAIwMtjIHA.1744@TK2MSFTNGP05.phx.gbl...
: > Castner = waste of time and space :-)
: >
: > re: the key-logger, the first thing I considered was was flattening it
: > but, I do love a challenge, ...will probably flatten it in the end !
: >
: > I've made a bit of progress - since AVG anti-spyware quarantined
: > "dropper.small" and "Logger.banker,"
: > AVG anti-virus installed, (which it wouldn't before that), and is now
: > running a full sweep in Safe Mode.
: >
: > A Panda online virus scan, earlier today, found two "critical" items
but,
: > wouldn't tell me what they were, or clean them, until I paid, so bye bye
: > Panda :-)
: >
: > regards, Richard
: >
: >
: > "~BD~" wrote in message
: > news:OlEDbzsjIHA.484@TK2MSFTNGP06.phx.gbl...
: >> Hi Richard!
: >>
: >> I wondered if you would, please, ask Mr Lipman why he doesn't recommend
: >> AumHa for reviewing HJT and Deckard's System Scanner logs. He won't
give
: >> me an answer, yet tells me that PA Bear *is* one of the good guys. BTW,
I
: >> noted that you never gave him - Mr Bear - the apology he demanded from
: >> you!
wink.gif

: >>
: >> I'm afraid I fell foul of Mr Castner too. I got a funny feeling,
though,
: >> that there was a 'team' of people providing answers, not just one
: >> individual (but all using the same name). Regardless, I may no longer
: >> post there - at least that's what I've been told by Jim Eshelman!
smile.gif

: >>
: >> Dave
: >>
: >> PS With regard to your suspected Key-logger, I'd save any data
required
: >> and then flatten (remove *all* partitions) and re-install Windows from
: >> scratch.
: >>
: >>
: >> "RJK" wrote in message
: >> news:ui4wIwrjIHA.5724@TK2MSFTNGP03.phx.gbl...
: >>> Big thanks, ...will do,
: >>> ..(4) Kaspersky sweep is running on it atm, am tempted to terminate it
!
: >>> ...just what are all those "error : delete wrong pointer" 's ? :-)
: >>>
: >>> regards, Richard
: >>
: >>
: >
: >
:
:
 
See thread above, Tom!
wink.gif


I noticed that RxK was a very similar handle to RJK - but I didn't
understand the meaning of his post either.

BD

"Tom [Pepper] Willett" wrote in message
news:e2n6RnEkIHA.3940@TK2MSFTNGP05.phx.gbl...
> MS newsgroups don't have moderators.
>
> "RxK" wrote in message
> news:edGf%23cEkIHA.4664@TK2MSFTNGP03.phx.gbl...
> : ...and it looks like someone needs reporting to MS for abusing MS
> newsgroup
> : moderator priveleges !!
> :
> : regards, Richard
> :
> :
> : "RJK" wrote in message
> : news:OOAIwMtjIHA.1744@TK2MSFTNGP05.phx.gbl...
> : > Castner = waste of time and space :-)
> : >
> : > re: the key-logger, the first thing I considered was was flattening it
> : > but, I do love a challenge, ...will probably flatten it in the end !
> : >
> : > I've made a bit of progress - since AVG anti-spyware quarantined
> : > "dropper.small" and "Logger.banker,"
> : > AVG anti-virus installed, (which it wouldn't before that), and is now
> : > running a full sweep in Safe Mode.
> : >
> : > A Panda online virus scan, earlier today, found two "critical" items
> but,
> : > wouldn't tell me what they were, or clean them, until I paid, so bye
> bye
> : > Panda :-)
> : >
> : > regards, Richard
> : >
> : >
> : > "~BD~" wrote in message
> : > news:OlEDbzsjIHA.484@TK2MSFTNGP06.phx.gbl...
> : >> Hi Richard!
> : >>
> : >> I wondered if you would, please, ask Mr Lipman why he doesn't
> recommend
> : >> AumHa for reviewing HJT and Deckard's System Scanner logs. He won't
> give
> : >> me an answer, yet tells me that PA Bear *is* one of the good guys.
> BTW,
> I
> : >> noted that you never gave him - Mr Bear - the apology he demanded
> from
> : >> you!
wink.gif

> : >>
> : >> I'm afraid I fell foul of Mr Castner too. I got a funny feeling,
> though,
> : >> that there was a 'team' of people providing answers, not just one
> : >> individual (but all using the same name). Regardless, I may no longer
> : >> post there - at least that's what I've been told by Jim Eshelman!
smile.gif

> : >>
> : >> Dave
> : >>
> : >> PS With regard to your suspected Key-logger, I'd save any data
> required
> : >> and then flatten (remove *all* partitions) and re-install Windows
> from
> : >> scratch.
> : >>
> : >>
> : >> "RJK" wrote in message
> : >> news:ui4wIwrjIHA.5724@TK2MSFTNGP03.phx.gbl...
> : >>> Big thanks, ...will do,
> : >>> ..(4) Kaspersky sweep is running on it atm, am tempted to terminate
> it
> !
> : >>> ...just what are all those "error : delete wrong pointer" 's ? :-)
> : >>>
> : >>> regards, Richard
> : >>
> : >>
> : >
> : >
> :
> :
>
>
>
 
I suspected that skulduggery was going on, and my posts were being blocked
seeing as I couldn't see some of them on this thread, and so I changed a
letter in my NG account details.
I reset this NG in case it was playing up - still nogo...
....haven't got around to changing it back yet !

regards, confused ...Richard


"~BD~" wrote in message
news:uMTBU3qkIHA.4140@TK2MSFTNGP04.phx.gbl...
> See thread above, Tom!
wink.gif

>
> I noticed that RxK was a very similar handle to RJK - but I didn't
> understand the meaning of his post either.
>
> BD
>
> "Tom [Pepper] Willett" wrote in message
> news:e2n6RnEkIHA.3940@TK2MSFTNGP05.phx.gbl...
>> MS newsgroups don't have moderators.
>>
>> "RxK" wrote in message
>> news:edGf%23cEkIHA.4664@TK2MSFTNGP03.phx.gbl...
>> : ...and it looks like someone needs reporting to MS for abusing MS
>> newsgroup
>> : moderator priveleges !!
>> :
>> : regards, Richard
>> :
>> :
>> : "RJK" wrote in message
>> : news:OOAIwMtjIHA.1744@TK2MSFTNGP05.phx.gbl...
>> : > Castner = waste of time and space :-)
>> : >
>> : > re: the key-logger, the first thing I considered was was flattening
>> it
>> : > but, I do love a challenge, ...will probably flatten it in the end !
>> : >
>> : > I've made a bit of progress - since AVG anti-spyware quarantined
>> : > "dropper.small" and "Logger.banker,"
>> : > AVG anti-virus installed, (which it wouldn't before that), and is now
>> : > running a full sweep in Safe Mode.
>> : >
>> : > A Panda online virus scan, earlier today, found two "critical" items
>> but,
>> : > wouldn't tell me what they were, or clean them, until I paid, so bye
>> bye
>> : > Panda :-)
>> : >
>> : > regards, Richard
>> : >
>> : >
>> : > "~BD~" wrote in message
>> : > news:OlEDbzsjIHA.484@TK2MSFTNGP06.phx.gbl...
>> : >> Hi Richard!
>> : >>
>> : >> I wondered if you would, please, ask Mr Lipman why he doesn't
>> recommend
>> : >> AumHa for reviewing HJT and Deckard's System Scanner logs. He won't
>> give
>> : >> me an answer, yet tells me that PA Bear *is* one of the good guys.
>> BTW,
>> I
>> : >> noted that you never gave him - Mr Bear - the apology he demanded
>> from
>> : >> you!
wink.gif

>> : >>
>> : >> I'm afraid I fell foul of Mr Castner too. I got a funny feeling,
>> though,
>> : >> that there was a 'team' of people providing answers, not just one
>> : >> individual (but all using the same name). Regardless, I may no
>> longer
>> : >> post there - at least that's what I've been told by Jim Eshelman!
smile.gif

>> : >>
>> : >> Dave
>> : >>
>> : >> PS With regard to your suspected Key-logger, I'd save any data
>> required
>> : >> and then flatten (remove *all* partitions) and re-install Windows
>> from
>> : >> scratch.
>> : >>
>> : >>
>> : >> "RJK" wrote in message
>> : >> news:ui4wIwrjIHA.5724@TK2MSFTNGP03.phx.gbl...
>> : >>> Big thanks, ...will do,
>> : >>> ..(4) Kaspersky sweep is running on it atm, am tempted to terminate
>> it
>> !
>> : >>> ...just what are all those "error : delete wrong pointer" 's ? :-)
>> : >>>
>> : >>> regards, Richard
>> : >>
>> : >>
>> : >
>> : >
>> :
>> :
>>
>>
>>
>
>
 
Hi Richard

I've located an 'old' thread from this group which you might find it of
interest to peruse
http://www.microsoft.com/communities/newsg...5cdbe812338&p=1

I started it - and called it 'The Newbies dilemma'.

Like you, I have suspected skulduggery here!
wink.gif


Dave

"RxK" wrote in message
news:OeMbZmrkIHA.4712@TK2MSFTNGP04.phx.gbl...
>I suspected that skulduggery was going on, and my posts were being blocked
>seeing as I couldn't see some of them on this thread, and so I changed a
>letter in my NG account details.
> I reset this NG in case it was playing up - still nogo...
> ...haven't got around to changing it back yet !
>
> regards, confused ...Richard
>
>
> "~BD~" wrote in message
> news:uMTBU3qkIHA.4140@TK2MSFTNGP04.phx.gbl...
>> See thread above, Tom!
wink.gif

>>
>> I noticed that RxK was a very similar handle to RJK - but I didn't
>> understand the meaning of his post either.
>>
>> BD
>>
>> "Tom [Pepper] Willett" wrote in message
>> news:e2n6RnEkIHA.3940@TK2MSFTNGP05.phx.gbl...
>>> MS newsgroups don't have moderators.
>>>
>>> "RxK" wrote in message
>>> news:edGf%23cEkIHA.4664@TK2MSFTNGP03.phx.gbl...
>>> : ...and it looks like someone needs reporting to MS for abusing MS
>>> newsgroup
>>> : moderator priveleges !!
>>> :
>>> : regards, Richard
>>> :
>>> :
>>> : "RJK" wrote in message
>>> : news:OOAIwMtjIHA.1744@TK2MSFTNGP05.phx.gbl...
>>> : > Castner = waste of time and space :-)
>>> : >
>>> : > re: the key-logger, the first thing I considered was was flattening
>>> it
>>> : > but, I do love a challenge, ...will probably flatten it in the end !
>>> : >
>>> : > I've made a bit of progress - since AVG anti-spyware quarantined
>>> : > "dropper.small" and "Logger.banker,"
>>> : > AVG anti-virus installed, (which it wouldn't before that), and is
>>> now
>>> : > running a full sweep in Safe Mode.
>>> : >
>>> : > A Panda online virus scan, earlier today, found two "critical" items
>>> but,
>>> : > wouldn't tell me what they were, or clean them, until I paid, so bye
>>> bye
>>> : > Panda :-)
>>> : >
>>> : > regards, Richard
>>> : >
>>> : >
>>> : > "~BD~" wrote in message
>>> : > news:OlEDbzsjIHA.484@TK2MSFTNGP06.phx.gbl...
>>> : >> Hi Richard!
>>> : >>
>>> : >> I wondered if you would, please, ask Mr Lipman why he doesn't
>>> recommend
>>> : >> AumHa for reviewing HJT and Deckard's System Scanner logs. He won't
>>> give
>>> : >> me an answer, yet tells me that PA Bear *is* one of the good guys.
>>> BTW,
>>> I
>>> : >> noted that you never gave him - Mr Bear - the apology he demanded
>>> from
>>> : >> you!
wink.gif

>>> : >>
>>> : >> I'm afraid I fell foul of Mr Castner too. I got a funny feeling,
>>> though,
>>> : >> that there was a 'team' of people providing answers, not just one
>>> : >> individual (but all using the same name). Regardless, I may no
>>> longer
>>> : >> post there - at least that's what I've been told by Jim Eshelman!
>>>
smile.gif

>>> : >>
>>> : >> Dave
>>> : >>
>>> : >> PS With regard to your suspected Key-logger, I'd save any data
>>> required
>>> : >> and then flatten (remove *all* partitions) and re-install Windows
>>> from
>>> : >> scratch.
>>> : >>
>>> : >>
>>> : >> "RJK" wrote in message
>>> : >> news:ui4wIwrjIHA.5724@TK2MSFTNGP03.phx.gbl...
>>> : >>> Big thanks, ...will do,
>>> : >>> ..(4) Kaspersky sweep is running on it atm, am tempted to
>>> terminate it
>>> !
>>> : >>> ...just what are all those "error : delete wrong pointer" 's ?
>>> :-)
>>> : >>>
>>> : >>> regards, Richard
>>> : >>
>>> : >>
>>> : >
>>> : >
>>> :
>>> :
>>>
>>>
>>>
>>
>>
>
>
>
 
The Newbies Dilemma

Google holds that thread too, Richard

You might find it easier to read there:-
http://groups.google.com/group/microsoft.p...2e80bf6d5c8fcbb

Dave

"RxK" wrote in message
news:OeMbZmrkIHA.4712@TK2MSFTNGP04.phx.gbl...
>I suspected that skulduggery was going on, and my posts were being blocked
>seeing as I couldn't see some of them on this thread, and so I changed a
>letter in my NG account details.
> I reset this NG in case it was playing up - still nogo...
> ...haven't got around to changing it back yet !
>
> regards, confused ...Richard
>
>
> "~BD~" wrote in message
> news:uMTBU3qkIHA.4140@TK2MSFTNGP04.phx.gbl...
>> See thread above, Tom!
wink.gif

>>
>> I noticed that RxK was a very similar handle to RJK - but I didn't
>> understand the meaning of his post either.
>>
>> BD
>>
>> "Tom [Pepper] Willett" wrote in message
>> news:e2n6RnEkIHA.3940@TK2MSFTNGP05.phx.gbl...
>>> MS newsgroups don't have moderators.
>>>
>>> "RxK" wrote in message
>>> news:edGf%23cEkIHA.4664@TK2MSFTNGP03.phx.gbl...
>>> : ...and it looks like someone needs reporting to MS for abusing MS
>>> newsgroup
>>> : moderator priveleges !!
>>> :
>>> : regards, Richard
>>> :
>>> :
>>> : "RJK" wrote in message
>>> : news:OOAIwMtjIHA.1744@TK2MSFTNGP05.phx.gbl...
>>> : > Castner = waste of time and space :-)
>>> : >
>>> : > re: the key-logger, the first thing I considered was was flattening
>>> it
>>> : > but, I do love a challenge, ...will probably flatten it in the end !
>>> : >
>>> : > I've made a bit of progress - since AVG anti-spyware quarantined
>>> : > "dropper.small" and "Logger.banker,"
>>> : > AVG anti-virus installed, (which it wouldn't before that), and is
>>> now
>>> : > running a full sweep in Safe Mode.
>>> : >
>>> : > A Panda online virus scan, earlier today, found two "critical" items
>>> but,
>>> : > wouldn't tell me what they were, or clean them, until I paid, so bye
>>> bye
>>> : > Panda :-)
>>> : >
>>> : > regards, Richard
>>> : >
>>> : >
>>> : > "~BD~" wrote in message
>>> : > news:OlEDbzsjIHA.484@TK2MSFTNGP06.phx.gbl...
>>> : >> Hi Richard!
>>> : >>
>>> : >> I wondered if you would, please, ask Mr Lipman why he doesn't
>>> recommend
>>> : >> AumHa for reviewing HJT and Deckard's System Scanner logs. He won't
>>> give
>>> : >> me an answer, yet tells me that PA Bear *is* one of the good guys.
>>> BTW,
>>> I
>>> : >> noted that you never gave him - Mr Bear - the apology he demanded
>>> from
>>> : >> you!
wink.gif

>>> : >>
>>> : >> I'm afraid I fell foul of Mr Castner too. I got a funny feeling,
>>> though,
>>> : >> that there was a 'team' of people providing answers, not just one
>>> : >> individual (but all using the same name). Regardless, I may no
>>> longer
>>> : >> post there - at least that's what I've been told by Jim Eshelman!
>>>
smile.gif

>>> : >>
>>> : >> Dave
>>> : >>
>>> : >> PS With regard to your suspected Key-logger, I'd save any data
>>> required
>>> : >> and then flatten (remove *all* partitions) and re-install Windows
>>> from
>>> : >> scratch.
>>> : >>
>>> : >>
>>> : >> "RJK" wrote in message
>>> : >> news:ui4wIwrjIHA.5724@TK2MSFTNGP03.phx.gbl...
>>> : >>> Big thanks, ...will do,
>>> : >>> ..(4) Kaspersky sweep is running on it atm, am tempted to
>>> terminate it
>>> !
>>> : >>> ...just what are all those "error : delete wrong pointer" 's ?
>>> :-)
>>> : >>>
>>> : >>> regards, Richard
>>> : >>
>>> : >>
>>> : >
>>> : >
>>> :
>>> :
>>>
>>>
>>>
>>
>>
>
>
>
 
It is very unfortunate when one stumbles across a person who has absolutely
no sense of humour, and even worse when one stumbles upon a lunatic who has
no sense of humour, no charisma, and is totally illiterate inasmuch as "he"
distorts the words of another, and then becomes wildly loud and even more
irrashional when corrected ! It's best to just ignore this type of
irrashional idiot, that often goes by more than one name. It simply not
possible to reason with a lunatic.

regards, Richard


"~BD~" wrote in message
news:eXBggJykIHA.1208@TK2MSFTNGP05.phx.gbl...
> Hi Richard
>
> I've located an 'old' thread from this group which you might find it of
> interest to peruse
> http://www.microsoft.com/communities/newsg...5cdbe812338&p=1
>
> I started it - and called it 'The Newbies dilemma'.
>
> Like you, I have suspected skulduggery here!
wink.gif

>
> Dave
>
> "RxK" wrote in message
> news:OeMbZmrkIHA.4712@TK2MSFTNGP04.phx.gbl...
>>I suspected that skulduggery was going on, and my posts were being blocked
>>seeing as I couldn't see some of them on this thread, and so I changed a
>>letter in my NG account details.
>> I reset this NG in case it was playing up - still nogo...
>> ...haven't got around to changing it back yet !
>>
>> regards, confused ...Richard
>>
>>
>> "~BD~" wrote in message
>> news:uMTBU3qkIHA.4140@TK2MSFTNGP04.phx.gbl...
>>> See thread above, Tom!
wink.gif

>>>
>>> I noticed that RxK was a very similar handle to RJK - but I didn't
>>> understand the meaning of his post either.
>>>
>>> BD
>>>
>>> "Tom [Pepper] Willett" wrote in message
>>> news:e2n6RnEkIHA.3940@TK2MSFTNGP05.phx.gbl...
>>>> MS newsgroups don't have moderators.
>>>>
>>>> "RxK" wrote in message
>>>> news:edGf%23cEkIHA.4664@TK2MSFTNGP03.phx.gbl...
>>>> : ...and it looks like someone needs reporting to MS for abusing MS
>>>> newsgroup
>>>> : moderator priveleges !!
>>>> :
>>>> : regards, Richard
>>>> :
>>>> :
>>>> : "RJK" wrote in message
>>>> : news:OOAIwMtjIHA.1744@TK2MSFTNGP05.phx.gbl...
>>>> : > Castner = waste of time and space :-)
>>>> : >
>>>> : > re: the key-logger, the first thing I considered was was flattening
>>>> it
>>>> : > but, I do love a challenge, ...will probably flatten it in the end
>>>> !
>>>> : >
>>>> : > I've made a bit of progress - since AVG anti-spyware quarantined
>>>> : > "dropper.small" and "Logger.banker,"
>>>> : > AVG anti-virus installed, (which it wouldn't before that), and is
>>>> now
>>>> : > running a full sweep in Safe Mode.
>>>> : >
>>>> : > A Panda online virus scan, earlier today, found two "critical"
>>>> items
>>>> but,
>>>> : > wouldn't tell me what they were, or clean them, until I paid, so
>>>> bye bye
>>>> : > Panda :-)
>>>> : >
>>>> : > regards, Richard
>>>> : >
>>>> : >
>>>> : > "~BD~" wrote in message
>>>> : > news:OlEDbzsjIHA.484@TK2MSFTNGP06.phx.gbl...
>>>> : >> Hi Richard!
>>>> : >>
>>>> : >> I wondered if you would, please, ask Mr Lipman why he doesn't
>>>> recommend
>>>> : >> AumHa for reviewing HJT and Deckard's System Scanner logs. He
>>>> won't
>>>> give
>>>> : >> me an answer, yet tells me that PA Bear *is* one of the good guys.
>>>> BTW,
>>>> I
>>>> : >> noted that you never gave him - Mr Bear - the apology he demanded
>>>> from
>>>> : >> you!
wink.gif

>>>> : >>
>>>> : >> I'm afraid I fell foul of Mr Castner too. I got a funny feeling,
>>>> though,
>>>> : >> that there was a 'team' of people providing answers, not just one
>>>> : >> individual (but all using the same name). Regardless, I may no
>>>> longer
>>>> : >> post there - at least that's what I've been told by Jim Eshelman!
>>>>
smile.gif

>>>> : >>
>>>> : >> Dave
>>>> : >>
>>>> : >> PS With regard to your suspected Key-logger, I'd save any data
>>>> required
>>>> : >> and then flatten (remove *all* partitions) and re-install Windows
>>>> from
>>>> : >> scratch.
>>>> : >>
>>>> : >>
>>>> : >> "RJK" wrote in message
>>>> : >> news:ui4wIwrjIHA.5724@TK2MSFTNGP03.phx.gbl...
>>>> : >>> Big thanks, ...will do,
>>>> : >>> ..(4) Kaspersky sweep is running on it atm, am tempted to
>>>> terminate it
>>>> !
>>>> : >>> ...just what are all those "error : delete wrong pointer" 's ?
>>>> :-)
>>>> : >>>
>>>> : >>> regards, Richard
>>>> : >>
>>>> : >>
>>>> : >
>>>> : >
>>>> :
>>>> :
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>>
>
>
 
Re: The Newbies Dilemma

I cast an eye down through these messages, and I don't follow them at all !

regards, Richard


"~BD~" wrote in message
news:OfCClLykIHA.5088@TK2MSFTNGP02.phx.gbl...
> Google holds that thread too, Richard
>
> You might find it easier to read there:-
> http://groups.google.com/group/microsoft.p...2e80bf6d5c8fcbb
>
> Dave
>
> "RxK" wrote in message
> news:OeMbZmrkIHA.4712@TK2MSFTNGP04.phx.gbl...
>>I suspected that skulduggery was going on, and my posts were being blocked
>>seeing as I couldn't see some of them on this thread, and so I changed a
>>letter in my NG account details.
>> I reset this NG in case it was playing up - still nogo...
>> ...haven't got around to changing it back yet !
>>
>> regards, confused ...Richard
>>
>>
>> "~BD~" wrote in message
>> news:uMTBU3qkIHA.4140@TK2MSFTNGP04.phx.gbl...
>>> See thread above, Tom!
wink.gif

>>>
>>> I noticed that RxK was a very similar handle to RJK - but I didn't
>>> understand the meaning of his post either.
>>>
>>> BD
>>>
>>> "Tom [Pepper] Willett" wrote in message
>>> news:e2n6RnEkIHA.3940@TK2MSFTNGP05.phx.gbl...
>>>> MS newsgroups don't have moderators.
>>>>
>>>> "RxK" wrote in message
>>>> news:edGf%23cEkIHA.4664@TK2MSFTNGP03.phx.gbl...
>>>> : ...and it looks like someone needs reporting to MS for abusing MS
>>>> newsgroup
>>>> : moderator priveleges !!
>>>> :
>>>> : regards, Richard
>>>> :
>>>> :
>>>> : "RJK" wrote in message
>>>> : news:OOAIwMtjIHA.1744@TK2MSFTNGP05.phx.gbl...
>>>> : > Castner = waste of time and space :-)
>>>> : >
>>>> : > re: the key-logger, the first thing I considered was was flattening
>>>> it
>>>> : > but, I do love a challenge, ...will probably flatten it in the end
>>>> !
>>>> : >
>>>> : > I've made a bit of progress - since AVG anti-spyware quarantined
>>>> : > "dropper.small" and "Logger.banker,"
>>>> : > AVG anti-virus installed, (which it wouldn't before that), and is
>>>> now
>>>> : > running a full sweep in Safe Mode.
>>>> : >
>>>> : > A Panda online virus scan, earlier today, found two "critical"
>>>> items
>>>> but,
>>>> : > wouldn't tell me what they were, or clean them, until I paid, so
>>>> bye bye
>>>> : > Panda :-)
>>>> : >
>>>> : > regards, Richard
>>>> : >
>>>> : >
>>>> : > "~BD~" wrote in message
>>>> : > news:OlEDbzsjIHA.484@TK2MSFTNGP06.phx.gbl...
>>>> : >> Hi Richard!
>>>> : >>
>>>> : >> I wondered if you would, please, ask Mr Lipman why he doesn't
>>>> recommend
>>>> : >> AumHa for reviewing HJT and Deckard's System Scanner logs. He
>>>> won't
>>>> give
>>>> : >> me an answer, yet tells me that PA Bear *is* one of the good guys.
>>>> BTW,
>>>> I
>>>> : >> noted that you never gave him - Mr Bear - the apology he demanded
>>>> from
>>>> : >> you!
wink.gif

>>>> : >>
>>>> : >> I'm afraid I fell foul of Mr Castner too. I got a funny feeling,
>>>> though,
>>>> : >> that there was a 'team' of people providing answers, not just one
>>>> : >> individual (but all using the same name). Regardless, I may no
>>>> longer
>>>> : >> post there - at least that's what I've been told by Jim Eshelman!
>>>>
smile.gif

>>>> : >>
>>>> : >> Dave
>>>> : >>
>>>> : >> PS With regard to your suspected Key-logger, I'd save any data
>>>> required
>>>> : >> and then flatten (remove *all* partitions) and re-install Windows
>>>> from
>>>> : >> scratch.
>>>> : >>
>>>> : >>
>>>> : >> "RJK" wrote in message
>>>> : >> news:ui4wIwrjIHA.5724@TK2MSFTNGP03.phx.gbl...
>>>> : >>> Big thanks, ...will do,
>>>> : >>> ..(4) Kaspersky sweep is running on it atm, am tempted to
>>>> terminate it
>>>> !
>>>> : >>> ...just what are all those "error : delete wrong pointer" 's ?
>>>> :-)
>>>> : >>>
>>>> : >>> regards, Richard
>>>> : >>
>>>> : >>
>>>> : >
>>>> : >
>>>> :
>>>> :
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>>
>
>
 
I trust you weren't referring to me Richard!
wink.gif

--
Dave

"RxK" wrote in message
news:%23$deUf0kIHA.464@TK2MSFTNGP02.phx.gbl...
> It is very unfortunate when one stumbles across a person who has
> absolutely no sense of humour, and even worse when one stumbles upon a
> lunatic who has no sense of humour, no charisma, and is totally illiterate
> inasmuch as "he" distorts the words of another, and then becomes wildly
> loud and even more irrashional when corrected ! It's best to just ignore
> this type of irrashional idiot, that often goes by more than one name. It
> simply not possible to reason with a lunatic.
 
Re: The Newbies Dilemma

Top Posting - Bad!

I expect some here on this n'g think I'm crazy - and perhaps I am!

Long ago I selected this newsgroup, called
'microsoft.public.security.virus', as an avenue for posting where no
Moderator was likely to remove posts I made. It had very little traffic - in
fact it still has few folk posting here.

Last week I started a thread entitled 'I've done both of these 'silly
things'!

Imagine the likelyhood of Leo, Peter Foldes and Dave H turning up to
respond - when none of them had posted at all in this group during 2008.

Do they monitor this group all the time? If so, *why* I wonder?

Perhaps all is not always as it seems on the surface!
wink.gif

--

Dave




"RxK" wrote in message
news:uNmyXg0kIHA.4480@TK2MSFTNGP03.phx.gbl...
>I cast an eye down through these messages, and I don't follow them at all !
>
> regards, Richard
>
>
> "~BD~" wrote in message
> news:OfCClLykIHA.5088@TK2MSFTNGP02.phx.gbl...
>> Google holds that thread too, Richard
>>
>> You might find it easier to read there:-
>> http://groups.google.com/group/microsoft.p...2e80bf6d5c8fcbb
>>
>> Dave
>>
>> "RxK" wrote in message
>> news:OeMbZmrkIHA.4712@TK2MSFTNGP04.phx.gbl...
>>>I suspected that skulduggery was going on, and my posts were being
>>>blocked seeing as I couldn't see some of them on this thread, and so I
>>>changed a letter in my NG account details.
>>> I reset this NG in case it was playing up - still nogo...
>>> ...haven't got around to changing it back yet !
>>>
>>> regards, confused ...Richard
 
Re: The Newbies Dilemma

"~BD~" wrote in message
news:%23E4BMO$kIHA.484@TK2MSFTNGP06.phx.gbl...
> Imagine the likelyhood of Leo, Peter Foldes and Dave H turning up to
> respond - when none of them had posted at all in this group during 2008.

> Do they monitor this group all the time? If so, *why* I wonder?
>

You are unbelievable! I did not take the trouble to check the others - you
can do that for yourself - but David H has been contributing to this
particular Newsgroup since at least 2004

> I expect some here on this n'g think I'm crazy - and perhaps I am!

As Eric Morecambe used to say - there's no answer to that!

--

Sandy
 
Re: The Newbies Dilemma

"Sandy Mann" wrote in message
news:ux%23igz$kIHA.4536@TK2MSFTNGP06.phx.gbl...
> "~BD~" wrote in message
> news:%23E4BMO$kIHA.484@TK2MSFTNGP06.phx.gbl...
>> Imagine the likelyhood of Leo, Peter Foldes and Dave H turning up to
>> respond - when none of them had posted at all in this group during 2008.
>
>> Do they monitor this group all the time? If so, *why* I wonder?
>>
>
> You are unbelievable! I did not take the trouble to check the others -
> you can do that for yourself - but David H has been contributing to this
> particular Newsgroup since at least 2004
>
>> I expect some here on this n'g think I'm crazy - and perhaps I am!
>
> As Eric Morecambe used to say - there's no answer to that!
>
> --
>
> Sandy

Hello Sandy - at least you read my post, albeit I suspect not carefully
enough!
wink.gif


I was referring to Dave H (See thread above this one) not David H Lipman.
*Were* you referring to Mr Lipman?
--
Dave

PS I'm sure you'll note other posts by Dave H if you review 'The Newbies
Dilemma'!
>
>
>
 
no, no, no ... :-)

....goodness me !

regards, Richard


"~BD~" wrote in message
news:uMa3XH$kIHA.3400@TK2MSFTNGP03.phx.gbl...
>I trust you weren't referring to me Richard!
wink.gif

> --
> Dave
>
> "RxK" wrote in message
> news:%23$deUf0kIHA.464@TK2MSFTNGP02.phx.gbl...
>> It is very unfortunate when one stumbles across a person who has
>> absolutely no sense of humour, and even worse when one stumbles upon a
>> lunatic who has no sense of humour, no charisma, and is totally
>> illiterate inasmuch as "he" distorts the words of another, and then
>> becomes wildly loud and even more irrashional when corrected ! It's
>> best to just ignore this type of irrashional idiot, that often goes by
>> more than one name. It simply not possible to reason with a lunatic.
>
>
 
Back
Top