Highlighted
andrew655
Silver

SW.exe (silentspy) .... HOW DO I REMOVE?

I just realized i had some kind of keylogger on my computer.. (whenever it shutdown, the process called SW kept ending).  I searched for a solution but could not find.. Norton antivirus's way didnt help me because it wouldnt let me delete the registry keys...
 
ANY help please reply ASAP
 
thanks
0 Kudos
5 Replies
ky331
Diamond

Re: SW.exe (silentspy) .... HOW DO I REMOVE?

first off, are you sure your particular SW file is silent spy??   without more information, it could also be: 
 
Scrolling Window
Shadow Warrior
Smart Whois
 
or countless other programs.
 
Can you give us a complete pathname?   And on what basis do you believe it to be SilentSpy [or more generally, a keylogger], rather than anything else?
 

Message Edited by ky331 on 11-28-200607:26 PM

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

Windows 7 Pro SP1 (64-bit), avast! v17 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), uBlock Origin, CryptoPrevent, Secunia PSI.

[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
andrew655
Silver

Re: SW.exe (silentspy) .... HOW DO I REMOVE?

Well i got suspicious after my last few shutdowns when it kept having to end the SW process... so being cautious i searched sw.exe on the web, and i am almost certain it is a keylogger.  The Norton antivirus instructions explained where the registry for the keylogger was but i couldnt delete them.
 
that is why i am certain its a keylogger or trojan of some kind.  I cant find any real .exes anywhere on my c drive though.
 
Thanks
0 Kudos
ky331
Diamond

Re: SW.exe (silentspy) .... HOW DO I REMOVE?

I'm not saying it's NOT the silent spy keylogger... just that it doesn't HAVE to be it.
 
Since you really don't have enough information to offer a definitive diagnosis, I would suggest you follow these directions to create and post a HiJackThis Log, in the HJT forum.   The people there should be able to determine just what your particular SW program is, and if it's indeed a keylogger, they'll help you remove it:
 
Download a self-extracting copy of the latest version of HJT (HiJackThis) (version 1.99.1) from
Save it to your Desktop.
Double-click on the file    hijackthis_sfx.exe    file, and allow it to self-extract [by clicking on UnZip] into the suggested/default folder,
C:\Program Files\HijackThis
 
Use Windows Explorer to navigate your way into this folder, and then double click on HiJackThis.exe

Click on  Do a System Scan and Save a LogFile

This will automatically open NotePad

Copy the entire file from NotePad:  EDIT/SelectAll, EDIT/Copy

Then go to the forum dedicated for HiJack This logs (**NOT** back here), and  PASTE the results there:

http://forums.us.dell.com/supportforums/board?board.id=si_hijack

Be sure to include a detailed description of any problems/errors/warnings you are encountering.

Hopefully, one of the HJT experts will get to it as quickly as possible.

 

WARNING:  HiJack This is a VERY POWERFUL tool.  While it's  completely safe  for you to download, generate, and post your log (as described above), you should *NOT* attempt to do anything else (in particular, do NOT use it to delete/fix any entries) until you are advised to do so by a forum expert!!  Improper use of this tool can severely damage your system.

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

Windows 7 Pro SP1 (64-bit), avast! v17 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), uBlock Origin, CryptoPrevent, Secunia PSI.

[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
andrew655
Silver

Re: SW.exe (silentspy) .... HOW DO I REMOVE?

will do.
 
Thanks
0 Kudos
ky331
Diamond

Re: SW.exe (silentspy) .... HOW DO I REMOVE?

Andrew,
 
I see that you posted your HJT log, have been waiting a few days, and have now posted a 2nd/linked request.   I have sent a message to someone I know there, so hopefully, they will not overlook you much longer.

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

Windows 7 Pro SP1 (64-bit), avast! v17 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), uBlock Origin, CryptoPrevent, Secunia PSI.

[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos