HPE Community
Operating System - Microsoft
1823067 Members
3227 Online
109645 Solutions
New Discussion юеВ

Realtime Spy kills Ad Aware and Spybot Search and Destroy

 
Ron Kinner
Honored Contributor

тАО03-03-2004 09:27 AM

тАО03-03-2004 09:27 AM

Realtime Spy kills Ad Aware and Spybot Search and Destroy

Just want to share some information about Realtime Spy (A keyboard logger which sends its information to a website so you can monitor it remotely). A friend of mine installed it on his own computer because he wanted to see what his kids were up to. It brought up an error message about C:\winnt\winsrc.exe and also killed both Ad Aware and Spybot Search and Destroy and he wanted to get rid of it but didn't know how so he brought it to me. The thing has a lot of stealth technology and did not show up in the Control Panel / Add/Remove Programs nor did it show up in the MSconfig or in any of the usual spots in the registry or win.ini or startup folder. I still don't know how it starts. However a search for files added in the last day showed that a file called ntinvisible.dll had been added down in C:\winnt at the same time as winsrc.exe. I tried renaming both winsrc and ntinvisible but permission was denied. Booted to Safe Mode with Command prompt and was able to rename them. After rebooting, Ad-Aware and Spybot both worked and the error message is gone so I think I killed it. Just thought this information might be useful.

Ron
0 Kudos
Reply
14 REPLIES 14
Roger Faucher
Honored Contributor

тАО03-03-2004 03:21 PM

тАО03-03-2004 03:21 PM

Re: Realtime Spy kills Ad Aware and Spybot Search and Destroy

Ron:

Thanks for the tip.

Roger
Make a great day!

Roger
0 Kudos
Reply
Ganesh Babu
Honored Contributor

тАО03-04-2004 07:40 AM

тАО03-04-2004 07:40 AM

Re: Realtime Spy kills Ad Aware and Spybot Search and Destroy

Hi Ron,
Thanks for the info.. this really helped one of co-worker home laptop..

One more thanks from my co-worker..

Ganesh
0 Kudos
Reply
Danny Khong_1
Advisor

тАО03-04-2004 01:31 PM

тАО03-04-2004 01:31 PM

Re: Realtime Spy kills Ad Aware and Spybot Search and Destroy

Ron, thanks a lot you are really a rare gem. We need more people like you to share without demanding much for a return. Microsoft and many others are too expensive.
Emptiness
0 Kudos
Reply
Ramesh Pakkath
Honored Contributor

тАО03-15-2004 07:08 AM

тАО03-15-2004 07:08 AM

Re: Realtime Spy kills Ad Aware and Spybot Search and Destroy

Hi Ron,

At times even Spybot or Adware fails to remove this appliaction. Just an info to manually remove Realtime-Spy from the machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.

Stop Running Processes:

Kill these running processes with Task Manager:
programfilesdir+\spytech software\spyanywhere\noserver.exebinkie.exe
rts.exe
rtsconfig.exe
stop-rts.exe

Remove these files (if present) with Windows Explorer:

programfilesdir+\spytech software\spyanywhere\monitoring.htm
programfilesdir+\spytech software\spyanywhere\noserver.exe
programfilesdir+\spytech software\spyanywhere\purchasing.htmbinkie.exe
help documentation.lnk
help.htm
license eula.lnk
read me.lnk
readme!.txt
rts.exe
rtsconfig.exe
stop-rts.exe

Ramesh Pakkath.
Nothing is "imPOSSIBLE"
0 Kudos
Reply
Ron Kinner
Honored Contributor

тАО03-15-2004 07:32 AM

тАО03-15-2004 07:32 AM

Re: Realtime Spy kills Ad Aware and Spybot Search and Destroy

Ramesh,

I don't recognize any of the programs you are talking about so there may be more than one version of Realtime Spy out there but thanks for the info.

Ron
0 Kudos
Reply
Ramesh Pakkath
Honored Contributor

тАО03-15-2004 07:45 AM

тАО03-15-2004 07:45 AM

Re: Realtime Spy kills Ad Aware and Spybot Search and Destroy

Your welcome Ron.
Nothing is "imPOSSIBLE"
0 Kudos
Reply
Jay_124
New Member

тАО04-02-2004 04:41 AM

тАО04-02-2004 04:41 AM

Re: Realtime Spy kills Ad Aware and Spybot Search and Destroy

Does this kill the entire program or just the fact that it blocks spybot and adaware?
0 Kudos
Reply
Bruno Ganino
Honored Contributor

тАО04-02-2004 05:07 AM

тАО04-02-2004 05:07 AM

Re: Realtime Spy kills Ad Aware and Spybot Search and Destroy

Thank you Ron,
This notice is very useful !
In fact i use ad-aware.
Thanx again.

Bruno
Torino (Turin) +2H
0 Kudos
Reply
Ron Kinner
Honored Contributor

тАО04-23-2004 03:15 PM

тАО04-23-2004 03:15 PM

Re: Realtime Spy kills Ad Aware and Spybot Search and Destroy

Jay, near as I can tell the program is gone. By removing the ntinvisible.dll file I killed the cloaking device so if it were still running I would see it.

Ron
0 Kudos
Reply
Antoniov.
Honored Contributor

тАО04-23-2004 08:20 PM

тАО04-23-2004 08:20 PM

Re: Realtime Spy kills Ad Aware and Spybot Search and Destroy

Ron,
if that software use any stealth technology, are you sure full removed it?
Do you checked there is no any comunication between PC and web (i.e. using netstat)?
May be software use also some regenerative algorithm.

Regards
@Antoniov
Antonio Maria Vigliotti
0 Kudos
Reply
Ron Kinner
Honored Contributor

тАО04-24-2004 12:00 AM

тАО04-24-2004 12:00 AM

Re: Realtime Spy kills Ad Aware and Spybot Search and Destroy

I used netstat -a, tcpview, process explorer and zone alarm on it and there is no sign of it. Also spybot and ad aware both ran and were allowed to remove anything they didn't like. I'm pretty sure it's dead.

Ron
0 Kudos
Reply
Thomas Bianco
Honored Contributor

тАО07-28-2004 02:17 AM

тАО07-28-2004 02:17 AM

Re: Realtime Spy kills Ad Aware and Spybot Search and Destroy

ron-

thanks for the info. i've thrown Winsrc.exe and ntinvisible.dll into our SMS reports panic list.

let me spend a bit of time cleaning up the SQL (it's rather messy, being adhoc and all) and i'll dump it out on another thread.
There have been Innumerable people who have helped me. Of course, I've managed to piss most of them off.
0 Kudos
Reply
Fred Rone
Advisor

тАО02-13-2005 04:00 PM

тАО02-13-2005 04:00 PM

Re: Realtime Spy kills Ad Aware and Spybot Search and Destroy

Just finished using Restore Plus cd and WinXP cd to repartion and format the drive.
Was at the end of my reasonable time frame to get my business working right!
Is it worth it to go back to my previous drive settings via Retrospect 6.0? Maybe, since It had all the programs I needed working right except for the coolwebsearch and vx2 infections it had on it that drove me nuts for 12 days, and was unable to remove as other post in other area states.
I can do it. I haven't loaded all of my stuff on the new partition yet. But need to be able to get my work printed out asap.
Fred
0 Kudos
Reply
Norman_21
Honored Contributor

тАО02-13-2005 06:10 PM

тАО02-13-2005 06:10 PM

Re: Realtime Spy kills Ad Aware and Spybot Search and Destroy

Ron,

Very useful info. I really admire the way you diagnose a problem!!!

"Attitudes are contagious, is yours worth catching"/ My first point was given by SEP on January 31, 2003
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.