AboutBrian Benosky Expertise I will help you in eradicating malware and all forms of virus/trojans/adware. I can answer all PC-related hardware issues. I can also troubleshoot Windows OS errors (including Vista) and other software problems. HijackThis logs are a MUST for virus related help. If you do not know how to do this, I have posted easy-to-follow instructions on the Ask a Question page. Every computer infection is different, so I will give you personal instructions on how to remove the malware, not a 'pat' answer. You can be assured of a prompt, polite, and knowledgeable response in all regards.
Experience I have over 25 years experience in using, building, and repairing computers. I have helped over a thousand people here on AllExperts, with consistent Top Feedback Scores. Please look at my answers here:
http://en.allexperts.com/q/Computer-Security-Viruses-1737/indexExp_84308.htm
I am also a Top Contributer of General Computing answers in Yahoo! Questions.
Education/Credentials College Educated
Self-taught Computer Skills
Question Hi Brian. Thank you for this forum to help people like me protect myself from spyware and other forms of things that can harm people on the computer. Here is my question. Someone put a kelogger program on my computer. I found out it is a program called web catcher. I hear it is one of the best programs out there. But here is the problem I have. I have the spy sweeper on my computer now and did a sweep but the the web watcher program did not come up but two other programs came up. Ultra view and some other one that I forgot the name of. The name what key somthing or other. Is Ultra View another name for Web Watcher or Is Web Watcher still on my computer. Also I have read that these programs really can damage your computer. Please explain the ins and out of these programs and how I can find out and make sure none of these programs can slow down and take information from my computer. Thank you for your help.
Answer Hi Robert
You are correct in that the two programs are one in the same. Ultraview Plus was a surveillance program developed by Awareness Technologies. It is now called WebWatcher, although Webroot's SpySweeper still refers to it as Ultraview Plus. According to Symantec, it must be installed manually. Any program that runs when your computer is on slows things down, some more so than others. As far as damaging the computer, WebWatcher won't harm your hardware, it just records keystrokes and is considered a privacy risk.
Please read the following, written by canadianhelper in the forums on answerbag.com:
Software keyloggers can be far more difficult to detect and remove, but the process should begin with some basic security troubleshooting procedures. First, update your antivirus and antispyware programs with the latest definitions. Next, because keylogging software starts automatically when you boot into Windows, it’s a good idea to boot into Safe Mode instead (so the OS only starts with a limited number of drivers and resources) and run scans to detect viruses and spyware from there. But if your antivirus and antispyware programs don’t nab a keylogging program, you’re not necessarily out of the woods yet.
Some keyloggers operating in stealth mode leave absolutely no clues that they’re running or even installed, as no traces appear in the processes list, Add/Remove Programs utility, or even the Windows Registry. But others do leave some tracks that can help you identify their presence. The most likely spot a keylogger will appear is on the Processes tab in the Windows Task Manager, which you can access by pressing CTRL-ALT-DELETE. Under Image Name, examine the listed processes and determine what each one does by running a Google search on the process name (some legitimate processes are easily recognizable, such as Acrobat.exe, Iexplorer.exe, and Winword.exe).
You can find more detailed information on processes with Process Explorer, a free utility from Sysinternals ( http://www.sysinternals.com/ ). Not only does Process Explorer display running processes, but it also reveals the location of the utility. For example, ExploreAnywhere Software’s Keylogger Pro appears simply as klp32.exe in Windows Task Manager, but Process Explorer reveals the true nature of this seemingly mysterious process by showing the full path: C:Program FilesExploreAnywhereKeyloggerP roklp32.exe.
Discovering the presence of a keylogger doesn’t guarantee you can easily eliminate it, though; many of these programs hide their uninstall utilities and can rebuild their directories if users try to delete files related to the programs. If you discover evidence of a keylogger on your system, try contacting your antivirus or antispyware software vendor for help on removing the program. If you’re using freeware security programs, you’ll need to research the problem yourself for tips on manually removing the keylogger, but plenty of help exists on the Web for keylogger removal.
Tread Carefully
Because keyloggers and similar surveillance software operate by spying on people, they’re instantly lumped in with other malicious programs designed to steal data. However, they’re legal to use for general surveillance and useful for parents, technicians, and employers who need to keep tabs on children, systems, and employees.
On the downside, keyloggers are easy to download, install, and hide from unsuspecting computer users, making them ripe for thieves and others looking to capture Social Security numbers, passwords, and other data. The use of keyloggers isn’t nearly as widespread as other malware, but users with a reason to suspect their systems are being monitored should take immediate steps to detect hidden keyloggers.
If you need help removing this or any other malware, please download TrendMicro HijackThis! from the following link: http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
* Save HJTInstall.exe to your desktop.
* Doubleclick on the HJTInstall.exe icon on your desktop.
* By default it will install to C:\Program Files\Trend Micro\HijackThis.
* Click on Install.
* It will create a HijackThis icon on the desktop.
* Once installed, it will launch Hijackthis.
* Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
* Click on "Edit > Select All" then click on "Edit > Copy" and Paste the entire contents of the log (no attachments) into a follow-up here. I will analyze the logs and respond with removal instructions.
