I have peoplepc online with a dial-up connection and Windows XP. Every time
I hit a key there is a clicking sound, like when you take a picture with a
flash camera.

I've done some research and found there is something new now where each key
you press is recorded and some software program lets you play back the
recording on the keys and through this method whatever you typed is displayed
on the screen. With the information the hacker can gain access to your
computer using some type of toolbar and change settings in your registry, add
something to a download, re-direct so that if you use dial-up it will connect
to their phone, where they can make long distance calls at your expense, and
the list goes on and on. They can change your homepage, and all types of
settings.

I know it's either a hacker or keylogger, but how do I get rid of this
without reformatting my hard drive?

--
Message posted via WindowsKB.com
http://www.windowskb.com/Uwe/Forums....owsxp/200512/1

From: "Blue Bonnet 777 via WindowsKB.com" <u17044@uwe>

| I have peoplepc online with a dial-up connection and Windows XP. Every time
| I hit a key there is a clicking sound, like when you take a picture with a
| flash camera.
|
| I've done some research and found there is something new now where each key
| you press is recorded and some software program lets you play back the
| recording on the keys and through this method whatever you typed is displayed
| on the screen. With the information the hacker can gain access to your
| computer using some type of toolbar and change settings in your registry, add
| something to a download, re-direct so that if you use dial-up it will connect
| to their phone, where they can make long distance calls at your expense, and
| the list goes on and on. They can change your homepage, and all types of
| settings.
|
| I know it's either a hacker or keylogger, but how do I get rid of this
| without reformatting my hard drive?
|

And you are an expert ? That is how you know it is a Hacker or a Keylogger ?

If it was tuly either, the software would NOT indicate its presence for fear off detection
and removal.

To be sure, you can use the following Multi AV Scanning Tool...


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *



--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Run Housecall, it will identify nasties & delete

http://housecall.trendmicro.com/

"Blue Bonnet 777 via WindowsKB.com" <u17044@uwe> wrote in message
news:59accb9771104@uwe...
> I have peoplepc online with a dial-up connection and Windows XP.
Every time
> I hit a key there is a clicking sound, like when you take a picture
with a
> flash camera.
>
> I've done some research and found there is something new now where
each key
> you press is recorded and some software program lets you play back the
> recording on the keys and through this method whatever you typed is
displayed
> on the screen. With the information the hacker can gain access to
your
> computer using some type of toolbar and change settings in your
registry, add
> something to a download, re-direct so that if you use dial-up it will
connect
> to their phone, where they can make long distance calls at your
expense, and
> the list goes on and on. They can change your homepage, and all types
of
> settings.
>
> I know it's either a hacker or keylogger, but how do I get rid of this
> without reformatting my hard drive?
>
> --
> Message posted via WindowsKB.com
> http://www.windowskb.com/Uwe/Forums....owsxp/200512/1

You may also just have keyclick enabled - search google
for keyclick.

Dear David,

Thank you for responding.

No, I'm not an expert, but my spyware program told me I had a toolbar
hijacker which came in through "Viewpoint." I also have tracking cookies
from Data Miner. Some are doubleclick, mediaplex, atdmt, advertising, and
something under HKEY_USERS:s-1-5-2-18871... (2 entries). Spybot knocked out
something and after whatever it was it took out a box appeared on my screen
that said "Legal Stuff." If you remove this some of your programs may not
work properly...see your user agreement. I believe this was through my dial-
up with PeoplePC, because I did a system restore and loaded PeoplePC again
and all that stuff was back on HKEY_USERS:s-1-5 etc.

I'm not an expert and I got rid of all the spyware on my old computer, even
though a computer expert told me it would be like trying to perform an
appendectomy with a butter knife. I did it (took two months) and my computer
was fine, but I bought another. Now it's happening all over again.

Why are people allowed to add things to the registry and put them in lockdown,
and why are people able to hijack a toolbar? Shouldn't our spyware, adware
and firewall protect us from this?

Thanks again, David.

I'll try your suggestion.




David H. Lipman wrote:
>From: "Blue Bonnet 777 via WindowsKB.com" <u17044@uwe>
>
>| I have peoplepc online with a dial-up connection and Windows XP. Every time
>| I hit a key there is a clicking sound, like when you take a picture with a
>[quoted text clipped - 12 lines]
>| I know it's either a hacker or keylogger, but how do I get rid of this
>| without reformatting my hard drive?
>
>And you are an expert ? That is how you know it is a Hacker or a Keylogger ?
>
>If it was tuly either, the software would NOT indicate its presence for fear off detection
>and removal.
>
>To be sure, you can use the following Multi AV Scanning Tool...
>
>Download MULTI_AV.EXE from the URL --
>http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
>To use this utility, perform the following...
>Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
>Choose; Unzip
>Choose; Close
>
>Execute; C:\AV-CLS\StartMenu.BAT
>{ or Double-click on 'Start Menu' in C:\AV-CLS }
>
>NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
>FireWall to allow it to download the needed AV vendor related files.
>
>C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
>This will bring up the initial menu of choices and should be executed in Normal Mode.
>This way all the components can be downloaded from each AV vendor's web site.
>The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
>
>You can choose to go to each menu item and just download the needed files or you can
>download the files and perform a scan in Normal Mode. Once you have downloaded the files
>needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
>during boot] and re-run the menu again and choose which scanner you want to run in Safe
>Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
>
>When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
>file. http://www.ik-cs.com/multi-av.htm
>
>* * * Please report back your results * * *
>

--
"Truth, like light, is often slanted."....c2005

Message posted via WindowsKB.com
http://www.windowskb.com/Uwe/Forums....owsxp/200601/1

Thank you,

I've tried so many of these and they identify the problem, then quarantine
and delete each time, but the stuff is in lockdown in my registry...so they
can't remove it.

Best,

Gel wrote:
>Run Housecall, it will identify nasties & delete
>
>http://housecall.trendmicro.com/

--
"Truth, like light, is often slanted."....c2005

Message posted via WindowsKB.com
http://www.windowskb.com/Uwe/Forums....owsxp/200601/1

Dear Mike,

Thanks, Mike.

I'll try that, but my spyware program told me there was a toolbar hijacker
which came in through Viewpoint. I believe when I used the Hallmark ecard
greeting site, a message appeared that I would be unable to view the card
unless I used java or some plug-in program. I downloaded whatever it was. I
think this plug-in was connected with AOL, because when I looked at the
Viewpoint file in my computer, I saw something about AOL and then I went
intoregedit and AOL was all through my registry. I don't have AOL, nor have
I ever. At any rate, I deleted the Viewpoint folders and files, and I am
also going to go into my registry and delete anything with AOL associated
with it.

Everytime I run Ad-Aware I get about 10 critical files now, but they're all
tracking cookies and from Data Miner and HKEY_USERS:s-1-5-2-18871...

I'll go to google and see what's up with click enable/disable though.

Thank you again.



Mike Fields wrote:
>> I have peoplepc online with a dial-up connection and Windows XP. Every time
>> I hit a key there is a clicking sound, like when you take a picture with a
>[quoted text clipped - 12 lines]
>> I know it's either a hacker or keylogger, but how do I get rid of this
>> without reformatting my hard drive?
>
>You may also just have keyclick enabled - search google
>for keyclick.

--
"Truth, like light, is often slanted."....c2005

Message posted via WindowsKB.com
http://www.windowskb.com/Uwe/Forums....owsxp/200601/1

Mike, I did the google search and checked and I do not have keyclick enabled.
Yet, this sounds more like a flash camera going off rather than a click.
Like someone's copying each page. Possibly some type of tracking.

Thanks Mike.

Best,

Tamara

Mike Fields wrote:
>> I have peoplepc online with a dial-up connection and Windows XP. Every time
>> I hit a key there is a clicking sound, like when you take a picture with a
>[quoted text clipped - 12 lines]
>> I know it's either a hacker or keylogger, but how do I get rid of this
>> without reformatting my hard drive?
>
>You may also just have keyclick enabled - search google
>for keyclick.

--
"Truth, like light, is often slanted."....c2005

Message posted via WindowsKB.com
http://www.windowskb.com/Uwe/Forums....owsxp/200601/1

Tamara Beryl Latham via WindowsKB.com wrote:

> Mike, I did the google search and checked and I do not have keyclick enabled.
> Yet, this sounds more like a flash camera going off rather than a click.
> Like someone's copying each page. Possibly some type of tracking.
>
> Thanks Mike.
>
> Best,
>
> Tamara
>
> Mike Fields wrote:
>
>>>I have peoplepc online with a dial-up connection and Windows XP. Every time
>>>I hit a key there is a clicking sound, like when you take a picture with a
>>
>>[quoted text clipped - 12 lines]
>>
>>>I know it's either a hacker or keylogger, but how do I get rid of this
>>>without reformatting my hard drive?
>>
>>You may also just have keyclick enabled - search google
>>for keyclick.
>
>

Do a search on the system for all .wav files. Listen to them to locate
the same sound. Found out what directory it's in. That might give you
a clue as to the program.

--
Rock
MS MVP Windows - Shell/User

Start>settings>control panel>sounds and audio devices.
Hit the sounds tab

Scroll down the list in the white box and see if "Start Navigation has a
little speaker icon next to it. You can test any that have that icon by
highlighting the sound and pressing the little media player type arrow. If
this is set as the start navigation sound it will occur each time IE changes
pages etc.

Alternatively search for a file called start.wav and play it... is that the
sound?

ICQ and maybe other instant messenger programs sometimes have this sound
turned on for keys by default, it's not impossible it's got stuck on.

In fact highlight and test all of the sounds that have a little speaker icon
in that list, if it's one of them then maybe the list will help show what it
is because other programs can add to that list.

Charlie


"Tamara Beryl Latham via WindowsKB.com" <u17044@uwe> wrote in message
news:59bc18d608c21@uwe...
> Mike, I did the google search and checked and I do not have keyclick
> enabled.
> Yet, this sounds more like a flash camera going off rather than a click.
> Like someone's copying each page. Possibly some type of tracking.
>
> Thanks Mike.
>
> Best,
>
> Tamara
>
> Mike Fields wrote:
>>> I have peoplepc online with a dial-up connection and Windows XP. Every
>>> time
>>> I hit a key there is a clicking sound, like when you take a picture with
>>> a
>>[quoted text clipped - 12 lines]
>>> I know it's either a hacker or keylogger, but how do I get rid of this
>>> without reformatting my hard drive?
>>
>>You may also just have keyclick enabled - search google
>>for keyclick.
>
> --
> "Truth, like light, is often slanted."....c2005
>
> Message posted via WindowsKB.com
> http://www.windowskb.com/Uwe/Forums....owsxp/200601/1