Lainie49
asked on
PC Tattletale Removal
My XoftSpySE tells me I have PC Tattletale on my computer but that it cannot remove
c:\windows\system32\winloa d.exe
Does this mean it cannot delete Pc Tattletale? I have windows vista, by the way.
c:\windows\system32\winloa
Does this mean it cannot delete Pc Tattletale? I have windows vista, by the way.
Lainie49 - how did this spyware get onto your PC? Have you disabled UAC?
ASKER
No, I haven't disabled User Account Control, if that's what you're referring to. I originally had CoolWebSearch, the msconfig bug. XoftSpy removed everything but PC Tattletale and tells me it cannot remove c:\windows\system32\winloa d.exe because other programs are using it. I ran XoftSpy again and it still tells me the same thing.
Im just curious as to how Vista could get infected as easily as XP. Was this a clean install or an upgrade?
ASKER
Brand new computer pre loaded with vista. I'm thinking about this and wondering if I "accepted" this when I was in a hurry or something. I can't say that it isn't a possibility.
ASKER
Is the above solution by Sage the only way to remove it, by the way? I'm no computer expert and I don't want to screw up my new computer totally :-)
seems to be, although take a backup of your system before making these changes, including a backup of the registry. As its Vista, it should be pretty straight forward, although run regedit and export the entire registry to a file somewhere
ASKER
Ok, thanks so much for all your help. I'll let you know how it goes (if I don't screw up my computer).
ASKER
Has anybody tried to follow the directions for removal of Tattletale that are listed here for Vista? I don't find the same values as shown. I cannot find winload.exe at all. I'm still trying to figure out how this problem occurred. I went into my Windows Defender to try to update it and it will not update either.
I think it's because the keylogger has the same name as windows vista boot program. Wrong identification I suppose. There's no way such keylogger can infect Vista. The winload.exe is untouchable.
Interesting dilemma,
I was looking at this and found that PC tattletale is a parental control.
http://www.pctattletale.com/
http://www.download.com/3000-2092-10268339.html
If this has not been installed by a member of your household ( I cleaned from a client's machine and a jealous partner re-installed.)
http://www.symantec.com/security_response/writeup.jsp?docid=2005-062215-5127-99 helps and has detailed instructions for removal.
I was looking at this and found that PC tattletale is a parental control.
http://www.pctattletale.com/
http://www.download.com/3000-2092-10268339.html
If this has not been installed by a member of your household ( I cleaned from a client's machine and a jealous partner re-installed.)
http://www.symantec.com/security_response/writeup.jsp?docid=2005-062215-5127-99 helps and has detailed instructions for removal.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
PCTattletale Manual Removal:
Warning: The following instructions are only for advanced computer users. We recommend you to backup your system registry or create a System Restore Point before any risky step. We offers no warranty of any kind to manual operators. For common users we recommend to remove malwares using anti-spyware tools, such as PestPatrol, Spyware Doctor, BPS Spyware&Adware Remover, ...
To uninstall PCTattletale:
1. Terminate the processes in TaskManager:
msn6mngr.exe
Netlogon.exe
svchost.exe
Wincmd.exe
WinLoad.exe
WinSysMngr.exe
PCTT.exe
2. Click Start > Run. Type REGSVR32 -u <Dll_name>. Then click OK. Replace <Dll_name> with following:
%SystemRoot%\explorer32\ch
%SystemRoot%\MSN32.dll
3. Click Start > Run. Type regedit. Then click OK. Navigate to and delete the subkey:
HKEY_LOCAL_MACHINE\SOFTWAR
HKEY_LOCAL_MACHINE\SOFTWAR
HKEY_LOCAL_MACHINE\SOFTWAR
HKEY_LOCAL_MACHINE\SOFTWAR
HKEY_LOCAL_MACHINE\SOFTWAR
HKEY_LOCAL_MACHINE\SOFTWAR
HKEY_LOCAL_MACHINE\SOFTWAR
HKEY_LOCAL_MACHINE\SOFTWAR
HKEY_LOCAL_MACHINE\SOFTWAR
HKEY_LOCAL_MACHINE\SOFTWAR
HKEY_LOCAL_MACHINE\SOFTWAR
HKEY_LOCAL_MACHINE\SOFTWAR
HKEY_LOCAL_MACHINE\SOFTWAR
Navigate to the subkey: HKEY_LOCAL_MACHINE\SOFTWAR
"(default)" = "", "WinLoad" = "%System%\Winload.exe"
4. Remove these files in Explorer:
%SystemRoot%\Instructions.
%SystemRoot%\KbdMonitor.ex
%SystemRoot%\KbdMonitor.li
%SystemRoot%\mscomct2.ocx
%SystemRoot%\mscomctl.ocx
%SystemRoot%\msinet.ocx
%SystemRoot%\MSN32.dll
%SystemRoot%\mswinsck.ocx
%SystemRoot%\PCTT.exe
%SystemRoot%\tabctl32.ocx
%SystemRoot%\UninstallPCTT
%SystemRoot%\Unzip32.dll
%SystemRoot%\WinLoad.exe
%SystemRoot%\xwebpic10.ocx
%SystemRoot%\zip32.dll
5. Remove the directory in Explorer:
%SystemRoot%\explorer32\
%ProgramFiles%\Common Files\InstallShield\Driver