Youtube showing my password instead of user name

Posted on 2009-04-14
Medium Priority
Last Modified: 2012-05-06
When i login in youtube using my gmail email id, it shows my password on top instead of user name. I m using IE 8 / Chrome on Vista home.
Please help me in this regard
Question by:Showkatdar
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 13
  • 11

Expert Comment

by:Gregg DesElms
ID: 24144595
You're talking about the URL, right?   But, really, now that I think about it, even if you're not; even if you're talking about up near the top of the page where the username normally shows...

...if I'm understanding you correctly, that would be a Youtube problem, not a browser problem...

...as is both just logical when it comes to URLs, just generally; and also as would be seemingly evidenced by the fact that both Microsoft's IE8 and Google's own Chrome browsers are both doing it.

If only IE8 did it, then I'd have told you that it's probaly all part of an ongoing problem that Google-owned sites, just generally, have been experiencing for a while now.  For example, for some months, now, not all GMAIL pages appear correctly in IE8 (or even in IE7), yet those same pages appear just fine in Firefox or Chrome... or even in Opera.  Had you said it only happened in IE, that would have been at least my first suspicion... based solely on it being a long-standing and reasonably well-known issue on which Google claims it's working... but who really knows.

But you're saying it's also happening in Chrome.  Well, that's Google's own product (and of course you know that Google owns Youtube).

So, I'd say it's not inherently a browser problem, per se.  It could still, I suppose, mean that something's amiss on your end, though (though I think it unlikely).  Some wacky memory or processor weirdness may be going on in your machine... maybe beause, for example, it's been too long since it was last rebooted; or maybe because there's a RAM paging problem; or maybe a video card problem.... something difficult-to-find, like that.

Without more information, it would be very difficult to nail this one down if, in fact, it really is something on your end.  How a web page displays (and Youtube pages are nothing but web pages) is largely under the control of the web page's author (that is, assuming that it's being displayed in a reasonably standards-compliant browser... which both IE and Chrome are).  Yes, indeed, arguments can be made as to just how standards compliant is IE, and I get that.  But the part of IE that's not as standards compliant as say, for example, Chrome or Foxfire would certainly not be the cause of the symptom you describe...

...that is, assuming you've described it with sufficient detail that it could possibly be diagnosed sufficiently adequately in a place like this... and you really haven't.  So the best I can do, sans more and better information from you, is what I've written here.

Can you be more precise/specific in your description of the symptom?  Or have I covered enough of how it all works that you kinda' know, now, what, if anything, to do next?

Author Comment

ID: 24145878
Dear DesElms,
Yes i m talking about user name which appears at the top of the page where the username normally is shown.
Rest What details you need, i will give u.
At the present i will give you few more information. I m using Toshiba U400 Laptop. I shutdown it on daily basis. Before few dayz every thing waz ok. It suddenly happened. I dont know why. Rest everything seems ok for me. Everything is working fine. I can surf perfectly, Can do chatting, Watch Videoz etc. Apart from that user name which is not displayed but my password iz being displayed instead in youtube.
I want to fix it. Might be i have downloaded and installed any programe which iz doing thiz all. Dont know exactly.
But if any other detail u need from my side i will provide u.
Thankx for the help and effort. Hope we will get some solution soon.
With Regards

Author Comment

ID: 24146095
After going through your comments i opened my youtube account in my office on my office desktop Pc. here too it iz same, showing my password not user name. Means issue in youtube not in my laptop, Right.
But then what should i do to fix it.
Thank you and Regards

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.


Expert Comment

by:Gregg DesElms
ID: 24150804
Okay... sorry to be so anally retentive, but I just want to make sure we're on the same page, here.  After you login to Youtube, at the very, absolutely upper-rightmost corner of the page, reading from RIGHT TO LEFT, we see:  Signout, then Help, then Quicklist, the Account, then what's supposed to be the username.   And are you saying, then, that what's showing in that spot where your username goes is your password?

If so, then something may actually be wrong on your end because I just logged-in to Youtube using my Google account, and it's my username, and not my password, that appears there... as it should be.

In fact, I just tried logging-in with IE7 (I haven't upgraded to IE8 yet... nor will I for a while), then Firefox, then Safari... heck, I even tried it on an old copy of Netscape...

...and with all of them, it's my username, and not my password that shows-up in that place (that is, assuming we're talking about the same place on the screen).

So, then... hmm... thinking...

...um.... well... this is a longshot... or... well... maybe it's not... the more I think about it, the more sense it starts to make.  Think about it, just logically... ask yourself:  Who might or would have a vested interest in your password being revealed... out in the clear... no longer hidden by dots or asterisks like passwords normally are?

I now suspect that maybe... just maybe... some kind of exploit has infected your machine... a clever trojan, perhaps... something programmed to reveal your password to someone who might even be able to see your screen... like he's looking over your shoulder.  (Creepy thought, eh?)

If I'm right (and I'm not saying that I am, but if I am), it's not really surprising that your office machine might also be infected.  Once someone's computer in one place is infected, then because they tend to have both machines protected (or not protected) in the same way, and visit the same web sites on both madchines, and share email or files between them, it's common for an infection to exist on two machines in two different places which are owned by the same person.

Of course, I'd have have to research it a bit and see if there's an exploit floating around out there which does this sort of thing...

...but were I you, I certainly wouldn't wait around for that!  Even if you're not actually infected, it couldn't hurt to take some time to really scour your machine for viruses, trojans, spyware, etc... and I don't mean in a casual way.

I don't know what anti-virus software you're using; or if you use, in addition, any anti-spyware.  I hope you use a firewall of some kind.  If not, then you certainly need one.

Rather than get into what are my specific recommendations, what anti-virus, anti-spyware, and firewall software are you using (if any)?

Author Comment

ID: 24151469
I m using Kaspersky 9 antivirus on my laptop and in office it is McAfee. Regarding firewall i m not using any on my laptop neither any spyware.
If i say you are right what should i do?
with this if i say you are right but at office also how come i m getting the same password instead of user name. I would have agreed with you if today i would not have check my account at office.I tried on  2-3 machines but same result.
Still tomorrow i will try to check again on other machines. Even tom i will try to change my gmail password and if comes same i will upload a snap shot of the same.
But Thankx for your deep concern
With Regards

Author Comment

ID: 24151578
What i did now, i logged in youtube on my laptop using another account (username), here it is working fine.Only issue comes when i use my gmail account (abovestars2) in youtube. On top it shows my password.
I guess some issue in my account while using youtube. Is it so??
How then it can be solved???
Tom i will try to change my password and if it happenz same i will try to upload the snap
Thank you and Regards

Author Comment

ID: 24155342
I changed my password in gmail, but still i m getting my old password as user name in youtube. Not getting why it is happening. I cant upload the snap coz i m using that password for all the accounts. Why it has happened.

Expert Comment

by:Gregg DesElms
ID: 24176115
I'm sorry I wasn't able to get back to this thread for a couple of days.  I got very busy helping a client with a real crisis.  But it's Saturday morning as I write this, and I'm here trying to get caught-up.  Again, I apologize.

Click on this link    http://tinyurl.com/dzqaxa    to see the results of a simple search on the word "password" in the Youtube support forums.  Were I you, I'd either scan through them and see if anyone else is experiencing the problem; or I'd post there what's happening.  I was looking through some of the posts, and, indeed, it seems that Youtube personnel monitor those forums and help people with their problems.  It's not just users helping users.  So there's at least one thing you can do... and I probably should have suggested it earlier.

There could also be something wrong with the way your computers are running scripts in the browser... probably javascript, but who knows what other scripts Youtube employs.  I'd have to look really closely at the SOURCE of its pages and see what all's in there... and I just don't have the time.   However, I bring it up because any number of browser plug-ins could be affecting the way your browser runs javascript (and other scripting languages).   It would be interesting to see if you have the problem running Internet Explorer with none of its add-ins, plug-ins, browser helper objects, etc. running.  Try this...

First, close all occurances of Internet Explorer and all other browsers.  Then pop-up a "Run" dialog, and type (or copy-and-paste from here) the following command into the "Open" field:

       C:\Program Files\Internet Explorer\iexplore.exe -extoff

That command will launch IE with no add-ons whatsoever running... "naked" IE, so to speak.  Once it's launced, go login to Youtube and see if the problem still exists.  I'd be very interested to know.

As for viruses, spyware, etc.,  you need to be running a firewall, anti-virus software, probably a host intrusion protection system (HIPS) utility, anti-spyware, registry-based browser "innoculation," a write-protected (read-only) "hosts" file, and a utility which monitors your browser's "home" page and notifies you if anything tries to change it.  In addition to realtime monitoring, you need to be doing periodic manual whole-system scans with more than one security product; and, of course, you need to make sure that each of your security products is constantly up-to-date.

Personally, I like the freebies.  I hate to pay for security products.  I like the vendors who see it as a necessary and important public service to provide top-flight security to everyone for free.  Here's what I use:

Comodo Internet Security (CIS) as firewall, anti-virus and HIPS.  CIS's firewall has no rival among the freeware firewalls... and, in fact, holds its own among the fee-based ones.  It's best-of-breed.  CIS's anti-virus is just now coming into its own... but is at least, now, reliable... even though it's still got a little ways to go before it's approaching perfect.  CIS's HIPS component (Defense+) is its least popular because some people think it's too aggressive... constantly popping-up and warning every time anything tries to open.  But once it's trained, it's fine.  Together, the three parts of CIS are quite possibly all anyone needs... but I still use some other things, to wit:

Spybot Search & Destroy (SS&D), but not as a primary anti-spyware product.  As that, SS&D can't hold a candle to two other products that I'm about to suggest.  However, SS&D's "hosts" file capability is nice, and I use it.  Its browser innoculation is also nice, and I use it; plus its realtime browser protection capability.  SS&D's "TeaTimer" HIPS is nice, but cryptic; and CIS's is better, so I don't use SS&D's HIPS.  And I rarely do whole system anti-spyware scans with SS&D because both of the following are better...

Malware Bytes (MB) is a freeware exploit detection scanner which has no rival except for...

SuperAntiSpyware (SAS) which, like MB, comes in a freeware and a paid version.  The freeware versions of neither SAS or MB will do realtime spyware monitoring, but that's okay.  I just make sure they're always up-to-date; and then I do manual scans with them weekly.  Additionally, by letting SAS start with Windows and sit in the system tray, it periodically updates itself; plus, it monitors my browser's "home" page and notifies if an exploit tries to change it.  (I used to use Spyware Guard (SG) for that, but SG hasn't been updated since 2004, and since SAS is already sitting in my system tray, I just let it handle that task.  By SAS sitting in my system tray, it is also present in my Windows Explorer right-click context menu so that I can SAS-scan individual files about which I may be suspicious (by merely installing MB, it is also on the right-click context menu).

And here's the thing: Though neither MB or SAS will catch absolutely everything, between the two of them used one after the other in any given weekly manual scanning session, about 99% of whatever might be there is discovered and eliminated.  Either of these products (MB and SAS) are fantastic.  But, together, they're killer!

Finally, I use Spyware Blaster (SB) as an even better (than SS&D) browser innoculator.  It's really good at the very limited (but necessary) thing that it does.  It's not an exploit scanner.  It's just an iinnoculator.   Period.  But it does what it does with aplomb.  And I highly recommend it.  The freeware version will not auto-update and auto-reinnoculate, so you must remember to do it manually... I usually do it at least twice a month.  Another nice thing about SB is that it protects more than just IE.  Other browsers like Firefox and Netscape, etc. are also protected.  It's a very slick little product.

Together, as something of a pseudo "security suite," this group of freeware products allow nothign through; or, if something does get through, it's quickly discovered and dispatched.  I could not more highly recommend them.

You're already using Kaspersky and McAfee... both good products.  Keep using them if you wish.  But you might want to add a firewall; and you might want to start using MB and SAS as additional periodic scanners.  Whether you also add SS&D and use it as I am would be your call.  Any part of CIS can be turned off, so if you wanted to download it and only use the firewall part of it, that would make some sense (and, in fact, Comodo knows that many of its CIS users only use its firewall because it's just so darned good!).  In any case, don't use the Windows firewall.  It's worthless.  Use Comodo's firewall, or some other well-known and highly-regarded freebie.

You may also want to consider finding a good anti-root kit utility (two of the best ones in the world are freeware) and see if it discovers anything.  If you can find a real techno-geek who really knows how to use SysInternals' "Rootkit Reavealer," that would be best.  It's best-of-breed... but requires a serious understanding of how to actually use it.  Absent that, such products as the venerable "GMER" or F-Secure's "Blacklight" or Trend Micro's "Rootkit Buster" all come to mind.

If you knew how to read a "HiJack This" log, that, too, would be helpful (though there are many forums out there with good folks in them who can help you with that... places where you can paste your HiJack This log and then have them tell you if anything seems suspicious.

Another thing to do might be to Google the word "ComboFix" and read-up on it; and see if it seems like that's a tool which you should try (it's not for the faint-of-heart, and should only be used when indicated).

Also... and here's the part of this posting where I'm kinda' gonna' get a little weird on you...

...I just went and looked at your "abovestars2" Youtube page, and you have obviously customized it a lot, and have a lot of videos there.  This means that you have a bit of a higher Youtube profile than the average user who just visits Youtube once in a while and views videos now and then, and then goes off and does something else.  I also notice that your videos are about Kashmir, and peace, and all that kind of stuff.

It's just my gut talking, mind you... just me listening to the little voice... but I wonder what kind of people might be upset by your Youtube page and its videos; or who might be suspicious of them.  I know this sounds nuts, but there are many nutty people in the world... ultra-right-wing Americans who fear and are suspicious of anyone and/or anything foreign... especially if it seems to them like it might be in any way related to middle-easterners... especially since 9/11 and the paranoia, spying and other illegalities of the Bush Administration.

Who knows who might not like your page and its videos; or who might try to harm you or it or them.  I mean... who really knows.  And what if whomever that is has the technical skill to somehow get a virus or keylogger or trojan or other exploit onto your computer(s).  There's also the possibility that you've somehow attracted the attention of some US government agency... the CIA or some other part of what is now called "Homeland Security."  Such agencies monitor cell phone traffic, and Internet connections for text strings "of interest."  For example, I guarantee you that my having typed "Kashmir" and "CIA" and "Homeland Security" into this post has been logged somewhere... and some government technician may or may not review this posting and... who knows... maybe I'll end-up on someone's radar somewhere.

I know it seems far-fetched, but just moments ago, I called a colleague of mine who lives in the Washington, DC area; and who does computer security work for... well... I shouldn't who it's for.  I'm not saying that it's deep dark secret spy stuff like something one sees in a bad movie or anything like that... but let's just say he knows what he's doing when it comes to this sort of thing.  Just for grins, I ran past him your symptom; and I had him look at your Youtube page.  That's all I did.  I didn't share with him any of my suspicions.  I just asked him for a gut, kneejerk, don't-overthink-it-type reaction...

...and he said, simply:  "Government spybot gone bad... maybe with a bug in it or something."

Which is exactly what I was thinking, and why I called him.

I'm not saying he's(we're) right.  He's(we're) probably not.  He said that, too... stressed it, even  It was just his gut reaction, all things considered, without his really having any time to really think it through.  

It's funny, though, that that was his first thought.  And mine.

We didn't talk about it much, though.  He made it very clear to me once, during an in-person conversation, that he had no confidence whatsoever that his phones and email are not monitored.  I intentionally changed the subject to asking about his kids and whether his ex-wife was still trying to make his life miserable.  And then we chit-chatted about several other inconsequential, small-talky things; and promised to stay in touch; and that was it.  No big deal.

I hate to even suggest any of this, because I don't want to come across like a paranoid, conspiracy-theory nutjob.  The likelihood that my suspicion is correct is EXTREMELY remote... very, very, very small.  Ridiculous, almost.

That said, such programs and software as CARNIVORE   http://en.wikipedia.org/wiki/Carnivore_(software)   and its alternative  ALTIVORE  and  NarusInsight   http://en.wikipedia.org/wiki/NarusInsight    and   ECHELON   http://en.wikipedia.org/wiki/ECHELON    exist and are real.  And are really used.  Sometimes (usually, in fact) against the completely innocuous and innocent... a bit less now, just since President Obama took office... but during the Bush Administation, it was downright rampant!  Worldwide.  Those living and working outside the US were (and still are) even *MORE* statistically likely to be the target of such systems.  I dare say that anyone with an interest in Kashmir might probably be a logical person of interest to those running them.  And such systems are supplanted by all manner of government-authored (or contracted) spybots and trojans and other spy tools which are sneaked onto the systems of the unsuspecting so that keeping track of them is a bit easier.  With the help of your ISP, such exploits can be easily pushed onto your system; and even if that hasn't happened, all someone wanting something like that on your system would have had to have done would be to email you in your language, claiming to love your Youtube site, and asking you to open an attached photograph of his family in Kashmir or something like that.

Again, I stress, this is a wild and highly unlikely theory.  But I fell compelled to put it out there, just in case.

Is anything like that what has happened to you?  Who knows.  Probably not.

Still... this symptom you have is very strange.  Very strange, indeed.  Though unlikely, who knows... there might be something my colleague's gut reaction... and mine.

That said, it could also be something as simple as that you have an add-in of some kind in your broswer(s) that's making them process javascript in a weird way... a fluke of some kind.  Simple as that.

And, of course, there's always the possibility that it's something on Youtube's end... not with everyone, obviously, but with any users who also happen to be using some browser plug-in that you're using or something like that.

Again, it would be interesting to see if IE still exhibits the symptom when run with no add-ins.  Please do that (pursuant to the instructions for same given earlier in this post) and report back.

Author Comment

ID: 24176287
Thankx for your Thoughts.
Well i tried  C:\Program Files\Internet Explorer\iexplore.exe -extoff
But of no use. Still the problem persists.
Here one important thing i would like to mention is, My Kaspersky is usually giving me message keylogger  like activity detected with a driver file. I have not completely focused on that.
But still i believe that some thing wrong in my youtube account.
I cant even use your suggested link (http://tinyurl.com/dzqaxa)
This too is logging me in using my password. Now big issue is that even if i change my password, still i m getting my old password as my user name which i really really dont want. I want to erase this. So many videos linked with this. Any body can easily catch me with this password.
What should i do. Please give me a good suggestion.
With Regards

Expert Comment

by:Gregg DesElms
ID: 24176320
Showkatdar wrote:  "My Kaspersky is usually giving me message keylogger  like activity detected with a driver file. I have not completely focused on that."

Well, you *need* to.  Many keyloggers focus on password fields.  Some also contain unmaskers which reveal the actual text characters behind the asterisks or dots that appear whenever one types into a password field, or one is displayed with a password already in it.  

Remember that exploit writing is nothing but programming; and programmers -- even exploit authors -- make mistakes.  There could be an exploit on your machine which has a bug in it; and, if so, then maybe it is that bug (in what is likely a keylogger... or maybe an enhanced keylogger) which is making said exploit incorrectly display your password up where the username goes on your Youtube pages.

In other words, if the guy who wrote the keylogger (or whatever else might be lurking on your machine which caused the symptom) were reading this thread, he'd be saying to himself, "Oh, crap!  There's a bug in my code!"  and then he'd go fix it and re-release keylogger (or whatever the exploit is) version 2 into the wild.

Again, I'm not saying, for sure, that it's even an exploit causing the problem.  But I sure as heck know this:  Until you're absolutely certain that your computer is squeaky-clean and exploit/malware free, it's difficult to pursue in good faith, and with enthusiasm, other leads.

You've got to get those machines exploit/malware free... no more Kaspersky keylogger errors.  Do that first, by whatever means... and I suggested several in my previous post.


Expert Comment

by:Gregg DesElms
ID: 24176328
What, precisely (and I mean verbatim) is the Kaspersky error or notice regarding that keylogger activity; and what, precisely is the filename and location (full path)?

Author Comment

ID: 24178340
Please see the attached Kaspersky Report file,Can we get something from there?

Author Comment

ID: 24178877
I m cleaning my pc with your suggested Pc. Let me see what happens after that.
Well I have not opened any attachment from any unknown person on my laptop. Never.
Second what u r guessing might be right, But dont know exactly.
But here my question is that, My youtube page has been exploited. It is not on only my Laptop it is comming, where ever i go, i get the same thing on every PC.
So Now the bug in My youtube Page aswell. Right!!! By what so ever means.
And also i agree some thing wrong with my laptop as well. I feel so, Some  Program is on my shoulders. Let me try to trace it out.
But now how come to fix my youtube issue. Is there any link where i can write to youtube directly. Please try to find a link like that.
With Regards

Author Comment

ID: 24178913

Further Deep going in to my issue, today i tried one more thing.

I tried to upload one video from my account, but unfortunately it is going under the name to my old password.
Then had a good loook on that Password. Youtube is treating it as username in youtube. So i tried to open it using www.youtube.com/username, it opened. Then i signed in using the same password as username and my current password as password. It works. It is opening. So one more user name in youtube. Welcome!!!
Surely Bug in youtube by what so ever means.
Can we write youtube so that they can fix it directly on their server, Is it possible dear.
Waiting for your suggestion.
And Thankx for your great support.
With Regards

Expert Comment

by:Gregg DesElms
ID: 24180184
It appears that a product called    "NetControl2"    is running on your system... and that Kaspersky is seeing it as a keylogger... which is one of the things that NetControl2 can do.  It is also capable of REMOTE DESKTOP VIEWING... which is precisely what I earlier suggested might be happening... that someone is able to "see" (as if over your shoulder) your screen.  Even worse, NetControl2 is capable of "broadcasting" your desktop to many other computers... not just one.


If you know nothing about this software, then what's likliest is that someone has installed the server component of the   "t-vnc"   product    http://www.netcontrol2.com/nc2features.html     onto your computer(s); and is using it to view/monitor everything you're doing on your machine(s).  That's just a guess, mind you.

It's entirely possible that everything you've done on your computer -- even my words that you're reading this very moment -- have all been seen and made known to others (possibly many, many others) out in the world.  If I were there, physically with your computer(s), I'll bet I could figure out who they are.  But I'm not... and I suspect that you do not have the technical skill to figure it out, so you just need to worry about putting a stop to it.

CLARIFICATION:  It's possible that it's not really the actual NetControl2 product itself -- at least not as downloadable and/or purchasable from the maker's web site -- that's running on your machine but, rather, a hacked/cracked piece of it... some part of it which may have been appropriated by an exploit author who then used that small piece of NetControl2 to build a completely different exploit of his own.  That, actually, is more likely.  That said, it's entirely possible that it is the NetControl2 product itself, as downloadable from the maker's web site, which is running on your machine.  Sometimes those who wish to spy on someone just use normal commercial products.  So who knows, at this point, precisely what's going on... but there's no question, at least, the some part (or maybe all of) NetControl2 is running on your machine.

Think.  Can you remember or imagine how and under what circumstances either NetControl2 (or something like it) could have been installed onto your machine(s)?  Is there someone else out in the world with whom you've agreed that he/she can access your machine remotely... perhaps for tech support or other purposes?  Or did you, yourself, install NetControl2... perhaps so that you could access one machine (work/home) from the other or something like that?  Do you have any idea how or why NetControl2 (or any program with does roughly what it claims to do) is present and running on your computer... seemingly without your knowledge?

As for a bug or exploit on your Youtube page... that's not what's happening.  And that can't happen, in any case.  Nothing you do can "infect" the Youtube web site.  It's not on your Youtube page where the problem is.  It's on your machine.

And as I actually thought about, but stopped myself from asking about because it would have meant asking you, here, what was your password (which I was trying to avoid), it sounds like your password has now become a username; and that maybe you've been logged into the newer password-named Youtube account all along.

If you didn't create that newer Youtube account, the username of which is actually your original Youtube account's password, then whomever has access to your computer using NetControl2 did.  Don't think of that second account as a new account which you own.  I mean... I suppose you could claim it as your own, now... but if you didn't create it, then it's technically the property of whomever is messing with you.  Of course, were I you, I wouldn't let that stop me from appropriating it, considering how it got created... but that's a moral/ethical argument for another time.

First you have to make sure that NetControl2 (or t-vnc) hasn't been installed onto your machine for a good reason... maybe because, for example, there is someone out there in the world whom you have authorized to access your machine using that product... for support services or whatever reason.  If so, and if you want to keep using that person's services, then you don't want to uninstall it...

...though you may want to have a chat with that person and find out if there's a way to shut it all off except whenever he needs to login to your machine... and always only when you know it's happening.  Personally, I'd ask him to use a different product... something that he can never use unless you know about it, and specifically authorize it... something like CROSSLOOP, for example... but that's just me.  

Regardless, you need to figure out if this software is something that's actually *SUPPOSED* to be on your machine... maybe you just forgot.  If it's not, then you need to get it off your machine.  Now.

If you're being spied upon as I think you are, then you're going to need to change every Internet password you have, everywhere you have one...  including the passwords for BOTH Youtube accounts.  And, ultimately, you'll probably want to delete the newer Youtube account whose username is your first Youtbue account's password.

But it won't do you any good to do any of that as long as anyone out there can still see everything you do.  So you have to get NetControl2 (or t-vnc, if that's what it is) off of your computer... that is, assuming it's something you don't want there.

Do you know how to figure out if  "NetControl2"  or  "t-vnc"  is running on your machine; and whether it's something that you once authorized?  If the latter, do you know how to talk to whomever put it there to figure out if it has been used against you somehow?  I mean, just generally, do you know what to do next?  If it's not something that you want on your machine, do you know how to stop it and get it off of your machine... and I mean COMPLETELY off your machine?  Do know how to remove it if it's not listed among your installed programs (and, therefore, should probably be treated more like a virus or other exploit)?

What kind of help, if any, do you need at this point?  I could go into the specific steps you should take if you want, but before going to all that trouble, I want to make sure that we're on the same page, here.

Author Comment

ID: 24184548
Thankx for your deep concern.
Well ist thing i want to say is that yes i have Net2Control installed on my PC but it is not a crack one. It is licensed. but anywayz i have uninstalled it, cleaned my PC using SuperAntiSpyware, Malware Bytes, Rootkitbuster. But still Kaspersky is giving me the same warning again and again.
Second How can i wipe out my password info from my youtube account. Is there any way to write directly to youtube people, so that they can fix my issue.
These two issues how come i can solve. If you could provide me any further help in this regard please.
With Regards

Expert Comment

by:Gregg DesElms
ID: 24187308
YOU WROTE:  "...yes i have Net2Control installed on my PC ... i have uninstalled it..."
But the question is, how did it get there in the first place?  Was it something which you installed (or allowed someone else to install), and so, therefore, is it something which you need on your machine; and, therefore, by your now having uninstalled it, will you be unable to do something which you need to be able to do (or is there someone else out there -- someonw providing you with some kind of support, for example -- who will now not be able to so do because it's gone)?  If so, then perhaps you should not have uninstalled it.
On the other hand, if that's not the case, then how did it get there in the first place?  Was it installed on your machine clandestinely... without your knowledge or permission; and, therefore, is it likely to be the spy for which we've been looking, here?
These are questions which need to be answered... in part so that we can know if there's still something spy-like for which we need to continue looking on your machine.
YOU WROTE:  "...still Kaspersky is giving me the same warning again and again."
Based on my reading about this thing, it surprises me not that its uninstaller left part (or, who knows, maybe even all) of it behind.

It's also possible (unlikely, mind you... but I'll throw it out there, just in case) that if it was clandestinely installed by someone; and if that someone is paying attention to what's going on here, then he may have used his access provided by NetControl2 to install some other means of accessing your machine just in case you uninstalled NetControl2; and then after you uninstalled it, he may have re-installed it or something wacky like that.  Again, I think likely not... but I'm just sayin'.  Let's leave that paranoid and probably over-the-top thought behind, though, and keep going, here...
NOTE:  Please read this entire posting, and make sure you really and truly understand it, before doing anything which this posting recommends doing.
There are two routes to your getting NetControl2 completely off your machine, once and for all...
  • The first method is the easiest, but may or may not, in the end, actually (or, perhaps more accurately, "completely") work.  It's so much easier, however, that it's worth a try, regardless... so this method is the one I recommend that you do next; and then only if it doesn't work should you worry very much about the second method.  This first method would, believe it or not, involve you actually re-installing NetControl2 (yes, you read that correctly... believe it or not); and then downloading and installing and using an uninstaller which will uninstall NetControl2 differently than you've already tried.  As part of what it does, this uninstaller that I will have you download and use will first run NetControl2's own uninstaller; but then, after that, it will go out and hunt down whatever files, folders and registry entries it can find which NetControl2's uninstaller may have left behind.
  • The second method is more labor intensive... and is a completely manual procedure which requires, among other things, a little bit of knowledge about how not to shoot yourself in the foot fiddling around in the registry.  The thing is, though, if the first method doesn't completely do it, then you're gonna' end-up having to do the second method anyway... so some people might just say to themselves something like, "Oh, what the hell... if there's a good chance that I'll have to do the second method anyway, then I'll just do that one in the first place and forget about the first method."  And if that's the way that you tend to be, and if you think you can do it, then perhaps you should just jump straight to the second method.  It's up to you.  It's just that the first method is so much easier and faster that I, for one, would definitely try it first.  But, again, it's up to you.

Download the free REVO UNINSTALLER    http://www.revouninstaller.com    and install it on your system.  REVO is one of the slickest and most useful pieces of freeware I've ever seen.  There are commercial, fee-based uninstallers which do what it does, but that's one of the things which make REVO so remarkable:  It's free.  And it works.  Boy, oh, boy does it ever work!  It is now the only uninstaller that I ever use...
...that is, unless I happen to need the one very slick thing which the free Z-Soft Uninstaller    http://www.zsoft.de    is capable of doing, and that's using its "Analyze" featiure to take a "snapshot" of the system prior to installing something, then using said "snapshot" to uninstall later if I ever decide to get rid of said something.  REVO won't do that (though, ohmygod, what a slick freebie it would be if it ever did, eh?).  But REVO does do something which the Z-Soft uninstaller won't do (and which Windows' own uninstaller also won't do), and that's hunt down (or at least do its best to attempt to hunt down) any and all files, folders and registry entries which the software's own uninstaller may have left behind.  It doesn't always completely work, mind you, but it comes so close most of the time that unless there's a reason why every last stinkin' piece of something must absolutely be removed, the REVO uninstaller does a good enough job that... well... like I said... it's the only uninstaller (except, occasionally, for Z-Soft) which I ever use anymore.  I don't think I've opened "Programs and Features" in "Control Panel" in... I dunno... months, I think, on my machine!
So, anyway... download and install the REVO uninstaller.
Then, believe it or not, re-install the NetControl2 software.  Sounds crazy, eh?  The reason is that REVO can't uininstall something which isn't listed as an installed program on your system.  Since you've already uninstalled NetControl2 (even though a whole bunch of it is obviously still there), said uninstallation has removed NetControl2 from your computer's list of installed programs when you go into "Programs and Features" in the "Control Panel."  So you must, believe it or not, reinstall NetControl2... but only as a formality.  You'll be removing it with REVO forthwith.  So, reinstall NetControl2.
Then reboot and relogin (and allow the machine to fully launch everything and settle down).
Then launch REVO.  It will make a big list of all installed programs (which will take a few seconds... you'll know it's done when there's finally a number next to the word "Found:" up near the top).  Once the list is done and REVO has settled down, and before actually beginning to use it to uninstall anything, click on the "Options" button, then click on the "Uninstall" item, and...
  • make sure that there is not a checkmark next to "Only run the built-in uninstaller"; and,
  • that there is a checkmark next to "Show system components," and also "Enable fast loading mode," and also "Delete leftover files and folders to the Recycle Bin;" and,
  • if you're running Vista, then make sure that "Show system updates" is not checked.  
Then click on "Okay" to close the "Options" dialog.
Scroll down the list of installed programs and find NetControl2.  Highlight it, and then click on the "Uninstall" button at the top.  You'll be asked to verify, which, of course you will do.  Then you'll be presented with four uninstall options.  
Choose the fourth, bottom-most "Advanced" option.  Then, click on "Next."  REVO will create a restore point, do an analysis, and then launch NetControl2's own uninstaller.  Do not be too eager to click on REVO's "Next" button again, even when it stops being "grayed-out" and becomes available for clicking.  Sometimes that "Next" button, at this point, becomes available for clicking before the program-to-be-uinstalled's own uninstaller finishes... on rare occasions, before it even launches.  Just be patient at this point and watch the screen closely.  Make sure that NetControl2's own uninstaller properly launches, and finishes.  Look down at the taskbar and make sure that one of Netcontrol2's own uninstaller dialogs isn't open, but unfocused (meaning that it's "hidden" behind the REVO window... that sometimes happens, too).  Just slow down and make absolutely certain that NetControl2's own uninstaller launches and does its thing... completely... and then...
...when you're fairly certain that it has, then, by all means, click on REVO's "Next" button.  REVO will then start hunting for files, folders and registry items which NetControl2's own uninstaller may have left behind (and we already know that it does that sort of nefarious thing, so it's definitely gonna' find something).  It can take a while.  Be very patient.  Don't launch other programs or do other stuff on the computer.  Give the machine to REVO.  Go get coffee or something.  Even if it seems, at some point, like REVO has stalled... just wait.  Patience is a virtue.
When it's done, REVO will tell you so and the green progress bar will be all the way at the right end; and the "Next" button will, once again, become clickable.
Click on the "Next" button and you will first be taken to the screen showing any files and/or folders which NetControl2 uninstaller left behind.
NOTE:  If REVO found no files/folders, then you will be taken straight to the screen showing any registry items which it found; or if there are even none of those, then you will be taken to a screen saying that REVO found nothing else and that it's done.  But I'll assume that it found some files/folders...
REVO isn't perfect, and on very, very rare occasons it will display files and/or folders which should not be deleted.  For that reason, you should review what's shown.  However, for the most part, REVO can be trusted and I, for one, have many times clicked on "Select All" at this point, and just went with it... especially because I know that it will all be deleted to the Recycle Bin (because of that checkmark we placed next to that choice back in the "Options" dialog), from which I can restore it if it turns out that REVO and I were wrong.  So, I dunno' about you, but I'd just click on the "Select All" button and put a checkmark next to everything, and move on.  If you're not that bold, then by all means review all items and make double-sure that they should really be deleted before putting a checkmark next to them.  Only that which you check will be removed by REVO.
Once you've checked everything that should be deleted, then click on the "Next" button.  You may (or may not) be asked to verify that you really want to delete what you've checked (which, of course, you do) and so, if asked, you should confirm that you do...
...and then you will be taken to the screen showing any registry items which the NetControl2 uninstaller left behind.  SLOW DOWN for a minute.  Read carefully...
Now, this can be decieving because you might think to yourself, "Geez, I don't want to delete all of those registry items... I need some of those."  Please note that REVO will show the full registry path, and put checkboxes next to higher-level items not directly related to what actually needs to be deleted... which might make a person worry that more than just what needs to be deleted is going to be deleted.  But note, also, that only the things which are bolded (in a boldface font) will actually be deleted, even if things higher in the path, which are unbolded, also get checkmarks put next to them.  REVO does this so that if there are ten gazillion bolded things, one can check all of them in one action by simply clicking on the unbolded thing immediately above them... higher-up in the registry path.  So never hesitate to just put a checkmark next to everything.  Again, only what's in a boldface font will actually be deleted!  (It's scary, but don't worry.)
NOTE:  Despite the "don't worry" parts of the above, you still need to look at what's bolded and make double-certain that it's actually related to NetControl2.  It quite likely is, even if it might not appear to be... and REVO is so good at this that you can probably trust it, regardless.  If REVO bolds it and says it should be removed, then it probably should.  (The only time, in my experience, that that likely wasn't true was one time when I tried to remove a .NET framework using REVO, and it bolded damned-near the entire registry... which I knew couldn't possibly be true... so I aborted, obviously.  Even REVO, now and then, isn't perfect.)
So put a checkmark next to at least what's bolded.  If there's so many things bolded that it would be easier to put checkmarks higher-up in the path to catch them all, then do so.  You can also safely use the "Select All" button because, one more time, only that which is bolded will actually be deleted.  
When you've checked whatever it is that you're going to check, then click on the "Next" button.  You should be taken to a screen that tells you that REVO has completed its uninstallation... and, if so, then you're done... or at least, you may be done.  REVO may also tell you that it's basically done, but that it won't really be done until you reboot... that certain things won't be deleted until the next restart of Windows or the machine.  And that's fine, because you're about to be instructed to reboot, regardless.
So, then, close REVO and reboot.  Better yet, completely shut-down the machine; then turn it back on again... for a really complete, so-called "cold" reboot (those are nearly always best, in any case).
Log back in and see if Kaspersky still thinks that   nckbdsup   is still running, and still thinks there's keylogger-like activity going on.  If not, then you may actually be done.  If so, I'd run a full manual Kaspersky whole-system scan; then reboot.  And then I'd re-run a manual, whole-system, thorough Malware Bytes scan, and then reboot.  And then I'd re-run a manual, thorough, whole-system SuperAntiSpyware scan, and then reboot.
If running the REVO uninstaller doesn't work, then you'll need to go to the second method...
...which I don't want to type into this post because the rich text mode editor is already acting so weirdly with this big post that I'm now worried that my browser's going to lock-up or something, and I'll lose all this work... so I'm going to post this much and then continue in a new post.  If you come here and read this one, just know that another one is coming...

Expert Comment

by:Gregg DesElms
ID: 24187804


Near the end of my previous post, I wrote:  "If not, then you may actually be done.  If so, I'd run a full manual..."

By "If so" in the second sentence, I mean "if you're actually done," not "if so" meaning that if Kaspersky still finds a problem.  Sorry for not being more clear.  My bad.

If Kaspersky still finds a problem, then you'd want to just skip manuals scans and go right to Method Two, in the next post.

Accepted Solution

Gregg DesElms earned 1500 total points
ID: 24189318
This method is more of a pain in the rear.  It involves manually trying to remove the NetControl2 software... or, at the very least, effectively doungle-checking REVO's work.  Using the tools I'm about to recommend, this second method goes faster than it would if you were just using Windows Explorer and the built-in-to-Windows registry editor (RegEdit)... but still, this second method isn't as easy or fast as if REVO is able to successfully do it.
Some people (and I'm one of them) don't completely trust REVO to get it all done in any case... at least not with something like NetControl2 which has already shown itself to be ill-behaved; and which, as far as I know, in this case, is little more than a trojan... or at least, for all I know, that has been its purpose on your machine.  Assuming that that's correct, then we by-golly need to get it off your machine...
...and so, as far as I'm concerned, were it my machine, I'd, at the very least, use information from this posting to circle back around behind REVO and double-check and make sure it got everything.  As part of that, were I to happen to find anything else using these techniques, then I'd obviously delete them, too.
So, for me, this whole thing would be a two-step process, involving both methods one and two, regardless... but that's just anally-retentive, overly-cautious, painfully-thorough me.  You may be okay with it all if REVO seems to get it done... and, if so, that's fine.  Do with this post, then, whatever you wish.  Assuming you're like me and want to make triple-net-certain that NetControl2 is by-golly off of your machine, let's continue...
Download the free "Everything" search tool from  http://www.voidtools.com
Download the free "RegSeeker" utility from  http://www.hoverdesk.net/freeware.htm
Install both the "Everything" and "RegSeeker" utilities.  I can't remember if either of them requires a restart of Windows, but if either of them do, then restart Windows.
NOTE:  RegSeeker is pretty cool, but it was definitely written for Windows XP, not Vista.  If one is running Vista, then RegSeeker can be extraordinarily useful in terms of its registry seeking and manipulation capabilities, but may or may not be particularly useful -- especially with regard to its tweaks -- on Windows Vista.  Whenever I recommend RegSeeker, it is only for its registry seeking (and editing or deletion, etc.) capabilities, and not for anything else... especially on Vista.  There are other tools that do the other things which RegSeeker also does, and which does them better.  So I am officially saying, right here and now, for the record (so that no one accuses me of recommending something here that later goofed-up their machine), that one should only use RegSeeker as a registry seeker, and nothing else.  On XP, it's other features might be okay; but don't fiddle with them for sure, on Vista... just to be safe... and even if it turns out that they woudn't hurt Vista after all.  Just be safe and don't use RegSeeker on Vista for anything other than what I'm about to describe herein as the way to use it.
RegSeeker's claim to fame is the speed and ease with which it searches the registry and presents results as a group which, either as a group, or each item individually, can then be deleted; or selected items can be edited.  It is far better (and faster) than Windows' native "RegEdit" (or even RegEdit with "RegEditX" added).  RegEdit(X) is not only slower, but doesn't list all results altogether after the search is complete.  There are commercial registry search tools that are faster than RegSeeker; but that's the reason I like RegSeeker:  It's probably the fastest of the freebies... and that's usually fast enough.
Everything's claim to fame is that it is, hands-down, the fastest file searcher ever written.  It is so fast, it will make the hair stand-up on the back of your neck.  It's unbelievable... far, far, far faster (and far more thorough) than Windows's own search (even if you're using the latest, greatest version thereof, and even of you've got it all configured and tweaked just so).  It's also far faster than any other desktop search product, bar none.  And I mean bar none.  It's faster than Copernic; it's faster than Google Desktop Search; it's faster than anything else you can think of.  Everything is scary fast.  Really, really fast.  And it's safe.  And free.  What more could a person ask.  Its only downside is that it can't (yet) search for text strings within files.  That's coming (and probably in 2009), say the makers of Everything; but it's not available yet.  For now, then, Everything just searches for files... diskwide or systemwide, at your option... and it bygod finds them... every single time... and fast.  So that's why I recommend it.  (I'm sorry... did I mention that it was fast?  It's really fast.) [grin]

You may (and I stress the word "may," not "will") also need some other tools (if you don't have them installed on your machine already).  They're all free.  They're all safe.  And everyone should have them on their machines -- especially Vista machines -- in any case.  They are:
Malware Bytes's free FILE ASSASSIN  http://www.malwarebytes.org/fileassassin.php
Malware Byte's free REG ASSASSIN   http://www.malwarebytes.org/regassassin.php
Cedrick Collumb's free UNLOCKER  http://ccollomb.free.fr/unlocker/
In addition, one should ensure that one has added the "Take Ownership" item to one's right-click context menu within Windows Explorer.  If one has not already done that, then one needs to read this web page   http://tinyurl.com/32hf32    and do what it says.
There's also a little utility which you probably won't actually need since what I've just recommended will, by hook or by crook, probably be enough.  Still, as long as you're downloading best-of-breed products which do what these products do, it couldn't hurt to have XPero's free "Take Control"    http://tinyurl.com/ctrffr    in your arsenal.  Download it, or not, entirely at your option.
Install them all.  Then reboot (or reboot as/if instructed during installation, then reboot again when they're all installed... I dunno... just 'cause).
I'm not going to take you through, step-by-step like I did in Method One because once I explain how it's all gonna' work, overall; and which tools do what, it should be pretty easy to figure out for yourself... even if you're not really very experienced with this sort of thing.
You will have two tasks in this method:  Firstly you will hunt-down files and folders which you need to delete; and, secondly, you will hunt-down registry entries which you need to delete.  Simple as that.
Though I will give you the specific paths to the files and folders that you need to look for so that you can just find them in Windows Explorer if you like, using the Everything search tool will jump you right to them... but fast.  The only problem with using Everything instead of just navigating to the file or folder manually, using Windows Explorer, is that if you use Everything, you need to pay attention to the path and make sure you're deleting the right file.  If any of the filenames used by NetControl2 happen to be the same as some other file somewhere else on the hard drive (which NetControl2 doesn't actually use), then you could, if you don't pay attention to the path in Everything (and by so doing, ebsure that the file you're about to delete is really related to NetControl2) then you could, by using Everything, delete the wrong thing.  SO BE CAREFUL if you use Everything for any of this.
The FILE ASSASSIN and the UNLOCKER tools are similar... and you may find that one works for you better than the other.  I, personally, prefer the UNLOCKER tool... it's really best-of-breed.  In either case, though, either FILE ASSASSIN or UNLOCKER will allow you to delete a file or folder which Windows says is in use, or is, for whatever other reason, locked and, therefore, undeletable by you.  If Windows tells you that you don't have the rights to delete it, ten that's a permissions issue which must first be resolved by another tool, which I'll cover in a moment.   If, however, the problem is simply that the file or folder you're trying to delete is locked, for whatever reason, then UNLOCKER will allow you to specify that you want it deleted, and you can, if it won't delete straightaway, specify that UNLOCKER should delete it when next the machine is rebooted... which nearly always works... hence the reason that UNLOCKER is so cool.  Just right-single-click on the file that you can't delete in Windows Explorer, and the scroll up/down on the right-click context menu until you see "Unlocker" and then click on it.  Then, from within the UNLOCKER dialog, try to delete it and, if it can't be done, specify that it should be done at the next reboot.  Simple as that.   Nearly always works perfectly.  It's amazing.
If the reason you can't delete a file or folder is because you don't have adequate permissions, then the first thing to do is right-single-click on the thing to be deleted and check its permissions and make sure that you have the necessary rights.  If it won't let you change the rights so that you can have complete control over whatever it is that you're trying to delete, then you'll probably need to first TAKE OWNERSHIP of it... hence the reason why you needed to add the "Take Ownership" item to the right-click context menu within Windows Explorer.  Simple right-single-click on the item over which you wish to take control, and select "Take Control."  A black "DOS" (command line" box may pop open for a second.  After it closes and all the dust settles, you should have ownership, and so can then go back into the permissions area and give yourself complete control over whatever it is you're trying to delete... after which, you should be able to.  And if you're not 'cause it's locked, then go back to the preceding paragraph and use UNLOCKER.
NOTE:  XPero's "Take Control" utility can also help with what's described in the preceding paragraph.  Personally, I prefer the right-click thing... but if you'd rather do it with XPero's utility, then fine.  It's your shot to call.  Usually, on the off chance that XPero's "Take Control" utility doesn't do it, the right-click thing will... hence the reason that I usually just go with that.  But, again, it's entirely at your option.
The specific folders which you are hunting down and seeking to delete are:
C:\Documents and Settings\All Users\Start Menu\Programs\Net Control 2\Chats
C:\Program Files\Net Control 2
C:\Program Files\Net Control 2\HTML
C:\Program Files\Net Control 2\HTML\images
C:\Program Files\Net Control 2\iAddon
C:\Program Files\Net Control 2\Interface
C:\Program Files\Net Control 2\Langs
C:\Program Files\Net Control 2\Profiles
C:\Program Files\Net Control 2\Uploaded files
C:\Program Files\Net Control 2\vhdriver
C:\Documents and Settings\All Users\Start Menu\Programs\Net Control 2\Batches
C:\Documents and Settings\All Users\Start Menu\Programs\Net Control 2
and here's the beauty of getting those foldery by-golly off yoru machine:  If you can get them deleted, then all the files within them will, of course, get automatically deleted, too... which means that you will not have to go hunting for (and deleting) any of the following individual files.  Sadly, however, if any of the below-listed files are in use by Windows whenever you try to delete the folder in which they reside, then said in-use files will be locked and undeleteable without the help of the UNLOCKER tool; and, if so, then you may have to delete the locked files using UNLOCKER, then reboot, then go back and delete the folders.  The first time you try to delete even a folder with locked files in it, at least the unlocked files should be deleted, leaving only the locked files still there... which, again, you would use UNLOCKER to delete; and, again, after the reboot, you'd then go back and try, again, to delete the folder in which they resided (which should delete this second time around because it should, with the help of UNLOCKER and a reboot, by then be empty).
Here is the long list of files which NetControl2 uses... any one (or some, or all) of which, you may also have to individually, painstakingly hunt-down and delete:
C:\Program Files\Net Control 2\Interface\ICONS0116.BMP
C:\Program Files\Net Control 2\Interface\righttools.ini
C:\Program Files\Net Control 2\Interface\thumbnails.bmp
C:\Program Files\Net Control 2\Interface\vdtools.BMP
C:\Program Files\Net Control 2\Langs\COMMANDS.CZE
C:\Program Files\Net Control 2\Langs\COMMANDS.ESP
C:\Program Files\Net Control 2\Interface\ICONS01.BMP
C:\Program Files\Net Control 2\HTML\images\ncabout_02.jpg
C:\Program Files\Net Control 2\Langs\COMMANDS.DEU
C:\Program Files\Net Control 2\iAddon\sporder.dll
C:\Program Files\Net Control 2\iAddon\nclspnt.dll
C:\Program Files\Net Control 2\iAddon\nclsp.dll
C:\Program Files\Net Control 2\iAddon\ncbho.dll
C:\Program Files\Net Control 2\HTML\images\ncabout_05.jpg
C:\Program Files\Net Control 2\Langs\COMMANDS.MAC
C:\Program Files\Net Control 2\HTML\images\ncabout_03.jpg
C:\Program Files\Net Control 2\Langs\MSG.DEU
C:\Program Files\Net Control 2\HTML\images\ncabout_04.jpg
C:\Program Files\Net Control 2\Langs\MSG.ESP
C:\Program Files\Net Control 2\Profiles\Enable all programs.tlp
C:\Program Files\Net Control 2\Profiles\Disable www_mydomain_com site (example).iap
C:\Program Files\Net Control 2\Profiles\Disable Uninstall Tools.ncp
C:\Program Files\Net Control 2\Profiles\Disable MS Word (example).tlp
C:\Program Files\Net Control 2\Profiles\Disable Internet access.iap
C:\Program Files\Net Control 2\Langs\TOPTOOLS.RUS
C:\Program Files\Net Control 2\Langs\toptools.deu
C:\Program Files\Net Control 2\Langs\interface.rus
C:\Program Files\Net Control 2\Langs\MSG.MAC
C:\Program Files\Net Control 2\Langs\COMMANDS.RUS
C:\Program Files\Net Control 2\Sender.exe
C:\Program Files\Net Control 2\Langs\MSG.CZE
C:\Program Files\Net Control 2\HTML\images\ncabout_01.jpg
C:\Program Files\Net Control 2\Langs\interface.MAC
C:\Program Files\Net Control 2\Langs\interface.esp
C:\Program Files\Net Control 2\Langs\interface.deu
C:\Program Files\Net Control 2\Langs\interface.cze
C:\Program Files\Net Control 2\Langs\MSG.RUS
C:\Program Files\Net Control 2\gralp10.dll
C:\Program Files\Net Control 2\startbdw6.exe
C:\Program Files\Net Control 2\ncjpeg.dll
C:\Program Files\Net Control 2\ncinstal.dll
C:\Program Files\Net Control 2\nchooks.dll
C:\Program Files\Net Control 2\ncbcs.dll
C:\Program Files\Net Control 2\MACROS.INF
C:\Program Files\Net Control 2\login.dat
C:\Program Files\Net Control 2\ncserver.cnt
C:\Program Files\Net Control 2\imgrescs.dll
C:\Program Files\Net Control 2\ncserver.exe
C:\Program Files\Net Control 2\gral98.dll
C:\Program Files\Net Control 2\gdiplus.dll
C:\Program Files\Net Control 2\connected.wav
C:\Program Files\Net Control 2\Configurator.exe
C:\Program Files\Net Control 2\Commands.ini
C:\Program Files\Net Control 2\bcview.dll
C:\Program Files\Net Control 2\BATCH.ICO
C:\Program Files\Net Control 2\LICENSE.RTF
C:\Program Files\Net Control 2\NETCTL.CHM
C:\Program Files\Net Control 2\WHATSNEW.RTF
C:\Program Files\Net Control 2\whatip.exe
C:\Program Files\Net Control 2\UReceiver.exe
C:\Program Files\Net Control 2\update.RTF
C:\Program Files\Net Control 2\startrecord.exe
C:\Program Files\Net Control 2\shellrun.exe
C:\Program Files\Net Control 2\Profiles\Guest mode (do not ... settings).ncp
C:\Program Files\Net Control 2\nckbdsup.sys
C:\Program Files\Net Control 2\NetCtl.exe
C:\Program Files\Net Control 2\HTML\ncabout.html
C:\Program Files\Net Control 2\NetChat.exe
C:\Program Files\Net Control 2\net.xml
C:\Program Files\Net Control 2\ncvserver.exe
C:\Program Files\Net Control 2\ncview.exe
C:\Program Files\Net Control 2\ncvhelper.exe
C:\Program Files\Net Control 2\nctcp4al.dll
C:\Program Files\Net Control 2\ncserver.hlp
C:\Program Files\Net Control 2\release.RTF
C:\Users\All Users\Start Menu\Programs\Net Control 2\Update notes.lnk
C:\Program Files\Net Control 2\Profiles\Enable www_mydomain_com site only (example).iap
C:\Users\All Users\Start Menu\Programs\Net Control 2\Chats\Net Control 2 Chat.lnk
C:\Users\All Users\Start Menu\Programs\Net Control 2\Chats\Cam Broadcast 2 Sender.lnk
C:\Users\All Users\Start Menu\Programs\Net Control 2\Chats\Cam Broadcast 2 Receiver.lnk
C:\Users\All Users\Start Menu\Programs\Net Control 2\Batches\Unlock Computers.lnk
C:\Users\All Users\Start Menu\Programs\Net Control 2\Batches\Shutdown All Computers.lnk
C:\Users\All Users\Start Menu\Programs\Net Control 2\Batches\Reboot All Computers.lnk
C:\Users\All Users\Start Menu\Programs\Net Control 2\Batches\Lock All Computers.lnk
C:\Users\All Users\Start Menu\Programs\Net Control 2\What Is My IP.lnk
C:\Users\All Users\Start Menu\Programs\Net Control 2\Uninstall Net Control 2.lnk
C:\Users\All Users\Start Menu\Programs\Net Control 2\Release notes.lnk
C:\Program Files\Net Control 2\vhdriver\ncvhdrv.exe
C:\Program Files\Net Control 2\Profiles\Enable full access.iap
C:\Program Files\Net Control 2\Profiles\Internet access only.iap
C:\Users\All Users\Start Menu\Programs\Net Control 2\Whats new.lnk
C:\Program Files\Net Control 2\Profiles\Master mode (allow all).ncp
C:\Users\All Users\Start Menu\Programs\Net Control 2\Net Control 2.lnk
C:\Program Files\Net Control 2\vhdriver\ncvhook.dll
C:\Program Files\Net Control 2\vhdriver\ncvhook.inf
C:\Program Files\Net Control 2\vhdriver\ncvhook.sys
C:\Users\All Users\Start Menu\Programs\Net Control 2\Net Control 2 Help.lnk
C:\Users\All Users\Start Menu\Programs\Net Control 2\Net Control 2 Server Configuration.lnk
C:\Users\All Users\Start Menu\Programs\Net Control 2\Net Control 2 Server Help.lnk
C:\Program Files\Net Control 2\Profiles\Internet access with adult content filtering
and, again, you may need UNLOCKER (or "Take Ownership" and then change permissions, and then UNLOCKER... who knows) to get them deleted.  The most likely to be locked are the   .exe   and/or the   .dll    files... though there could be others, too.
Once you have hunted-down and deleted all the files and folders, then you will need to hunt-down and delete NetControl2-related registry keys.
Your tools, for this part of it, are RegSeeker and, maybe also, RegAssassin.   (RegSeeker, alone, may do it.)
RegSeeker will let you look for certain text strings (and, therefore, the registry keys and sub-keys containing them); and, once you examine them and ensure that they're really and truly related to NetControl2, it will let you delete them... all at once, if you wish... or whichever of them you'd like to delete.  
RegAssassin will, if it becomes necessary for any given registry entries, which RegSeeker can't delete because they're locked, or maybe you don't have the necessary rights, or whatever is the reason that RegSeeker can't delete them.  It's unlikely, actually, that you'll need to use RegAssassin at all for this project... but if you run into registry entries which you can't delete using RegSeeker, then by-golly you may need to go back and hunt them down with RegAssassin and get rid of them that way... and so doing may, as with UNLOCKER, require one or more reboots.  (Ugh!)
Launch RegSeeker.
On the menu at left, click on "Find in registry..." which will take you to the "Find in registry..." screen.
In the "Search for:"  field, let's start with the most obvious text string:  Net Control 2
Searching throughout the entire registry for that exact text string ("Net Control 2") is quite likely to result a whole bunch of hits... maybe even most or all of them (or at least as many of them as is needed to be found) since that string would be present in each and every registry entry which contains a file path to any of NetControl2's files... and most of NetControl2's registry entries involving any of its files are likely to contain full pathnames to them.  So, believe it or not, this one RegSeeker search (and the deletions that you'll do thereafter) may be all you'll need to do regarding the registry.  (Fingers crossed, eh?)
So, then, type    Net Control 2   (including spaces, but capitalization doesn't matter) into the "Search for:" field.  (But don't click on anything, or press the  [Enter]  key yet!)
Then make sure that there's no checkmark next to "Search Files" and "Match whole word."
But make sure that there are checkmarks next to everything else.  Everything!
Then click on the "Search" button.
Then be patient.  There's a little indicator down near the bottom indicating how many items were found, and below that is a progress bar/indicator.  Just let it run until it shows that 100% of the search is finished and RegSeeker seems to have calmed down and is clearly done.  I have no idea how many items it will find, but you'll see.
When it's done, the first thing to do is verify that there positively is a checkmark next to "Backup before deletion" in the lowermost left corner of the RegSeeker window.  That will ensure that whatever you do delete will be written to a backup    .reg    file so that, if you have to (for whatever reason), you can restore all the deletions to the registry.
Then, you'll want to verify that everything found is really and truly associated with NetControl2.  Since I can't think of a single other thing in Windows which uses that text string (and which you'd actually want on your machine), it's extemely likely that every single thing it finds which contains that string can be deleted.  That said, still scroll down through it all and just make sure that nothing crazy got found and is listed.  Again, it's likely that everything's okay... but, what the heck... double check.  What could it hurt.
If you're sure that everything's okay, then scroll all the way back up to the top of the list and then left-single-click on the topmost item therein (to highlight it).  Then scroll all the way back to the bottom and hold-down the keyboard's   [Shift]   key; and then, while still holding it, left-single-click on the very bottommost file on the list, then release the   [Shift]   key.  If you did it right, then both the two files you clicked on, and every file in between, will all become highlighted.  If not, then do it over until that's the case.  (Alternatively, if you want to, you could just click on the topmost file, then hold down the   [Ctrl]   key on the keyboard while you individually click on each entry, one entry after another, until they're all highlighted.)  In either case, if there are any entries among the now-highlighted ones which you do not want to delete, then go back and hold down the keyboard's   [Ctrl]   key and click on them, individually, to un-highlight them so that they're no longer part of the highlighted group of entries to be deleted.  Once again, since it's unlikely that anything other than something you want to delete contains the searched for text string of   Net Control 2   there's probably nothing wrong with just selecting and deleting them all... but that's just a suspicion.  You should verify for yourself.
Once you've got your list of registry entries containing the string  Net Control 2  all group highlighted and ready to be deleted, simply press on the keyboard's   [Delete]   key.  A dialog will pop-up offering you the suggested file name for the backup    .reg    file, which you should accept...
...and then, next thing you know, the deletion will begin... and be overwith before you know it.  Just watch the screen and it should be obvious when it's done.
Then, before closing RegSeeker, click on "Find in registry..." again to get a fresh, new "Find in registry..." screen.  The text string from the search you just did may still be in the "Search for:" field (which would be okay).  If not, then, again, type    Net Control 2   into the "Search for:" field.  Make sure all boxes are checked except "Search Files" and "Match whole word."  Then click on the "Search" button...
...and let RegSeeker double-check through the registry one more time and make sure it had actually deleted every last thing containing the   Net Control 2   text string.  Wait, again, until it's 100% done.
If it finds entries again, then whatever's still there may have been locked, or maybe you didn't have adequate permission to delete it.  If so, then RegAssassin may need to be employed.  Since that's unlikely, I'm not going to include, here, now, step-by-step instructions in using that utility.  If it turns out that you need to use it, we'll cross that bridge at that time.
Assuming that the first deletion of everthing containing the  Net Control 2  text string was deleted, then you'll want to close RegSeeker...
... and, at that point, you may very well, at that point, be done.  I mean completely done.
If the reason you did Method Two is because you just wanted to double-check and make sure that REVO got everthing, then you might not find a single thing as part of your Method Two experience.  Or you may only find a few things.  If, on the other hand, you skipped straight to Method Two (meaning that you basically just wanted to do it all manually), then you may very well need to do everything described in this post.
In any case, REBOOT.
Then login again and see if Kaspersky's still unhappy.
The let us know, here.
Once you've, for sure, gotten NetControl2 off your machine, we'll further discuss what to do on the Youtube web site.  First things first.

Author Comment

ID: 24218801
Well dear i m too much buzy now a days with my work. But i will try to follow your guidelines as soon as possible
With Regards

Expert Comment

by:Gregg DesElms
ID: 24220144
Ah... welcome back.  I was just beginning to wonder about you... and whether or not anything I suggested worked.

Once you get done with getting NetControl2 off your machine, you should also make triple-net certain that you have all of the latest, greates updates to Microsoft Windows itself... and, especially, Internet Explorer... most importantly, all security updates.

The reason I mention it is because as I was sitting in traffic and thinking about your problem, I also remembered that there had been a spate of security issues related to Youtube accounts which invovled what are called "session riding" or "cross site request forgery" (CSRF), and also what are called "cross site scripting" (XSS), exploits... some of which required Youtube to make security changes to their pages, but others of which also required that the latest and greatest Internet Explorer security patches be installed.  One of the XSS exploits was particularly nasty... and allowed javascript code from one opened browser window to be inserted into whatever was going on in a completely different (and simultaneously-opened) browser window (or tab)... and that particular exploit's job would be to collect login data from the second opened window/tab.

So, then, if any of those exploits had anything to do with it, then your suspicion that it could also be on Youtube's end might have some merit.  But, in the end, it's important that all IE security patches are always up-to-date.  That's a huge part of it.  Sadly, setting IE's script settings so that theyre a little more strict takes a bad problem of IE pestering the hell out of its users with security warning all the time, and just makes it worse.  So making IE more strict isn't the answer... that is, unless it's okay with you if you have to click on "Okay" or "Allows" in little pop-up dialogs all day long.

One of the irritating things about at least the CSRF exploits was (and remains) that Google (which owns Youtube) has been loathe to fix some of the sites it owns and operates so that these exploits won't work on their pages.  For example, several fairly well-known CSRF exploits that are over a year old (and which Google has known about for that long) will still work on GMAIL pages.  It's like Google's just refusing to fix them.

I theorize that Google's refusing to fix them because it doesn't give a whit whether IE works on its pages; because it wanted everyone to use Firefox before it finally launched Chrome; and now it wants everyone to use Chrome.  But that's just me being cynical.

I do believe, though, that if we all sit around and wait for it long enough, we will eventually see that Google -- which has for so long decried the despotism of Microsoft -- will, in the end, become just as big a despot itself.  Absolute power corrupts absolutely.  Ah, but I digress.  Sorry.

Anyway... I'm still with ya' kid.  Get caught-up and let's see if we can't whip this thing for you!

Author Comment

ID: 24262530
Sorry for replying late, Actually i was very much busy.
Anyways i tried for every thing, what ever u suggested me, but all in vain. Kaspersky is still unhappy.I found i folder of Net Control2 in my Pc, but deleted it very easily. Nothing more than that.
Well this is the situation now. Dont know what to do this time.
Any further guidelines for me Sir.
With Regards

Expert Comment

by:Gregg DesElms
ID: 24398639
Showkatdar wrote:  "Anyways i tried for every thing, what ever u suggested me, but all in vain. Kaspersky is still unhappy.I found i folder of Net Control2 in my Pc, but deleted it very easily. Nothing more than that.  Well this is the situation now. Dont know what to do this time. Any further guidelines for me Sir."

You have done ALL of what was earlier prescribed?  Or you simply deleted the NetControl2 folder?

If the latter, then you have more work to do.  Re-read my earlier herein.

If the former, then what, precisely, is Kaspersky saying, now?  Precisely.


Author Closing Comment

ID: 31570076
Still the issue is there, but anywayz closing this question. Thanks for the help

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I annotated my article on ransomware somewhat extensively, but I keep adding new references and wanted to put a link to the reference library.  Despite all the reference tools I have on hand, it was not easy to find a way to do this easily. I finall…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question