SW.exe (silentspy) .... HOW DO I REMOVE?

Virus & Spyware

Virus & Spyware
Perspectives on PC security, including antivirus, anti-spyware and firewall solutions.

SW.exe (silentspy) .... HOW DO I REMOVE?

  • I just realized i had some kind of keylogger on my computer.. (whenever it shutdown, the process called SW kept ending).  I searched for a solution but could not find.. Norton antivirus's way didnt help me because it wouldnt let me delete the registry keys...
     
    ANY help please reply ASAP
     
    thanks
  • first off, are you sure your particular SW file is silent spy??   without more information, it could also be: 
     
    Scrolling Window
    Shadow Warrior
    Smart Whois
     
    or countless other programs.
     
    Can you give us a complete pathname?   And on what basis do you believe it to be SilentSpy [or more generally, a keylogger], rather than anything else?
     

    Message Edited by ky331 on 11-28-200607:26 PM

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v8 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [set to BLOCK]; KeyScrambler for IE), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • Well i got suspicious after my last few shutdowns when it kept having to end the SW process... so being cautious i searched sw.exe on the web, and i am almost certain it is a keylogger.  The Norton antivirus instructions explained where the registry for the keylogger was but i couldnt delete them.
     
    that is why i am certain its a keylogger or trojan of some kind.  I cant find any real .exes anywhere on my c drive though.
     
    Thanks
  • I'm not saying it's NOT the silent spy keylogger... just that it doesn't HAVE to be it.
     
    Since you really don't have enough information to offer a definitive diagnosis, I would suggest you follow these directions to create and post a HiJackThis Log, in the HJT forum.   The people there should be able to determine just what your particular SW program is, and if it's indeed a keylogger, they'll help you remove it:
     
    Download a self-extracting copy of the latest version of HJT (HiJackThis) (version 1.99.1) from
    Save it to your Desktop.
    Double-click on the file    hijackthis_sfx.exe    file, and allow it to self-extract [by clicking on UnZip] into the suggested/default folder,
    C:\Program Files\HijackThis
     
    Use Windows Explorer to navigate your way into this folder, and then double click on HiJackThis.exe

    Click on  Do a System Scan and Save a LogFile

    This will automatically open NotePad

    Copy the entire file from NotePad:  EDIT/SelectAll, EDIT/Copy

    Then go to the forum dedicated for HiJack This logs (**NOT** back here), and  PASTE the results there:

    http://forums.us.dell.com/supportforums/board?board.id=si_hijack

    Be sure to include a detailed description of any problems/errors/warnings you are encountering.

    Hopefully, one of the HJT experts will get to it as quickly as possible.

     

    WARNING:  HiJack This is a VERY POWERFUL tool.  While it's  completely safe  for you to download, generate, and post your log (as described above), you should *NOT* attempt to do anything else (in particular, do NOT use it to delete/fix any entries) until you are advised to do so by a forum expert!!  Improper use of this tool can severely damage your system.

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v8 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [set to BLOCK]; KeyScrambler for IE), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • will do.
     
    Thanks
  • Andrew,
     
    I see that you posted your HJT log, have been waiting a few days, and have now posted a 2nd/linked request.   I have sent a message to someone I know there, so hopefully, they will not overlook you much longer.

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v8 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [set to BLOCK]; KeyScrambler for IE), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]