Search
Search titles only
By:
Search titles only
By:
Log in
Register
Search
Search titles only
By:
Search titles only
By:
Menu
Install the app
Install
Forums
New posts
All threads
Latest threads
New posts
Trending threads
Trending
Search forums
What's new
New posts
New ads
New profile posts
Latest activity
Free Ads
Latest reviews
Search ads
Members
Current visitors
New profile posts
Search profile posts
Contact us
Latest ads
Colombo
Red Hat Certified System Administrator (RHCSA) - RHEL 10
Sanjeewani95
Updated:
Friday at 7:43 PM
NURSING , CAREGIVER , HOTEL & BEAUTY COURSES
IVA Para Medical Campus
Updated:
Thursday at 9:24 AM
Handmade Character Soft Toys Peppa Pig Family
anil1961
Updated:
Wednesday at 9:58 PM
Ad icon
Video Content Creator
pramukag
Updated:
Jun 28, 2026
Ad icon
QA Engineer Intern
pramukag
Updated:
Jun 28, 2026
Electronics
Vehicles
Property
Search
Reply to thread
Forums
General
ElaKiri Talk!
Keyloggers,Rats Scan n Remove (How to remove included)
Get the App
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Message
<blockquote data-quote="itsnotme" data-source="post: 9457673" data-attributes="member: 309765"><p>Software n pic from this thread >>> <a href="http://www.elakiri.com/forum/showthread.php?t=1066597" target="_blank">http://www.elakiri.com/forum/showthread.php?t=1066597</a></p><p></p><p></p><p><strong><span style="font-family: 'Courier New'"><span style="font-size: 12px"><span style="color: Red">but his download contain trojan..! DONT RUN THAT EXE..!!!<a href="http://www.elakiri.com/forum/showthread.php?t=1066597" target="_blank"></a></span></span></span></strong></p><p><strong><span style="font-family: 'Courier New'"><span style="font-size: 12px"><span style="color: Red"><a href="http://www.elakiri.com/forum/showthread.php?t=1066597" target="_blank"></a></span></span></span></strong></p><p><strong><span style="font-family: 'Courier New'"><span style="font-size: 12px"><span style="color: Red">(ekata thawa JB.exe kiyala stealer ekak attach karala thiyenne, eeke trojan atha LOL)</span></span></span></strong></p><p><strong><span style="font-family: 'Courier New'"></span></strong></p><p><strong><span style="font-family: 'Courier New'"></span></strong></p><p><strong><span style="font-family: 'Courier New'"><span style="font-size: 12px"><span style="color: Blue">i hav cleaned that exe n original file just 95kb.. </span></span></span></strong></p><p><strong><span style="font-family: 'Courier New'"><span style="font-size: 12px"><span style="color: Blue"></span></span></span></strong></p><p><strong><span style="font-family: 'Courier New'"><span style="font-size: 12px"><span style="color: Blue"></span></span></span></strong></p><p><strong><span style="font-family: 'Courier New'"><span style="font-size: 12px"><span style="color: Blue"></span></span></span></strong></p><p><strong><span style="font-family: 'Courier New'"><span style="font-size: 12px"><span style="color: Blue">Original software: (no trojans)</span></span></span></strong></p><p></p><p><span style="font-family: 'Courier New'"><span style="font-size: 12px"><span style="color: Blue"><a href="http://www.mediafire.com/?uruuuvun1u2fu45" target="_blank"></a></span></span></span></p><p><span style="font-family: 'Courier New'"><span style="font-size: 12px"><span style="color: Blue"><a href="http://www.mediafire.com/?uruuuvun1u2fu45" target="_blank">http://www.mediafire.com/?uruuuvun1u2fu45</a></span></span></span></p><p><span style="font-family: 'Courier New'"><span style="font-size: 12px"><span style="color: Blue">rar pass : itznotme</span></span></span></p><p><span style="font-family: 'Courier New'"><span style="font-size: 12px"><span style="color: Blue"></span></span></span></p><p><span style="font-family: 'Courier New'"><span style="font-size: 12px"><span style="color: Blue"></span></span></span></p><p><span style="font-family: 'Courier New'"><span style="font-size: 12px"><span style="color: Blue">detections :::</span></span></span></p><p><span style="font-family: 'Courier New'"><span style="font-size: 12px"><span style="color: Blue"></span></span></span></p><p><span style="font-family: 'Courier New'"><span style="font-size: 12px"><span style="color: Blue"></span></span></span></p><p></p><p>copy that text into the notepad n save it "detections.txt" .. put it in same location.</p><p></p><p> </p><p></p><p></p><p></p><p><img src="http://img690.imageshack.us/img690/6686/ratsearch.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p></p><p></p><p></p><p></p><p>If you have identified the particular program that is part of the malware, and you want to remove it, please follow these steps.</p><p> </p><ol> <li data-xf-list-type="ol"> Download and extract the <a href="http://download.sysinternals.com/Files/Autoruns.zip" target="_blank">Autoruns</a> program by Sysinternals to (<a href="http://download.sysinternals.com/Files/Autoruns.zip" target="_blank">http://download.sysinternals.com/Files/Autoruns.zip</a>) C:\Autoruns<br /> <br /> </li> <li data-xf-list-type="ol">Reboot into <a href="http://www.bleepingcomputer.com/tutorials/tutorial61.html" target="_blank">Safe Mode</a> so that the malware is not started when you are doing these steps. Many malware monitor the keys that allow them to start and if they notice they have been removed, will automatically replace that startup key. For this reason booting into safe mode allows us to get past that defense in most cases.</li> <li data-xf-list-type="ol">Navigate to the C:\Autoruns folder you created in Step 1 and double-click on autoruns.exe.</li> <li data-xf-list-type="ol">When the program starts, click on the Options menu and enable the following options by clicking on them. This will place a checkmark next to each of these options.<ol> <li data-xf-list-type="ol">Include empty locations</li> <li data-xf-list-type="ol">Verify Code Signatures</li> <li data-xf-list-type="ol">Hide Signed Microsoft Entries</li> </ol> </li> <li data-xf-list-type="ol">Then press the F5 key on your keyboard to refresh the startups list using these new settings.</li> <li data-xf-list-type="ol">The program shows information about your startup entries in 8 different tabs. For the most part, the filename you are looking for will be found under the Logon or the Services tabs, but you should check all the other tabs to make sure they are not loading elsewhere as well. Click on each tab and look through the list for the filename that you want to remove. The filename will be found under the Image Path column. There may be more than one entry associated with the same file as it is common for malware to create multiple startup entries. It is important to note that many malware programs disguise themselves by using the same filenames as valid Microsoft files. it is therefore important to know exactly which file, and the folder they are in, that you want to remove. You can check our <a href="http://www.bleepingcomputer.com/startups/" target="_blank">Startup Database</a> for that information or ask for help in our <a href="http://www.bleepingcomputer.com/forums/" target="_blank">computer help forums</a>.</li> <li data-xf-list-type="ol">Once you find the entry that is associated with the malware, you want to delete that entry so it will not start again on the next reboot. To do that right click on the entry and select delete. This startup entry will now be removed from the Registry.</li> <li data-xf-list-type="ol">Now that we made it so it will not start on boot up, you should delete the file using My Computer or Windows Explorer. If you can not see the file, it may be hidden. To allow you to see hidden files you can follow the steps for your operating system found in this tutorial:</li> <li data-xf-list-type="ol">When you are finished removing the malware entries from the Registry and deleting the files, reboot into normal mode as you will now be clean from the infection.</li> </ol><p></p><p><span style="font-size: 18px"><span style="color: Red">If this is useful.. ADD SOME REP+ LOL </span></span><img src="/styles/default/xenforo/smilies/default/yes.gif" class="smilie" loading="lazy" alt=":yes:" title="Yes :yes:" data-shortname=":yes:" /><img src="/styles/default/xenforo/smilies/default/yes.gif" class="smilie" loading="lazy" alt=":yes:" title="Yes :yes:" data-shortname=":yes:" /><img src="/styles/default/xenforo/smilies/default/yes.gif" class="smilie" loading="lazy" alt=":yes:" title="Yes :yes:" data-shortname=":yes:" /><img src="/styles/default/xenforo/smilies/default/yes.gif" class="smilie" loading="lazy" alt=":yes:" title="Yes :yes:" data-shortname=":yes:" /><img src="/styles/default/xenforo/smilies/default/cool.gif" class="smilie" loading="lazy" alt=":cool:" title="Cool :cool:" data-shortname=":cool:" /><img src="/styles/default/xenforo/smilies/default/cool.gif" class="smilie" loading="lazy" alt=":cool:" title="Cool :cool:" data-shortname=":cool:" /><img src="/styles/default/xenforo/smilies/default/cool.gif" class="smilie" loading="lazy" alt=":cool:" title="Cool :cool:" data-shortname=":cool:" /><img src="/styles/default/xenforo/smilies/default/shocked.gif" class="smilie" loading="lazy" alt=":shocked:" title="Shocked :shocked:" data-shortname=":shocked:" /></p></blockquote><p></p>
[QUOTE="itsnotme, post: 9457673, member: 309765"] Software n pic from this thread >>> [URL]http://www.elakiri.com/forum/showthread.php?t=1066597[/URL] [B][FONT=Courier New][SIZE=3][COLOR=Red]but his download contain trojan..! DONT RUN THAT EXE..!!![URL="http://www.elakiri.com/forum/showthread.php?t=1066597"] [/URL][/COLOR][/SIZE][/FONT][/B] [B][FONT=Courier New][SIZE=3][COLOR=Red](ekata thawa JB.exe kiyala stealer ekak attach karala thiyenne, eeke trojan atha LOL)[/COLOR][/SIZE][/FONT][/B] [B][FONT=Courier New] [/FONT][/B] [B][FONT=Courier New][SIZE=3][COLOR=Blue]i hav cleaned that exe n original file just 95kb.. [/COLOR][/SIZE][/FONT][/B] [B][FONT=Courier New][SIZE=3][COLOR=Blue] [/COLOR][/SIZE][/FONT][/B] [B][FONT=Courier New][SIZE=3][COLOR=Blue]Original software: (no trojans)[/COLOR][/SIZE][/FONT][/B] [FONT=Courier New][SIZE=3][COLOR=Blue][URL="http://www.mediafire.com/?uruuuvun1u2fu45"] http://www.mediafire.com/?uruuuvun1u2fu45[/URL] rar pass : itznotme detections ::: [/COLOR][/SIZE][/FONT] copy that text into the notepad n save it "detections.txt" .. put it in same location. [IMG]http://img690.imageshack.us/img690/6686/ratsearch.png[/IMG] If you have identified the particular program that is part of the malware, and you want to remove it, please follow these steps. [LIST=1] [*] Download and extract the [URL="http://download.sysinternals.com/Files/Autoruns.zip"]Autoruns[/URL] program by Sysinternals to ([URL]http://download.sysinternals.com/Files/Autoruns.zip[/URL]) C:\Autoruns [*]Reboot into [URL="http://www.bleepingcomputer.com/tutorials/tutorial61.html"]Safe Mode[/URL] so that the malware is not started when you are doing these steps. Many malware monitor the keys that allow them to start and if they notice they have been removed, will automatically replace that startup key. For this reason booting into safe mode allows us to get past that defense in most cases. [*]Navigate to the C:\Autoruns folder you created in Step 1 and double-click on autoruns.exe. [*]When the program starts, click on the Options menu and enable the following options by clicking on them. This will place a checkmark next to each of these options. [LIST=1] [*]Include empty locations [*]Verify Code Signatures [*]Hide Signed Microsoft Entries [/LIST] [*]Then press the F5 key on your keyboard to refresh the startups list using these new settings. [*]The program shows information about your startup entries in 8 different tabs. For the most part, the filename you are looking for will be found under the Logon or the Services tabs, but you should check all the other tabs to make sure they are not loading elsewhere as well. Click on each tab and look through the list for the filename that you want to remove. The filename will be found under the Image Path column. There may be more than one entry associated with the same file as it is common for malware to create multiple startup entries. It is important to note that many malware programs disguise themselves by using the same filenames as valid Microsoft files. it is therefore important to know exactly which file, and the folder they are in, that you want to remove. You can check our [URL="http://www.bleepingcomputer.com/startups/"]Startup Database[/URL] for that information or ask for help in our [URL="http://www.bleepingcomputer.com/forums/"]computer help forums[/URL]. [*]Once you find the entry that is associated with the malware, you want to delete that entry so it will not start again on the next reboot. To do that right click on the entry and select delete. This startup entry will now be removed from the Registry. [*]Now that we made it so it will not start on boot up, you should delete the file using My Computer or Windows Explorer. If you can not see the file, it may be hidden. To allow you to see hidden files you can follow the steps for your operating system found in this tutorial: [*]When you are finished removing the malware entries from the Registry and deleting the files, reboot into normal mode as you will now be clean from the infection. [/LIST] [SIZE=5][COLOR=Red]If this is useful.. ADD SOME REP+ LOL [/COLOR][/SIZE]:yes::yes::yes::yes::cool::cool::cool::shocked: [/QUOTE]
Insert quotes…
Verification
Awruddata maasa keeyada?
Post reply
Top
Bottom