Keluar Error Time Masuk Windows...

[ApoKalypse 1]

nape benda ni leh kuar time aku masuk windows ??? sebelum ni takde pon... benda ni jadi lepas aku uninstall XPspypro n aku scan guna kaspersky dia detect virus so aku neutralize lah natang tu... pastu lepas restart kuar error tu... help me plss ~

[ApoNie 0]

cuba ko masuk kat registry -> start>regedit> cari sysDll32.dll tu.. lepas jumpa dia punya key, delete key tu.. tapi sebelum tu cuba ko backup dulu rgistry ko..

harap membantu

[ApoKalypse 1]

jumpa dah..

tp nak backup registry camno tu???

Edited December 23, 2006 by ApoKalypse

[ApoNie 0]

pi kat file>export.. pahtu save ahh ngan nama apa ponn...

[ApoKalypse 1]

ok thanks...nanti aku reply kalo menjadi k

[Impreza_2004 0]

From Symantec:

Type: Spyware

Name: XPCSpy Pro

Version: 2.25

Publisher: X Software Inc

Risk Impact: Low

File Names: XPCSpyPro.exe; AppSpy.dll; IESpy.dll; KeySpy.dll; SysDll32.dll; Rx.exe; Systemout.exe; AppMon.dll; IEMon.dll; systemin.sys

Systems Affected: Windows 2000, Windows 98, Windows Me, Windows NT, Windows XP

Behavior: Spyware.XpcSpy is a spyware program that is used to secretly monitor other users by logging keystrokes and screen shots.

Symptoms: Your Symantec program detects Spyware.XpcSpy.

Transmission: This program must be manually installed.

Spyware.XpcSpy can do the following: Log keystrokes

1) List all running programs

2) Log instant messenger conversations

3) Take periodic screen shots

4) Send the log files by email or FTP

When Spyware.XpcSpy is executed, it performs the following actions:

1) May create one or more of the following files:

%ProgramFiles%\XSoftware\XPCSpyPro\XPCSpyPro.exe

%ProgramFiles%\XSoftware\Working\XPCSpyPro.exe - This is the main spyware file.

%ProgramFiles%\XSoftware\XPCSpyPro\AppSpy.dll

%ProgramFiles%\XSoftware\XPCSpyPro\IESpy.dll

%ProgramFiles%\XSoftware\XPCSpyPro\KeySpy.dll

%ProgramFiles%\XSoftware\Working\AppMon.dll

%ProgramFiles%\XSoftware\Working\IEMon.dll

%ProgramFiles%\XSoftware\Working\KeyMon.dll

%ProgramFiles%\XSoftware\Working\StartPrograms\HomePage.lnk

%ProgramFiles%\XSoftware\Working\StartPrograms\Readme.lnk

%ProgramFiles%\XSoftware\Working\StartPrograms\Run Me.lnk

%ProgramFiles%\XSoftware\Working\StartPrograms\Uninstall Me.lnk

%ProgramFiles%\XSoftware\Working\StartPrograms\User Manual.lnk

%ProgramFiles%\XSoftware\Working\StartPrograms

%ProgramFiles%\XSoftware\Working\AppHot.sup

%ProgramFiles%\XSoftware\Working\bk.bmp

%ProgramFiles%\XSoftware\Working\file_id.diz

%ProgramFiles%\XSoftware\Working\IeHot.sup

%ProgramFiles%\XSoftware\Working\license.txt

%ProgramFiles%\XSoftware\Working\Manual.chm

%ProgramFiles%\XSoftware\Working\Readme.txt

%ProgramFiles%\XSoftware\Working\record.tdb

%ProgramFiles%\XSoftware\Working\UnistInfo.ini

%ProgramFiles%\XSoftware\Working\Web.url

%ProgramFiles%\XSoftware\unins000.dat

%ProgramFiles%\XSoftware\unins000.exe

%System%\systemout.exe

%System%\SysDll32.dll

%System%\rx.exe

%System%\wintft.dll

%System%\drivers\systemin.sys

Notes: %ProgramFiles% is a variable that refers to the path to the program files folder. By default, this is C:\Program Files.

%System% is a variable. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

2) May create one or more of the following folders:

%ProgramFiles%\XSoftware

%ProgramFiles%\XSoftware\Report

%ProgramFiles%\XSoftware\Screenshots

%ProgramFiles%\XSoftware\Working

%ProgramFiles%\XSoftware\Working\tmp

3) Adds one or more of the following registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17A54BFC-8214-4F5C-B1A7-A161BFA5FDCC}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA41EE62-B36A-4344-850C-9221073CF6B9}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3E1DC8E-0CE1-4D96-8D49-E5B2B7B51ADA}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppMon.TShellExecuteHook

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEMon.IESpy

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17A54BFC-8214-4F5C-B1A7-A161BFA5FDCC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{E3E1DC8E-0CE1-4D96-8D49-E5B2B7B51ADA}

4) Adds the following value:

"System Check" = "Rundll32.exe SysDll32.dll,SystemCheck"

to the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

so that the spyware runs when you start Windows.

5) Add the following value:

"ImagePath" = "%System%\systemout.exe"

to the following registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SystemOutService

so that the spyware runs as a service when you start Windows.

6) Logs all keystrokes, instant messenger conversations, and running programs; and takes periodic screen shots. The default log file path is %ProgramFiles%\XSoftware\Report.

7) Sends out the log files and screen shots through email or FTP.

The following is a general removal procedure. This spyware may include an uninstallation tool named Unins000.exe, along with Unins000.dat, both of which are located in the installation folder. The default installation folder is %Program Files%\XSoftware. Before you try to remove this spyware using the following instructions, we recommend that you try to uninstall it by using the provided uninstaller. To do this, browse to the %Program Files%\XSoftware folder, and if Unins000.exe is there, double-click Unins000.exe.

The following instructions pertain to all Symantec antivirus products that support Security Risk detection:

1) Update the definitions.

2) Restart the computer in Safe mode

3) Run a full system scan.

4) Delete the value that was added to the registry.

For specific details on each of these steps, read the following instructions:

1. To update the definitions

To obtain the most recent definitions, start your Symantec program and run LiveUpdate.

2. To restart the computer in Safe mode

Shut down the computer, and turn off the power. Wait for at least 30 seconds, and then restart the computer in Safe mode. For instructions, read the document "How to start the computer in Safe Mode."

3. To run the scan

-Start your Symantec antivirus program, and then run a full system scan.

-If any files are detected as Spyware.XpcSpy, and depending on which software version you are using, you may see one or more of the following options:

Note: This applies only to versions of Norton AntiVirus that support Security Risk detection. If you are running a version of Symantec AntiVirus Corporate Edition that supports Security Risk detection, and Security Risk detection has been enabled, you will only see a message box that gives the results of the scan. If you have questions about this situation, contact your network administrator.

-Exclude (not recommended)

If you click this button, it will set the threat so that it is no longer detectable. That is, the antivirus program will keep the security risk on your computer and will no longer detect it to remove it from your computer.

-Ignore or Skip

This option tells the scanner to ignore the threat for this scan only. It will be detected again the next time that you run a scan.

-Cancel

This option is new to Norton Antivirus 2005. It is used when Norton Antivirus 2005 has determined that it cannot delete a security risk. The Cancel option tells the scanner to ignore the threat for this scan only, and thus the threat will be detected again the next time that you run a scan.

To delete the security risk

-Click its file name (under the Filename column).

-In the Item Information box that appears, write down the full path and file name.

-Use Windows Explorer to locate and delete the file.

If Windows Explorer reports that it cannot delete the file, this indicates that the file is in use. In this situation, complete the rest of the instructions on this page, restart the computer in Safe mode, and then delete the file using Windows Explorer.

-Delete

This option attempts to delete the detected files. In some cases, the scanner will not be able to do this.

To delete the security risk

- If you see a message, "Delete Failed" (or similar message), manually delete the file.

-Click the file name of the threat that is under the Filename column.

-In the Item Information box that appears, write down the full path and file name.

-Use Windows Explorer to locate and delete the file.

If Windows Explorer reports that it cannot delete the file, this indicates that the file is in use. In this situation, complete the rest of the instructions on this page, restart the computer in Safe mode, and then delete the file using Windows Explorer.

4. To delete the value from the registry

Important: Symantec strongly recommends that you back up the registry before you make any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. For instructions, read the document "How to make a backup of the Windows registry."

-Click Start > Run.

-Type the following: regedit

-Click OK.

-Navigate to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

-In the right pane, delete the following value:

"System Check" = "Rundll32.exe SysDll32.dll,SystemCheck"

-Delete the following keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17A54BFC-8214-4F5C-B1A7-A161BFA5FDCC}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA41EE62-B36A-4344-850C-9221073CF6B9}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3E1DC8E-0CE1-4D96-8D49-E5B2B7B51ADA}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppMon.TShellExecuteHook

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEMon.IESpy

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17A54BFC-8214-4F5C-B1A7-A161BFA5FDCC}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{E3E1DC8E-0CE1-4D96-8D49-E5B2B7B51ADA}