Keenval - I've been got at!

  • Thread starter Thread starter Bill
  • Start date Start date
B

Bill

Help please. Keenval B and C have crept into my machine and not being good
at these things I need a childs guide to dispose of them.

AVG seemed to spot them initially and they were vaulted. However they keep
appearing and even when I did a System File Check (SFC) on Run, they were
spotted again (presumably reappearing to AVG) but have gone somewhere else
now.

Neither AVG nor SFC are seeing them again but pc is doing some strange
things including the sudden loss of my Win Aspi files for my Nero Burner and
loss of my main window screen layout that I had set up. May be coincidence
but first time with these problems.

Be very grateful for a finger by finger guide as to how to shoot these
blighters. Running 98SE.
 
Just noticed a similar question on 16 April. Will try this but just how do
you disable the system restore???
 
Bill said:
Just noticed a similar question on 16 April. Will try this but just how do
you disable the system restore???
Click to expand...

You don't. Win98 doesn't have that feature.

Have you tried Ad-Aware, the adware removal tool?
 
Yes Adaware run several times and all cleaned out in safe start and normal
running mode but something nasty lurking. Now getting "Boot sector Write"
virus warning when starting or rebooting. AVG run in safe start and standard
mode but finding nothing. Appreciate advice please.
 
Yes Adaware run several times and all cleaned out in safe start and normal
running mode but something nasty lurking. Now getting "Boot sector Write"
virus warning when starting or rebooting. AVG run in safe start and standard
mode but finding nothing. Appreciate advice please.
Click to expand...

Have you Googled for info on Keenval? Here's one url:

http://www.faqfarm.com/Computer/Virus/19549

Have you tried Spybot? The easiest thing for you to try is a alternate
(and better) antivirus program. Check my web site. If you have access
to a clean Win 98/ME PC, you can use my F-Pup d/l and create a
emergency boot disk set.

Let us know how you make out with this info, etc. and we can go on
from there.


Art
http://www.epix.net/~artnpeg
 
Bill said:
Yes Adaware run several times and all cleaned out in safe start and normal
running mode but something nasty lurking. Now getting "Boot sector Write"
virus warning when starting or rebooting.
Click to expand...

That might just be an antiquated setting in your CMOS setup
program.
AVG run in safe start and standard
mode but finding nothing. Appreciate advice please.
Click to expand...

In addition to Ad-Aware, there is Spybot Search & Destroy
you could try for the same thing (many people use both of
these programs). If that doesn't help either, you could try the
"HijackThis" program which allows you to create a log file
that you can submit to further scrutiny at the hands of those
familiar with analyzing those logs.

Art has suggested alternate AV programs as well, check out
the offerings on his site.
 
I am very grateful for your staying with me on this. Tried the various
suggestions with nothing obvious changing. But I think I'm getting
somewhere.

I've backed up some of my main doc files etc to my slave drive (separate
disk) and physically now removed this disk.on basis of perhaps needing to do
full FDisk etc on main drive. Quite remarkably I do think my bug may have
gone with it. The continuing problem prior to this was that a Boot Sector
Write was reported each time I booted. This has now gone. Not only getting
clean start without problems but my bespoke desktop layout comes up as I
had originally set. When bug was being reported it caused desktop to appear
in default normal unfriendly stacked mode. Rerun all the suggestions but
nothing showing up. May be hiding or may in fact have been dealt with. Also
noted in next posting "From the Rafters" that the boot write may have been
antiquated cmos. Grateful for Rafters comments.

Have managed to find and reload ASPI files from Nero - this may have been
red herring - although a little strange.

For the moment I am going to carry on as normal and see what happens when
slave reconnected. Will report back. Many thanks.
 
I am very grateful for your staying with me on this. Tried the various
suggestions with nothing obvious changing. But I think I'm getting
somewhere.

I've backed up some of my main doc files etc to my slave drive (separate
disk) and physically now removed this disk.on basis of perhaps needing to do
full FDisk etc on main drive. Quite remarkably I do think my bug may have
gone with it. The continuing problem prior to this was that a Boot Sector
Write was reported each time I booted. This has now gone. Not only getting
clean start without problems but my bespoke desktop layout comes up as I
had originally set. When bug was being reported it caused desktop to appear
in default normal unfriendly stacked mode. Rerun all the suggestions but
nothing showing up. May be hiding or may in fact have been dealt with. Also
noted in next posting "From the Rafters" that the boot write may have been
antiquated cmos. Grateful for Rafters comments.

Have managed to find and reload ASPI files from Nero - this may have been
red herring - although a little strange.

For the moment I am going to carry on as normal and see what happens when
slave reconnected. Will report back. Many thanks.
Click to expand...

Here's info on Incredifind for your reading pleasure:
http://www.doxdesk.com/parasite/KeenValue.html

Harden your browser defenses with a good HOSTS file and Spyware
Blaster. Keep them updated regularly.

Try MS-MVP George (Bindar/Dandat) Gedyes' Host File Manager. It
uses Mike Burgess's HOSTS file.

Available at http://mvps.org/PracticallyNerded/Software.htm
Fourth item on the page, like SpyBlaster, it's FREE!

SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html

Another very helpful preventive measure is WinPatrol. It
monitors for new programs set to run on the 'next' boot.
It can catch a new trojan before it can activate.

http://www.winpatrol.com/

Cleaners are sometimes needed, but prevention should be a
high priority.

BoB
 
Obliged for help and responses on this problem. Seemed to have gone away but
then yesterday I was deleting 'Kazaa' when it suddenly popped up again and
was grabbed by AVG. Looks as though its lurking in Kazaa. Anyway system
seems stable now and will close out for now with thanks and fingers
crossed.
 
Back
Top