Hacktool virus found by NIS 2008

Melchet · ‎07-26-2008

I ran Live Update followed by a full system scan using NIS2008. Hacktool was detected by virus scanner but the NIS fault message states "Remove Failed. Hacktool cannot be removed from an unsupported file". Risk level is listed as high and when I click on "review" button, nothing happens. Details: [xpkey.exe] inside of [c:\win xp keyfinder.exe]. Also the NIS2008 tab is green which suggests all is well. If I repeat a full system scan in Win safe mode, the same messages appear but NIS still won't remove the hacktool.

Please, does anyone know what's going on here and why has it only started doing this in the last two days?

Many thanks, Melchet.

Stu · ‎04-08-2008

It says xp keyfinder.

Did you download that yourself? Than you probably can just delete it manually

"All that we are is the result of what we have thought"

Tony_Weiss · ‎04-07-2008

As you can see, there are several different types of Hacktool. What exactly was found on your system? Have you tried to disable the service that the Hacktool is running while in Safe Mode, then running the full scan? Any more information on this issue is appreciated. Thanks!

Tony Weiss
Norton Forums Global Community Manager
Symantec Corporation

Tomcon · ‎07-28-2008

Hi, I have got exactly the same thing and I have searched but cannot find anything named xp keyfind.exe any where, it's still there and I cannot get rid of it. Norton said to go into safemode do a scan then delete it but I can't delete it.

Cheers.

Melchet · ‎07-26-2008

Hi Tony,

Thanks for your assistance. I did a full NIS 2008 scan in safe mode which identified the file as a virus but was unable to remove it.

I searched for "win xp keyfinder.exe" in windows explorer (it was in the C:\ root directory) and then deleted it manually (and from the recycle bin), after saving it on a memory stick in case I needed it again. I then rebooted into WinXP and ran a full NIS 2008 scan. The virus has been removed, so no further problem,, although I'm not convinced that the file is actually a virus - ie. an NIS false positive.

I think I originally downloaded keyfinder.exe to find the 25 character Win XP Product Key that came with the OEM WinXP CD.

Thanks again,

Melchet.

Message Edited by Melchet on 07-29-2008 06:56 AM

huwyngr · ‎04-13-2008

Melchet wrote:
Hi Tony,

.....

I think I originally downloaded keyfinder.exe to find the 25 character Win XP Product Key that came with the OEM WinXP CD.

An easier safer way is to download the Belarc Adviser. They are a highly reputable company so you are safe logging onto their website and using the applet. It produces a full report on your hardware and software and includes the KEYs / Serial numbers for a number of applications including Windows.

However OEM KEYs are a special case so I don't know if they are correctly retreived. But the information is so useful I print a copy out and also save the web page as a file.

I have/had hacktool.exe on my drives as part of a bootable CD recovery kit ..... but NIS2008 removed it doing a full system scan yesterday and didn't even ask me. I must try again to find the Ask me first setting ....

Message Edited by huwyngr on 07-29-2008 04:45 PM

Message Edited by huwyngr on 07-29-2008 04:46 PM

Hugh

cicely · ‎07-29-2008

I too have found Hacktool but I am using the Norton through ATT DSL so it is the online version It only gives me the option of review and then it says to remove while in safe mode but I can't access Norton while in safe mode. This is my code...

[xpkey.exe] inside of [keyfinder.exe] inside of [d:\recycler\s-1-5-21-1343024091-651377827-725345543-1003\dd5.zip]

I have been unable to find the file recycler..

Message Edited by cicely on 07-29-2008 04:04 PM

huwyngr · ‎04-13-2008

Recycler would be the Recycle Bin, I guess.

To see it you need to Open My Computer, CLick on Tools / Folder Options / View TAB and scroll down the list of items

I change:

the "radio dot" on the group relating to Hidden files over to (.) Show Hidden FIles & Folders
uncheck Hide Extensions for known file types
uncheck Hide Protected Operating system files -- it will be unhappy and warn you but do it anyway while trouble shooting but do not delete anything unexpected that may appear, like Desktop Shortcuts labeled Desktop.ini

and OK your way out.

You should find a reference to Recycler on every hard drive but they are all the same if I remember correctly and if you have administrative privileges you could delete files in it -- byt you could just Empty Recycle Bin by right mouse clicking on the Recycle bin.

You can also dfo a lot of cleaning up by right mouse clicking on the icon under My Computer for your hard drive(s) and selecting Properties and click on the Disk Clean button. That will empty Temp files etc.

Hope that helps.

I leave the Hide extensions of known files unchecked because if you have several files with the same name and different extensions you don't see the difference easily -- like you might have on a software disk: setup.exe setup.ini and so on and with that box check you just see you have several setup files.

Hugh

whitwill · ‎07-29-2008

I am having the same problem with Norton system scan finding the following hacktool references: [xpkey.exe] inside of [E:\recycler\S-1-5-21-725345543-1580436667-839522115-500]de2.exe] and

[xpkey.exe] inside of[E:\recycler\S-1-5-21-725345543-839522115-500]de3.zip]

I have located the recycler folder on my E: drive, and have searched through all the files in it, but none are xpkey.exe files. Would it be safe to delete all the files and folders in the "E:\recycler...." folders and if so, do you think this would solve the problem? Norton says this is a high risk virus, and yet when I ran Spyware Doctor which I downladed on a trial basis, it showed three viruses that needed attention, but none of them seemed to be the the two in question which Norton consistently finds. Thanks for your help.

Bill

huwyngr · ‎04-13-2008

I can't advise you on the best action to take to stop any reporting by NIS that it can't remove a file it flags as dangerous -- look for a message from a Norton Staffer -- name in red -- although there are plenty of others here who know much more about AV and Norton problems than I do.

I'd certainly suggest trying what I mentioned in my earlier message:

<< ... you could just Empty Recycle Bin by right mouse clicking on the Recycle bin.

You can also do a lot of cleaning up by right mouse clicking on the icon under My Computer for your hard drive(s) and selecting Properties and click on the Disk Clean button. That will empty Temp files etc. which is a place where files can hide and cause problems >>

I'd try both and reboot the computer and see what happens.

But keep an eye on here for specific help.

Hugh