Hi all, spyware doctor has a found a program called savekeys on my pc, however it will not remove it, it puts it into quarantine, and every time i boot the pc the program is running again,and spyware doctor may find it a few hours later???

How can i remove this program with SD?
:confused:

1. Go to Control Panel, Add/Remove program, remove SaveKeys

2. Run a Spyware Doctor smart update

3. Run Spyware Doctor Full scan

4. Remove the following registry keys
To delete the values from the registry

Important: Create a System Restore point. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only.

Click Start > Run.
Type regedit

Then click OK.

Navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run

In the right pane, depending on which version is installed delete the value:

"SK51"="C:\PROGRAM FILES\SK51\SK51.EXE"
"SK60"="C:\PROGRAM FILES\SK60\SK60.EXE"
"(default)"="C:\PROGRAM FILES\SKU62\SKU62.EXE"


Navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices

In the right pane, depending on which version is installed delete the value:

"SK51"="C:\PROGRAM FILES\SK51\SK51.EXE"
"SK60"="C:\PROGRAM FILES\SK60\SK60.EXE"
"(default)"="C:\PROGRAM FILES\SKU62\SKU62.EXE"


Navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE

In the right pane, depending on which version is installed delete the value:

SoftwareLoc
WindowsOpen
Common Desktop


Navigate to and delete the following registry subkeys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\MenuOrder\Start Menu\Programs\Save Keys 5.1
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\MenuOrder\Start Menu\Programs\Save Keys
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\MenuOrder\Start Menu\Programs\Save Keys Undetectable 6.2 Demo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Save Keys 5.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Save Keys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Save Keys Undetectable 6.2 Demo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DPRCryption
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DMRCryption


Exit the Registry Editor.

Or he could just:
1. Create a system restore point.
2. Run Revo Uninstaller (using "high" setting).
3. Run SD full scan.

Ok revo does not find the prog, and none of the reg entries are there??, none of them, but the program is still active and running cus i can find and access the log file???

WTF??:confused:

For more information on SaveKeys, see below:

Name: Application.Savekeys_Keylogger
Threat Level: High
Description: Savekeys is a keylogger which captures all your keystrokes and saves it in a file specified by the person who installed or else by default it stores in a file called log.txt. It also has an option for storing in an encrypted format in a file called 'Encrypted log.txt'. Apart from all the keystrokes it stores the window title of the various applications used, status of the capslock, numlock button etc. This keylogger software can be installed with password protection and made undetectable. We recommend that you should remove this application unless installed for a purpose.
Type: TT_Keylogger
Threat analysis: Search ThreatExpert to view reports
Removal: This infection can be removed using Spyware Doctor.
http://www.pctools.com/mrc/infections/id/Application.Savekeys_Keylogger/

You may need to restore the following files from the Quarantine folder and once the files have been restored, try to uninstall the program. If the files are in quarantine, maybe some of the components for SaveKeys is missing and doesn't have its full functionality. See if this works.

ok THANKS WILL TRY THAT, BUT WHY DOES IT SAY CAN BE CLEANED BY SPYWARE DOCTOR WHEN IT CANT?

OOps bloody kb not shouting lol.