 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Forum / Windows Vista / Setup and Deployment / March 2008tattlletale winload keylogger trojan standard in Vista?
After installing RC 1 Vista, I noticed using XSOFTSPY that in windows\system32\winload.EXE a Trojan is mentioned named tattletale. I can not remove it. I have understood that Tattletale is used for "parental control", i.e. a keylogger that should be used by parents to "spy" their children. Easily it can be used for other usage as well. Xsoftsy call is a severe risk. (I agree). My questions 1: Is this a standard element of Vista? or have I installed it by accident separately? 2: How can I remove this. It is not part of Vista..perhaps someone installed it without your knowledge. PC Tattletale http://www.pcworld.com/downloads/file/fid,27548-order,1-page,1/description.html  SignatureCarey Frisch Microsoft MVP Windows Shell/User -------------------------------------------------------------------------------------- After installing RC 1 Vista, I noticed using XSOFTSPY that in windows\system32\winload.EXE a Trojan is mentioned named tattletale. I can not remove it. I have understood that Tattletale is used for "parental control", i.e. a keylogger that should be used by parents to "spy" their children. Easily it can be used for other usage as well. Xsoftsy call is a severe risk. (I agree). My questions 1: Is this a standard element of Vista? or have I installed it by accident separately? 2: How can I remove this. Winload.exe is a part of the Vista RTM operating system. You will find two instances of it on your computer. One will be in C:\Windows\System32 and is 918k The other is in C:\Windows\System32\Boot and is 918k Both are dated Thursday, November 02, 2006, 07:42:32 SignatureRegards, Richard Urban Microsoft MVP Windows Shell/User (For email, remove the obvious from my address) Quote from George Ankner: If you knew as much as you think you know, You would realize that you don't know what you thought you knew! > It is not part of Vista..perhaps someone installed it without your > knowledge. [quoted text clipped - 17 lines] > separately? > 2: How can I remove this. Hi Richard, OP's problem is that their anti-spyware program is out of date and not up to snuff for Vista. It is misidentifying the legitimate winload.exe file with the one provided by the PC Tattletale malware. I just knew this was going to start happening when they used the file name of known malware for the system bootloader. SignatureBest of Luck, Rick Rogers, aka "Nutcase" - Microsoft MVP http://mvp.support.microsoft.com/ Windows help - www.rickrogers.org > Winload.exe is a part of the Vista RTM operating system. You will find two > instances of it on your computer. [quoted text clipped - 27 lines] >> separately? >> 2: How can I remove this. How have you tried to remove it? You should check your startup programs to at least keep it from starting. Have you tried stopping it in Task Manager and then uninstalling it? > After installing RC 1 Vista, I noticed using XSOFTSPY that in > windows\system32\winload.EXE a Trojan is mentioned named tattletale. I [quoted text clipped - 11 lines] > separately? > 2: How can I remove this. Can we say "false positive"? I dl'd this program, ran it, and it claimed winload.exe was a trojan and also claimed i had a trojan/adware in my hostfile..... hmmm only entry in my host file is loopback. Another program deleted like many other so called spyware scanners I've tried. I wouldn't pay for it. > After installing RC 1 Vista, I noticed using XSOFTSPY that in > windows\system32\winload.EXE a Trojan is mentioned named tattletale. I [quoted text clipped - 11 lines] > separately? > 2: How can I remove this. Winload.exe is a part of the Vista RTM operating system. You will find two instances of it on your computer. One will be in C:\Windows\System32 and is 918k The other is in C:\Windows\System32\Boot and is 918k Both are dated Thursday, November 02, 2006, 07:42:32 SignatureRegards, Richard Urban Microsoft MVP Windows Shell/User (For email, remove the obvious from my address) Quote from George Ankner: If you knew as much as you think you know, You would realize that you don't know what you thought you knew! > After installing RC 1 Vista, I noticed using XSOFTSPY that in > windows\system32\winload.EXE a Trojan is mentioned named tattletale. I [quoted text clipped - 11 lines] > separately? > 2: How can I remove this. Additionally, many forms of malware take on the name of a valid Windows system file. If you find a similarly named file in another location - it is a trojan, malware or virus. SignatureRegards, Richard Urban Microsoft MVP Windows Shell/User (For email, remove the obvious from my address) Quote from George Ankner: If you knew as much as you think you know, You would realize that you don't know what you thought you knew! > Winload.exe is a part of the Vista RTM operating system. You will find two > instances of it on your computer. [quoted text clipped - 21 lines] >> separately? >> 2: How can I remove this. Hi all, I've learned a lot. I've even managed to change the owner of the (system)file, necessary to delete it. Actually I have deleted all the Winload-files (diffrent creation-date), so the system did not boot anymore. Never mind, this is "testing" and the installationpackage was obvious manipulated and not trustable in any way. Thanks a lot for all answers. Marinus > Additionally, many forms of malware take on the name of a valid Windows > system file. If you find a similarly named file in another location - it is [quoted text clipped - 25 lines] > >> separately? > >> 2: How can I remove this. I think I have a similar/maybe related problem and would appreciate if someone could help me. I did an upgrade from XP to Vista Home basic on my sons computer. It does not have a DVD drive so had to install from 5 CD's. I put the parental lock on as the computer is in his room and wanted to have some control on what is viewed (and doing homework rather than chatting/surfing)!! ;oP All seemed to be working fine. My son then got to the computer and removed Grand Theft Auto. The computer no longer starts - he assures me this is all he did. It gives the error winload.exe missing or corrupt (yadda, yadda, yadda). It tells me to reinsert disc and restart. I do this and it wont read the CD. I have checked boot sequence and it is CD first. Now what? Please help or provide some ideas as I just cant afford to pay to fix this one. thanks in advance > After installing RC 1 Vista, I noticed using XSOFTSPY that in > windows\system32\winload.EXE a Trojan is mentioned named tattletale. I can [quoted text clipped - 9 lines] > separately? > 2: How can I remove this. |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.