Ask the Expert

How to remove TrueActive software from your system

I have TrueActive in my winlogon.exe. Xoftspy finds it and deletes it, but it comes back when I reboot. What should I do?

Requires Free Membership to View

TrueActive is a commercially available keylogger, formerly known as WinWhatWhere Investigator and is produced by TrueActive Software. It includes a suite of system monitoring tools including, keystroke, password, instant messaging, video/screen capture and network usage logging. It can operate in silent mode and use e-mail to send logs to a remote location. The licensed version also watches for antispyware programs, taking measures to avoid detection. Organizations can use this type of software to legitimately monitor computer activity. However, several antispyware vendors classify TrueActive as spyware because it has the ability to scan systems, monitor activity and relay information to other computers or locations. Symantec, for example, categorizes it as having a high-risk impact despite the fact that vendors have removed the silent deploy feature, which allowed you to secretly install the program on someone else's computer via e-mail.

If you can open the TrueActive Monitor, you will find an uninstall button located on the left side of the program setup screen. With this you can uninstall it and, according to TrueActive Software, they will assist you in removing it if they agree that the software has been inappropriately installed. If you wish to remove TrueActive yourself, you should backup your system registry or create a Windows restoration point. According to the ParetoLogic Web site, makers of XoftSpy, you have to delete the winlogon.exe file located in the windows directory as part of the manual removal process. To find out more visit When I installed TrueActive I found no such file, so be careful that you do not delete the winlogon.exe file located in the system32 directory. This file is the Windows login manager. It handles the login and logout procedures on your system and is an essential part of your OS. TrueActive does not tamper with or corrupt this file.

You may be having difficulities removing TrueActive because your employers have installed it. Another reason could be that other antispyware programs you are running are resetting any registry changes made by XoftSpy. Finally, viruses and spyware can quickly reappear if you have not secured the route they are using to infect your system. I would ensure that your firewall and antivirus program is up to date and perhaps install another anti-spyware program to check and clean your computer.

This was first published in October 2005

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: