Please! I really need help here!

[TOOLER]

Hi there. I need some help from you. My computer is infected with keyloggers that work in stealth/invisible mode and I need something to detect them and eliminate them for good!

The story is as follows: my brother and I share the same PC. A while ago, I found out that some of my mails had already been opened/read (you know they were no longer highlighted), later on my brother and a friend of his, both of whom know a bit about computers and stuff like that, admitted having installed keyloggers just to play a trick on me. He says he has deleted them, BUT I do not trust him. I know him. Besides, how could I ever be sure if those fu**ing softs operate in an invisible mode?

Since I found that, I've been reading lot on the Web about those keyloggers and stuff. I'm no expert in computers, I'm just a regular user who is now upset.

I have Norton Antivirus 2003 updated and Ad-Aware SE Personal updated. Many told me the later one should detect all keyloggers but the truth is that it hasn't done so. I myself downloaded a keylogger called Quick Keylogger to see how efficient Ad-Aware is, BUT it didn't detect it!

So, basically I need some advise/help! Is there any other way to detect keyloggers and prevent from getting them? Any help would be much appreciated, indeed. I'm desperate.

Thanks.

 

[dreamweaverdude]

Try spybot seach and destroy it picks up most things, make sure it is updated and scan each profile on your com with it

here http://www.safer-networking.org/en/download/index.html

 

[TOOLER]

Try spybot seach and destroy it picks up most things, make sure it is updated and scan each profile on your com with it

here http://www.safer-networking.org/en/download/index.html

This is what it found:

1) Dropper
2) DyFuCA.IntrenetOptimizer
3) Power Scan

 

[TOOLER]

Sorry, the previous post has the scanning without the updates.
Here it is, updated.
This is the LOG:

Elitum.EliteBar: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\backup\EliteBar

Elitum.EliteBar: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-796845957-1336601894-1801674531-1003\Software\LQ

Altnet: Program directory (Directory, nothing done)
c:\Program Files\Altnet\

Altnet: Data (File, nothing done)
C:\WINDOWS\smdat32a.sys

Altnet: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{258A3625-183B-4477-AEE2-EA54DF6D878D}

Dialui-A: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iexpedition

DyFuCA.InternetOptimizer: Program directory (Directory, nothing done)
c:\Program Files\Internet Optimizer\

DyFuCA.InternetOptimizer: Executable (File, nothing done)
C:\Documents and Settings\IGNACIO1\Configuración local\Temp\optimize.exe

DyFuCA.InternetOptimizer: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Avenue Media

DyFuCA.InternetOptimizer: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-796845957-1336601894-1801674531-1003\Software\Policies\Avenue Media

DyFuCA: Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8}

DyFuCA: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0}

DyFuCA: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5}

eXact Advertising.BargainsBuddy: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil

eXact Advertising.BargainsBuddy: Data (File, nothing done)
C:\WINDOWS\system32\mqexdlm.srg

eXact Advertising.BargainsBuddy: Data (File, nothing done)
C:\WINDOWS\system32\javexulm.vxd

eXact Advertising.BargainsBuddy: Executable (File, nothing done)
C:\WINDOWS\system32\instsrv.exe

eXact Advertising.BargainsBuddy: Executable (File, nothing done)
C:\WINDOWS\system32\exdl0.exe

eXact Advertising.BargainsBuddy: Executable (File, nothing done)
C:\WINDOWS\system32\angelex.exe

eXact Advertising.BargainsBuddy: Executable (File, nothing done)
C:\WINDOWS\bbchk.exe

GAIN.Gator: Shared DLL (1 apps) (Registry value, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\HDPlugin1019.dll

GAIN.Gator: Module usage (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1019.dll

ISearchTech.ISTdownloader: Executable (File, nothing done)
C:\Documents and Settings\IGNACIO1\Configuración local\Temp\iinstall.exe

ISearchTech.PowerScan: Program directory (Directory, nothing done)
C:\Archivos de programa\Power Scan\

ISearchTech.PowerScan: Executable (File, nothing done)
C:\Documents and Settings\IGNACIO1\Configuración local\Temp\powerscan.exe

ISearchTech.PowerScan: Executable (File, nothing done)
C:\Archivos de programa\Power Scan\powerscan.exe

ISearchTech.PowerScan: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\PowerScan

ISearchTech.SideFind: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-796845957-1336601894-1801674531-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}

ISearchTech.SideFind: Executable (File, nothing done)
C:\Documents and Settings\IGNACIO1\Configuración local\Temp\sidefind.exe

ISearchTech.YSB: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\YSBactivex.Installer.1

ISearchTech.YSB: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{BF06DA8E-2BEB-4816-9BBD-F7625246E245}

ISearchTech.YSB: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{DB447818-96B4-40DF-8A55-720DA496F514}

SexList: Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-796845957-1336601894-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\_{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

WebRebates.TopRebates: Executable (File, nothing done)
C:\Documents and Settings\IGNACIO1\Configuración local\Temp\webrebates.exe

 

[wozelbeak]

sexlist: hey, looks like your bro has got some porn site virus as well. get rid of the ones it found then run it again.

 

[Brackbob]

Ive used both Spybot search and destroy and adaware and some times i would have 1 or 2 things that kept coming back now i have gotten microsoft anti spyware http://www.microsoft.com/athome/security/spyware/software/default.mspx and i am very pleased with it. much more settings and stuff than adaware and spybot, give this a try.

 

[dreamweaverdude]

just scrub the whole lot, most of it will be crap clogging up your com

 

[setishock]

Hidden file...

Most, if not all key loggers are hidden files. Make all files and folder visable and look your c: drive over with a fine tooth comb.
Your brother is a real SOB in my book. Reading your mail is a blantent invasion of your privacey. A trip to the tool shed is in order...

 

[TOOLER]

1) I uninstalled Ad-Aware and downloaded it again and updated it.

I got Ad-Aware SE Personal 1.05 On www.lavafost.com there were other Ad-aware softs to download, is it enough with the one I got, is that ok?

2) I erased the bugs both Spybot and Ad-Aware showed me. Ad-Aware detected like 3 keyloggers, hosted in something like C./ System Volume Info or somethig along those lines. Hope they bare gone for good.

Thanks for your help, folks! Hope I can count on you for future questions.

 

[BigLu]

Also, one of the best programs to clean up your computer is HijackThis, it can find things that Ad-Aware and Spybot can't. It is a small program but finds all keyloggers, spyware, adware and redirects.

http://www.download.com/3120-20_4-0.html?qt=HijackThis&tg=dl-2001&search.x=23&search.y=4