Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 06-02-2010, 06:56 PM   #1
Baseband Member
 
Join Date: Nov 2008
Posts: 91
Default apparent keylogger malware infection

A day or two ago AVAST! AntiVirus warned me I was attempting to access a dangerous website. (I don't remember what website it was.) I took the warning and didn't access the website.

Later I did a sweep with AVAST! It reported three malware infections. All 3 were of High severity and of the same type (Win32:Malware-gen).

Two of the infections were within two different copies I had of the GMER executable, one on my main disk (C), and the other on my backup disk (E). These two executables were not actually named gmer.exe because, in order to avoid being impregnated with malware by the forces of evil before these files were even downloaded, those parties who make these files available for download give them random names.

The third infection was in:

E:\System Volume Information\_restore {D18642E0-9885-4956-BEC4-09E7EF0136D4}\RP453\A0106921.EXE.

As this is a hidden directory, I was unaware of its existence on my backup disk. (I had originally obtained this disk drive from a friend.)

AVAST! successfully quarantined the two infected copies of the GMER executable, but said it could no longer find the third infected file.

I ran AVAST! again twice, Malwarebytes' Antimalware twice, and SUPERAntiMalware once, in all cases doing complete scans. No malware was found in any of these scans.

Now PC Tools Firewall Plus has just reported:

"Office Data Provider for WBEM

Office Data Provider for WBEM is attempting to monitor and/or intercept NetgearCUv2 MFC Application events. This hook monitors keystroke messages. The hook procedure is associated with all existing threads running in the same desktop as the calling thread.

Only allow this if you know the application is Safe."

(Netgear is my wireless network adapter.)

I of course didnít allow the application to run.

Apparently I've got a malware infection, and it's a keylogger (in addition to God knows what else).

Any help available?
__________________

BobLewiston is offline   Reply With Quote
Old 06-15-2010, 07:55 PM   #2
In Runtime
 
Warren's Avatar
 
Join Date: Jun 2010
Posts: 168
Default Re: apparent keylogger malware infection

Try installing Spybot S&D from

http://safer-networking.org

It should take care of that but if it doesn't run TrendMicro Hijack This and post the log.
__________________

Warren is offline   Reply With Quote
Old 06-15-2010, 10:17 PM   #3
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default Re: apparent keylogger malware infection

Your restore points are where most bugs hide out. Disable them.
Warning: Disabling restore points will delete the ones you already have.
But if you don't kill them your attempts to get rid of this bug will be pointless.
After you do this boot to safe mode and run your scans.
setishock is offline   Reply With Quote
Old 06-16-2010, 01:37 AM   #4
In Runtime
 
Join Date: Jun 2010
Posts: 135
Default Re: apparent keylogger malware infection

Also I noticed that using system restore before the date you know you got the virus generally kills the virus or I should say its like going back in time where it never happened. After you do a sysrestore i would run virus scans and malware scans just to get any fragments out if there are any left.
4mattc is offline   Reply With Quote
Old 07-04-2010, 10:59 PM   #5
In Runtime
 
Warren's Avatar
 
Join Date: Jun 2010
Posts: 168
Default Re: apparent keylogger malware infection

Quote:
Originally Posted by 4mattc View Post
Also I noticed that using system restore before the date you know you got the virus generally kills the virus or I should say its like going back in time where it never happened. After you do a sysrestore i would run virus scans and malware scans just to get any fragments out if there are any left.
Yes but most people don't realize they have a virus until days or weeks after the infection when the restore points are deleted.
Warren is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 09:36 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0