Go Back   Computer Forums > General Computing > Hardware
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 03-06-2005, 10:11 AM   #1
Solid State Member
 
Join Date: Mar 2005
Posts: 10
Default Please! I really need help here!

Hi there. I need some help from you. My computer is infected with keyloggers that work in stealth/invisible mode and I need something to detect them and eliminate them for good!

The story is as follows: my brother and I share the same PC. A while ago, I found out that some of my mails had already been opened/read (you know they were no longer highlighted), later on my brother and a friend of his, both of whom know a bit about computers and stuff like that, admitted having installed keyloggers just to play a trick on me. He says he has deleted them, BUT I do not trust him. I know him. Besides, how could I ever be sure if those fu**ing softs operate in an invisible mode?

Since I found that, I've been reading lot on the Web about those keyloggers and stuff. I'm no expert in computers, I'm just a regular user who is now upset.

I have Norton Antivirus 2003 updated and Ad-Aware SE Personal updated. Many told me the later one should detect all keyloggers but the truth is that it hasn't done so. I myself downloaded a keylogger called Quick Keylogger to see how efficient Ad-Aware is, BUT it didn't detect it!

So, basically I need some advise/help! Is there any other way to detect keyloggers and prevent from getting them? Any help would be much appreciated, indeed. I'm desperate.

Thanks.
__________________

TOOLER is offline   Reply With Quote
Old 03-06-2005, 10:17 AM   #2
In Runtime
 
dreamweaverdude's Avatar
 
Join Date: Jan 2005
Posts: 240
Default Re: Please! I really need help here!

Try spybot seach and destroy it picks up most things, make sure it is updated and scan each profile on your com with it

here http://www.safer-networking.org/en/download/index.html
__________________

dreamweaverdude is offline   Reply With Quote
Old 03-06-2005, 02:54 PM   #3
Solid State Member
 
Join Date: Mar 2005
Posts: 10
Default Re: Please! I really need help here!

Quote:
Originally Posted by dreamweaverdude
Try spybot seach and destroy it picks up most things, make sure it is updated and scan each profile on your com with it

here http://www.safer-networking.org/en/download/index.html
This is what it found:

1) Dropper
2) DyFuCA.IntrenetOptimizer
3) Power Scan
TOOLER is offline   Reply With Quote
Old 03-06-2005, 03:10 PM   #4
Solid State Member
 
Join Date: Mar 2005
Posts: 10
Default

Sorry, the previous post has the scanning without the updates.
Here it is, updated.
This is the LOG:

Elitum.EliteBar: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\backup\EliteBar

Elitum.EliteBar: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-796845957-1336601894-1801674531-1003\Software\LQ

Altnet: Program directory (Directory, nothing done)
c:\Program Files\Altnet\

Altnet: Data (File, nothing done)
C:\WINDOWS\smdat32a.sys

Altnet: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{258A3625-183B-4477-AEE2-EA54DF6D878D}

Dialui-A: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\iexpedition

DyFuCA.InternetOptimizer: Program directory (Directory, nothing done)
c:\Program Files\Internet Optimizer\

DyFuCA.InternetOptimizer: Executable (File, nothing done)
C:\Documents and Settings\IGNACIO1\Configuración local\Temp\optimize.exe

DyFuCA.InternetOptimizer: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Avenue Media

DyFuCA.InternetOptimizer: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-796845957-1336601894-1801674531-1003\Software\Policies\Avenue Media

DyFuCA: Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8}

DyFuCA: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0}

DyFuCA: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5}

eXact Advertising.BargainsBuddy: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil

eXact Advertising.BargainsBuddy: Data (File, nothing done)
C:\WINDOWS\system32\mqexdlm.srg

eXact Advertising.BargainsBuddy: Data (File, nothing done)
C:\WINDOWS\system32\javexulm.vxd

eXact Advertising.BargainsBuddy: Executable (File, nothing done)
C:\WINDOWS\system32\instsrv.exe

eXact Advertising.BargainsBuddy: Executable (File, nothing done)
C:\WINDOWS\system32\exdl0.exe

eXact Advertising.BargainsBuddy: Executable (File, nothing done)
C:\WINDOWS\system32\angelex.exe

eXact Advertising.BargainsBuddy: Executable (File, nothing done)
C:\WINDOWS\bbchk.exe

GAIN.Gator: Shared DLL (1 apps) (Registry value, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\HDPlugin1019.dll

GAIN.Gator: Module usage (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1019.dll

ISearchTech.ISTdownloader: Executable (File, nothing done)
C:\Documents and Settings\IGNACIO1\Configuración local\Temp\iinstall.exe

ISearchTech.PowerScan: Program directory (Directory, nothing done)
C:\Archivos de programa\Power Scan\

ISearchTech.PowerScan: Executable (File, nothing done)
C:\Documents and Settings\IGNACIO1\Configuración local\Temp\powerscan.exe

ISearchTech.PowerScan: Executable (File, nothing done)
C:\Archivos de programa\Power Scan\powerscan.exe

ISearchTech.PowerScan: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\PowerScan

ISearchTech.SideFind: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-796845957-1336601894-1801674531-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}

ISearchTech.SideFind: Executable (File, nothing done)
C:\Documents and Settings\IGNACIO1\Configuración local\Temp\sidefind.exe

ISearchTech.YSB: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\YSBactivex.Installer.1

ISearchTech.YSB: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{BF06DA8E-2BEB-4816-9BBD-F7625246E245}

ISearchTech.YSB: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{DB447818-96B4-40DF-8A55-720DA496F514}

SexList: Settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-796845957-1336601894-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\_{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

WebRebates.TopRebates: Executable (File, nothing done)
C:\Documents and Settings\IGNACIO1\Configuración local\Temp\webrebates.exe
TOOLER is offline   Reply With Quote
Old 03-06-2005, 03:47 PM   #5
Daemon Poster
 
wozelbeak's Avatar
 
Join Date: Sep 2004
Posts: 1,324
Default Re: Please! I really need help here!

sexlist: hey, looks like your bro has got some porn site virus as well. get rid of the ones it found then run it again.
__________________
PENTIUM 4 3.06 GHZ WITH HT TECHNOLOGY
wozelbeak is offline   Reply With Quote
Old 03-06-2005, 03:48 PM   #6
Solid State Member
 
Brackbob's Avatar
 
Join Date: Mar 2005
Posts: 15
Default

Ive used both Spybot search and destroy and adaware and some times i would have 1 or 2 things that kept coming back now i have gotten microsoft anti spyware http://www.microsoft.com/athome/secu...e/default.mspx and i am very pleased with it. much more settings and stuff than adaware and spybot, give this a try.
Brackbob is offline   Reply With Quote
Old 03-06-2005, 04:30 PM   #7
In Runtime
 
dreamweaverdude's Avatar
 
Join Date: Jan 2005
Posts: 240
Default Re: Please! I really need help here!

just scrub the whole lot, most of it will be crap clogging up your com
dreamweaverdude is offline   Reply With Quote
Old 03-06-2005, 05:47 PM   #8
Wizard of Wires
 
setishock's Avatar
 
Join Date: Feb 2005
Location: Not sure
Posts: 10,030
Default Hidden file...

Most, if not all key loggers are hidden files. Make all files and folder visable and look your c: drive over with a fine tooth comb.
Your brother is a real SOB in my book. Reading your mail is a blantent invasion of your privacey. A trip to the tool shed is in order...
setishock is offline   Reply With Quote
Old 03-07-2005, 01:24 PM   #9
Solid State Member
 
Join Date: Mar 2005
Posts: 10
Default

1) I uninstalled Ad-Aware and downloaded it again and updated it.

I got Ad-Aware SE Personal 1.05 On www.lavafost.com there were other Ad-aware softs to download, is it enough with the one I got, is that ok?

2) I erased the bugs both Spybot and Ad-Aware showed me. Ad-Aware detected like 3 keyloggers, hosted in something like C./ System Volume Info or somethig along those lines. Hope they bare gone for good.

Thanks for your help, folks! Hope I can count on you for future questions.
TOOLER is offline   Reply With Quote
Old 03-07-2005, 05:13 PM   #10
Daemon Poster
 
BigLu's Avatar
 
Join Date: Feb 2005
Posts: 1,140
Send a message via AIM to BigLu
Default Re: Please! I really need help here!

Also, one of the best programs to clean up your computer is HijackThis, it can find things that Ad-Aware and Spybot can't. It is a small program but finds all keyloggers, spyware, adware and redirects.

http://www.download.com/3120-20_4-0....=23&search.y=4
__________________

BigLu is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 10:35 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0