Re: stubborn Keylogger !
- From: "RJK" <notatospam@xxxxxxxxxxx>
- Date: Tue, 25 Mar 2008 21:05:56 -0000
Big thanks, ...will do,
...(4) Kaspersky sweep is running on it atm, am tempted to terminate it !
....just what are all those "error : delete wrong pointer" 's ? :-)
regards, Richard
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:e0XkLkrjIHA.2304@xxxxxxxxxxxxxxxxxxxxxxx
From: "RJK" <notatospam@xxxxxxxxxxx>
| Hi,
|
| I've got a XP Pro SP2 machine on the bench that has/had/or maybe still
has a
| keylogger in it.
| AVG / Ewido scan found it and seemed to remove it, but, I'm sure
there's
| something quite nasty still in there.
| AVG anti-virus wouldn't install - it's as though something is blocking
it
| from being installed.
| Adaware didn't really find anything, and seems to be not functioning
| properly in Safe Mode - it becomes unresponsive.
|
| ...and Multi-av - which I copied across in Safe mode from a USB
pen-drive =
| press 1 for the Sophos sweep and multi-av just vanishes. Press (2) for
| Trend, and apparantly psapi.dll is missing (it's not - it is present in
| system32).
| ...anyhow (1) Sophos and (2) Trend scans will not run.
| Several previous attempts to start multi-AV sweeps 1 and 2, in Normal
and
| Safe Mode caused XP to shut down !
|
| ....Mcafee (3) in multi-av is running in Windows "Diagnostic startup -
basic
| services etc" mode ...is that any good ?
|
| This machine was built and configured by a real PC clever clogs, who
built
| it for his girlfriend, ...long story ...relationship broke up, ...PC has
| been a nightmare ever since, ...I'm told by the young ladys' father !!!
I
| have a strong suspicion that this keylogger was installed by him and not
| picked up on the web, ...though of course that could be complete
rubbish.
|
| ....where do I start ?
|
| Mcafee just found "Generic Pup.a.Temp\DealioKit1-stub-0.exe ... "
| ...I'll Google on that in a minute....
| ....interesting Google results....
|
| any tips appreciated,
|
| regards, Richard
|
1. Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
2. Disable Notepad's word wrap:
In Notepad.exe; Format --> uncheck; "Word wrap"
3. Download/run Deckard's System Scanner:
http://www.techsupportforum.com/sectools/Deckard/dss.exe
4. Save the scan results (Main.txt and Extra.txt)
5. And then post the contents of Main.txt and Extra.txt in your post in
one of the below
expert forums...
{ Please - Do NOT post the HJT and Deckard's System Scanner Logs here ! }
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
.
- Follow-Ups:
- Re: stubborn Keylogger !
- From: ~BD~
- Re: stubborn Keylogger !
- From: David H. Lipman
- Re: stubborn Keylogger !
- References:
- stubborn Keylogger !
- From: RJK
- Re: stubborn Keylogger !
- From: David H. Lipman
- stubborn Keylogger !
- Prev by Date: Re: stubborn Keylogger !
- Next by Date: Re: stubborn Keylogger !
- Previous by thread: Re: stubborn Keylogger !
- Next by thread: Re: stubborn Keylogger !
- Index(es):
