Re: stubborn Keylogger !

From: "RJK" <notatospam@xxxxxxxxxxx>

| Hi,
|
| I've got a XP Pro SP2 machine on the bench that has/had/or maybe still has a
| keylogger in it.
| AVG / Ewido scan found it and seemed to remove it, but, I'm sure there's
| something quite nasty still in there.
| AVG anti-virus wouldn't install - it's as though something is blocking it
| from being installed.
| Adaware didn't really find anything, and seems to be not functioning
| properly in Safe Mode - it becomes unresponsive.
|
| ...and Multi-av - which I copied across in Safe mode from a USB pen-drive =
| press 1 for the Sophos sweep and multi-av just vanishes. Press (2) for
| Trend, and apparantly psapi.dll is missing (it's not - it is present in
| system32).
| ...anyhow (1) Sophos and (2) Trend scans will not run.
| Several previous attempts to start multi-AV sweeps 1 and 2, in Normal and
| Safe Mode caused XP to shut down !
|
| ....Mcafee (3) in multi-av is running in Windows "Diagnostic startup - basic
| services etc" mode ...is that any good ?
|
| This machine was built and configured by a real PC clever clogs, who built
| it for his girlfriend, ...long story ...relationship broke up, ...PC has
| been a nightmare ever since, ...I'm told by the young ladys' father !!! I
| have a strong suspicion that this keylogger was installed by him and not
| picked up on the web, ...though of course that could be complete rubbish.
|
| ....where do I start ?
|
| Mcafee just found "Generic Pup.a.Temp\DealioKit1-stub-0.exe ... "
| ...I'll Google on that in a minute....
| ....interesting Google results....
|
| any tips appreciated,
|
| regards, Richard
|



1. Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

2. Disable Notepad's word wrap:
In Notepad.exe; Format --> uncheck; "Word wrap"

3. Download/run Deckard's System Scanner:
http://www.techsupportforum.com/sectools/Deckard/dss.exe

4. Save the scan results (Main.txt and Extra.txt)

5. And then post the contents of Main.txt and Extra.txt in your post in one of the below
expert forums...


{ Please - Do NOT post the HJT and Deckard's System Scanner Logs here ! }

Forums where you can get expert advice for HiJack This! (HJT) and Deckard's System Scanner
Logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.malwarebytes.org/forums/index.php?showforum=7
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


.

Quantcast