Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Stealth Keylogger

  • 11-08-2010 10:23pm
    #1
    Remedy Lane
    Registered Users, Registered Users 2 Posts: 10


    Howdy, I've got a problem one of you wiz kids might be able to help me with. My laptop got infected with a 'Stealth Keylogger' :confused: It keeps showing up in my Spybot searches but the programme wont remove it as its being used by another programme.

    I googled this and it sounds bad. I downloaded and tried various virus reomovers, but they didnt work. Some even came with trojans and caused me more trouble!

    Also did a system restore to the original date and its still there.

    So if anyone knows how to help me get rid of this, or point me in the right direction. Kudos in advance :)


Comments

  • #2
    u140acro3xs7dm
    Closed Accounts Posts: 1,512 ✭✭✭u140acro3xs7dm


    Did you try using malwarebytes? its usually pretty good. Otherwise id recommend running DDS and putting the logs up here and someone will come along and read them for you and give you further instructions.


  • #3
    Remedy Lane
    Registered Users, Registered Users 2 Posts: 10 Remedy Lane


    downloaded malwarebytes, ran a full scan and nothing showed up. ran that dds thing, heres what came up:

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Laurence at 14:54:12.70 on 12/08/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.353.1033.18.3005.2003 [GMT 1:00]


    ============== Running Processes ===============

    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\servicing\TrustedInstaller.exe
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\windows\system32\rundll32.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\taskhost.exe
    C:\windows\system32\taskeng.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
    C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
    C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
    C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    C:\windows\system32\igfxext.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxtray.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\SearchProtocolHost.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\windows\system32\sppsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\windows\system32\msiexec.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\ProgramData\Google\Google Toolbar\Update\gtb74B5.tmp.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    \\?\C:\windows\system32\wbem\WMIADAP.EXE
    C:\windows\system32\Macromed\Flash\FlashUtil9f.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Users\Laurence\Downloads\dds.com
    C:\windows\system32\conhost.exe
    C:\PROGRA~1\McAfee\MSC\mcsvrcnt.exe
    C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\program files\mcafee\msk\MskAPBho.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\Partner.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
    mRunOnce: [{054A0513-3E59-4c06-B932-D5A2EBF46C55}] "c:\programdata\google\google toolbar\update\gtb74B5.tmp.exe" /au /sid:S-1-5-21-1131658597-4005637612-88016806-1000 /q /child
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: igfxcui - igfxdev.dll

    ============= SERVICES / DRIVERS ===============

    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-17 214024]
    R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-9-17 10752]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-17 79816]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-17 35272]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-9-17 187392]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-2-25 54632]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-17 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-17 40552]

    =============== Created Last 30 ================

    2010-08-11 22:55:51 172032 ----a-w- c:\windows\system32\wintrust.dll
    2010-08-11 22:55:51 132608 ----a-w- c:\windows\system32\cabview.dll

    ==================== Find3M ====================

    2010-08-12 13:54:23 744114 ----a-w- c:\windows\system32\perfh00C.dat
    2010-08-12 13:54:23 739170 ----a-w- c:\windows\system32\perfh010.dat
    2010-08-12 13:54:23 692696 ----a-w- c:\windows\system32\perfh007.dat
    2010-08-12 13:54:23 148816 ----a-w- c:\windows\system32\perfc00C.dat
    2010-08-12 13:54:23 147674 ----a-w- c:\windows\system32\perfc007.dat
    2010-08-12 13:54:23 145752 ----a-w- c:\windows\system32\perfc010.dat
    2009-09-17 23:31:34 37534 ----a-w- c:\windows\inf\perflib\0410\perfd.dat
    2009-09-17 23:31:34 37534 ----a-w- c:\windows\inf\perflib\0410\perfc.dat
    2009-09-17 23:31:34 335478 ----a-w- c:\windows\inf\perflib\0410\perfi.dat
    2009-09-17 23:31:34 335478 ----a-w- c:\windows\inf\perflib\0410\perfh.dat
    2009-09-17 23:26:32 38104 ----a-w- c:\windows\inf\perflib\0407\perfd.dat
    2009-09-17 23:26:32 38104 ----a-w- c:\windows\inf\perflib\0407\perfc.dat
    2009-09-17 23:26:32 295922 ----a-w- c:\windows\inf\perflib\0407\perfi.dat
    2009-09-17 23:26:32 295922 ----a-w- c:\windows\inf\perflib\0407\perfh.dat
    2009-09-17 23:21:27 38160 ----a-w- c:\windows\inf\perflib\040c\perfd.dat
    2009-09-17 23:21:27 38160 ----a-w- c:\windows\inf\perflib\040c\perfc.dat
    2009-09-17 23:21:27 344522 ----a-w- c:\windows\inf\perflib\040c\perfi.dat
    2009-09-17 23:21:27 344522 ----a-w- c:\windows\inf\perflib\040c\perfh.dat
    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
    2009-07-26 20:04:46 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    ============= FINISH: 14:56:19.06 ===============


  • #4
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    got a spybot log ?


Advertisement