possible keylogger

Discussion in 'Malware Help (A Specialist Will Reply)' started by Patra, May 7, 2007.

  1. Patra

    Patra Private E-2

    It all started yesterday when I was on the WoW realm forums. Someone was making new threads in a lot of the forums with a link, and me being stupid I clicked on it. I got a page error, clicked back, and forgot about it. An hour or so later someone confirmed that all of these links were keyloggers.

    After that I panicked a bit and immediately set out to get rd of it. First I got a keyscrambler addon for firefox: https://addons.mozilla.org/en-US/firefox/addon/3383 (btw, does anyone know a full on keyscrambler that will do this for all keystrokes, not just in firefox?)

    After I found that, a friend recommended you guys, so I came and followed all of the steps in the prereq thread and here I am. The scans actually picked up a lot more than I expected, but I am still not sure if the keylogger is still around. I am attaching all of the required log files.
     

    Attached Files:

    Patra, May 7, 2007
    #1
  2. Patra

    Patra Private E-2

    Other log files....
     

    Attached Files:

    Patra, May 7, 2007
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Your logs do not show any signs of major problems especially with keyloggers. Are you actually having any problems?

    I do have a couple things for you to do.

    1) Uninstall the CounterSpy trial since we are finished with it.

    2) Uninstall the below software:
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    Viewpoint Manager (Remove Only) <-- should have been uninstalled in step 0 of the READ ME
    Viewpoint Media Player <-- should have been uninstalled in step 0 of the READ ME

    Make sure you reboot after uninstalling the above!

    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment
     
    chaslang, May 7, 2007
    #3
  4. Patra

    Patra Private E-2

    Well I clicked a link supposedly containing a keylogger so I just wanted to be sure. At this point I have no reason to suspect I actually have one; I was simply playing it safe. Thank you for your help :cool
     
    Patra, May 7, 2007
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome! If you want to just add one additional check just for your own piece of mind then run the below to check for rootkits.

    Now please download F-Secure's BlacklightBeta
    • Download fsbl.exe and save it to the Desktop.
    • Once saved... double click fsbl.exe to install the program.
    • Click accept agreement and Click scan
    • This application may trigger a warning from your antivirus. Let the driver load. Wait for it to finish.
    • If it displays any items...don't do anything with them yet. Just hit exit (close)
    • It will drop a log on Desktop that starts with fsbl....big number
    Please attach the BlackLight log.
     
    chaslang, May 7, 2007
    #5
  6. Patra

    Patra Private E-2

    Looks like I'm clean; thanks again :)
     

    Attached Files:

    Patra, May 7, 2007
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    It is time to do our final steps:
    1. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created. After doing the above, you should work thru the below link:
     
    chaslang, May 7, 2007
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds