apparent keylogger malware infection

Likely just false detections since GMER and many other specialty malware tools ( MGtools included) and rootkit scanners etc, can be falsely detected due to the nature or what they do. If our tools turned the table and we acted foolishly like antivirus companies do, our tools would be declaring every antivirus, antispyware, firewall...etc program to be infected too for the same reasons they unjustly declare. They say the tools make changes to the registry, to the file system, that they may install something or download something. This is exactly what every program that is installed on a PC does. It does not make it malware.

Web-Based Enterprise Management (WBEM) is a set of management and Internet standard technologies developed to unify the management of distributed computing environments. WBEM provides the ability for the industry to deliver a well-integrated set of standard-based management tools, facilitating the exchange of data across otherwise disparate technologies and platforms. It is a Microsoft Office component. See: http://processlist.com/info/offprov.html

What you are seeing may or may not be valid. Don't know for sure unless you run our full cleaning procedure and attach ALL of the requested logs. Some websites do run scripts that could cause things to run. Ads are sometime run this way. But also malware scripts can also make use of this to cause things to run on your PC. But the process itself is from Microsoft.

 

READ & RUN ME FIRST. Malware Removal Guide

 

The detections were false positives. Your logs are clean.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome.

Likely the same reason as the previous one which is just a statement telling you about an action going on. They did not say it was malware. Many processes need to have access to the internet and many processes will have hooks to other files. It is quite normal. The difficulty is in determining when something is valid and when not. The firewall was just basically informing you of something it observed and asking you to verify/approve it. There was no statement that this is malware or bad.

All correct.

 

It happens thousands of time per day which is why in a previous message I said it was a false detection. These happen with all security programs. PC Tools is no exception.

Not completely true since you load reader_sl.exe at startup and also load a browser helper object for Adobe into your brower.

You need to just allow these and be finished with it. You are not infected.

 

Nothing! This is the Windows Recovery Console which was installed to potentially help you should you ever have problem either with Windows itself or from malware. This could potentially save you from having to do a full reinstall if problems occur. I have it installed on all my PCs. It also is very useful for people who do not have a boot CD or cannot find it.

 

I'm not sure if ComboFix did this or not, our final instructions also discussed disabling autoruns. Having autoruns enabled is extremely dangerous and many of todays nastiess malware are taking advantage of people who leave autoruns enabled and will automatically infect and reinfect anything inserted into a PC when autoruns is enabled. This is not a feature you really want or need to have enabled and the downside risk is to great to have it enable. Many of the PCs we need to clean each week are victims of having this enabled. Many times a persons son/daughter ( or even themselves ) insert a USB drive that was originally plugged into another infected PC and upon insertion, autoruns loads up and spreads the malware to this PC and any harddisk in it or connected to it. Thus propagating the malware.

You can read more info about this all over the internet but here are a few links:

http://virusanalysts.blogspot.com/2007/11/preventing-autorun-infection.html


http://news.softpedia.com/news/Worm-Infections-Via-Windows-AutoRun-72130.shtml

http://www.jamiesrebellion.co.cc/gamingnews/87-autorun-infections-re-emerging-in-the-wild.html

http://win7vista.com/index.php?topic=1858.0