HELP.KOMSOMOLKA.INFO immutable keylogger

Discussion in 'Malware Help (A Specialist Will Reply)' started by tolstoi1, Apr 16, 2006.

  1. tolstoi1

    tolstoi1 Private E-2

    This is the most indestructible and tenacious keylogger I have seen or can imagine.

    See attached images.

    Here's the problem.

    Every website I visit becomes a history entry listed under help.komsomolka.info with the entry r3m0vex.

    When I mouse-over, I see that it is like a verbose bookmark with includes email ID and passwords.


    Since it shows in History, I assume it already transmitted to the remote keylogger before I am aware.

    What I've tried:
    1) Used Find to look for any file on the drive containing komsomolka or r3m0vex. The word komsomolka appears once in a
    Mozilla file called localstore.rdf . I edited localstore.rdf with a text editor, modifying the spelling of komsomolka. No change.
    2) Used 3 separate spyware/virus checkers.
    3) Disabled scvhost.exe from autoloading at bootup and renamed it to scvhostexe.bak. That apparently fixed nothing.
    4) Under Internet Options - Tools - Security - Restricted Sites - I blocked variations of komsomolka.info.

    5) I installed Microsoft patches and updates.

    This is an amazingly sophisticated keylogger.

    I might need a File Search utility that can be set to specifically look inside System/Hidden files or a system monitor program that
    shows each file as it is opened and executed.

    Ideas?
    Thanks,
    - CarlD trimagna at yahoo dot com

    --- hijack this log ---

    Edit by chaslang: Inline HJT log deleted.
     

    Attached Files:

    Last edited by a moderator: Jul 5, 2006
    tolstoi1, Apr 16, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
      • Bitdefender
      • Panda Scan
      • HijackThis
    Also download & run Blacklight Beta
    • Hit I accept. It will take you to download page.
    • Download blbeta.exe and save it to the Desktop.
    • Once saved... double click blbeta.exe to install the program.
    • Click accept agreement and Click scan
      This app too may fire off a warning from antivirus. Let the driver load.
      Wait for it to finish.
    • If it displays any items...don't do anything with them yet. Just hit exit (close)
    • It will drop a log on Desktop that looks like fsbl-xxxxxxx.log
    • Please attach the Blacklight log file here.
    Now run the below Ewido scan and attach the Ewido log:

    Running Ewido Anti-Malware

    It will take two messages to attach the 5 requested logs since only 4 attachments can be added to a single message.
     
    chaslang, Apr 16, 2006
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds