Kaspersky found a keylogger!

Hi! I'm a newbie. I removed Norton because I was told that it wasn't very good. Kaspersky was recomended to me and so I installed the free 15 day trial right after I removed Norton. It found a keylogger. I can't get rid of it and it's driving me nuts! A message windo keeps popping up to tell me that it's Kaspersky's proactive defense and doesn't give me any options to remove it. The keylogger is in:System\32\drivers\PS2.sys. I realize that this is the driver for the keyboard. But I don't know if this keylogger should be there. The other programs I've run are: CCleaner, Adaware SE Personal, CounterSpy, XoftSpySE, SpyBot, Verizon PC Security. I have Spyware Blaster, but it didn't pick up on this. i've also compressed, defragged, and removed unused/unwanted programs. I don't know how to stop unnessary programs from starting up when I 1st turn on the computer. I've heard that I should also clean prefetch, but I don't know how to do that, either. This whole thing originally started because my computer was slow, was freezing up, and then I got the dreaded "blue screen." That blue screen would shut down Windows and tell me that my Bios wasn't certified/approved and that it needed to be updated at a certain site I didn't recognize. I suspected that that was a bogus site, but now I'm in over my head! Please help! ~tmcgee99

 

Hi tmcgee99!
Welcome to Major Geeks!

System\32\drivers\PS2.sys is a legitimate file and you need to allow it. See if that will help.

Also, if Counterspy found anything, have it fix anything it found and then uninstall it.

abri

 

Hi, "Abri!" Thanks for getting back to me so quickly! I will allow that keylogger, then! Any advice on that blue screen or how to clean the prefetch? I'd certainly appreciate any extra advice! ~tmcgee99

 

Hi tmcgee99!
The symptoms you describe sound symptomatic of having two antivirus programs installed. It can be difficult to get Nortons out of the computer completely. The best way for us to tell you if this might be the problem or if you have malware in your computer is for you to follow the instructions in the following link for running the three scans ShowNew, GetRunKeys and HijackThis. There are instructions and links for downloading and the proper installation of each. The scans themselves don't take long. If you run these, please post the three logs with your next post. The logs will be named newfiles.txt, runkeys.txt and hijackthis.log. The instructions are here:

READ & RUN ME FIRST

As for emptying your prefetch, this is generally only necessary if you've taken steps to get rid of malware.

abri

 

Hi, Abri! Thank you SOOO much for your help! No more blue screens! Yay! Counterspy is now deleted. I searched for any Norton related files and deleted those thar were found. You were right: there was some files that weren't removed by using the program's uninstall feature. Kaspersky is working much better than Norton, I think. Also, I shortened the list of start up programs. (NOT processes - too scared to touch them!) So far, so good on the computer freezes! I do still have Hijack This. Should I delete it? Also, I have Spyware Blaster, SpyBot, and XoftSpy Se. Which 1 should I keep? Earlier, you had said that only 1 antivirus should be on the computer, to avoid problems. I'm thinking the same goes for spyware, too? I found that I only have 14% free on my D drive. How do I make more room? And last, but not least, is there anything else that I can do to help my computer to run more smoothly, efficiently, quickly? You have saved my computer from going to the "doctor!" Thank you!

 

Hi tmcgee99!
Without seeing any logs, I can't know if your computer is clean or not, but it sounds like it's doing better. I suggest reading http://forums.majorgeeks.com/showthread.php?t=44525. We recommend keeping Spyware Blaster on your computer and running it according to the instructions. Also, it is a good idea to run Spybot S&D at least once a month. Kaspersky is a good antivirus program and you should have a two-way firewall. I run Kaspersky with ZoneAlarm and I know they are compatible. If you are running Kaspersky's security suite, it will have a firewall already. If you are not, I would recommend trying one of the firewalls in the above link rather than going to the security suite. The security suites can be quite a drain on your resourses.
As for HijackThis, it is useful for a number of things, but it needs to be used under the guidance of someone who is trained in how to read it. It doesn't distinguish between good and bad programs so using it without knowing what you're doing can lead to problems. If you'd rather not have it on your computer, it can be uninstalled via add/remove programs.
With regard to Xoftspy and Verizon, please refer to the above link. It is easy to have too much installed on a computer, which can be as ineffective as too little. If Verizon provides you with a firewall, you may want to use that. I'm not sure what all comes in their package.
I hope this is helpful for now. If you require further assistance, please post back again.
abri

 

Hi, Abri!
Thanks for all of the super advice! I've done all of the things on the list for checking for malware, with a few exceptions. I can't seem to get the reports attached to these messages. I've run Hijack This and can't seem to even find that log! I think maybe I accidently deleted it? Also, I've had problems downloading/running ShowNew and GetRunKeys. If you're thinking that these logs would be helpful, please walk me through the necessary steps. I wonder if maybe I just have too much security stuff? All of the steps on protecting my computer from viruses/malware have been completed. The issues that you all bring up about Internet Explorer even got me to install and use Mozilla Firefox as my browser! But that leaves me wondering if there is a way to disable Explorer, for added insurance? Also, I've downloaded 7-Zip for compression and Paragon total Defrag, which seem to me to do a better job than Windows options. Although, I can't seem to get C drive defragged because it keeps telling me that it can't be done while drive C is in use! But applying all of the rest of your advice has done my computer a great deal of good! So... what's next? Do I need to do anything else, or do you feel that all is well here? :confused ~tmcgee99
P.S: As I was finishing this post, my start menu kept popping up! lol!

 

hi tmcgee99

Attaching logs can be a problem if your browser cache is full. Please try emtying that or else try a different browser like Firefox. This is most likely a problem here, not at your end. Usually if you try a second time after you've been out of the internet, it will work. Also, please make sure you check the "Remember Me" button when you are logging on. Without seeing your logs, I can't see what's going on with your computer.

If you ran hijackthis as per our instructions, it will have produced a log after it was finished. That log will be called hijackthis.log
You can do a search for it on your computer and it should come up. Also, please do searches for newfiles.txt and runkeys.txt and see if you can find those two as well. If so, please try attaching them again. Remember that when you attach something to your post, you still have to write something into the text body of your message. The word hello is enough, but it has to be a message that is at least 4 letters long.

Finally, it would be better not to defrag your computer until you know it is free of malware. If the online scans (BitDefender and Panda) and if CounterSpy or AVG Antispyware came up clean, then that is a good sign.

abri

 

Just a note to add to post 8. Based on your original post, you may not have malware problems. It would be good for us to be able to look at the three logs I mentioned in the post previous to this one, because that would allow us to see if you might have two antivirus programs running or not.
abri