Keylogger or something

Discussion in 'Malware Help (A Specialist Will Reply)' started by Moleybear, Oct 12, 2012.

  1. Moleybear

    Moleybear Private E-2

    Recently my wow account got hacked causing me to think it was a keylogger. I ran scans with AVG 2013 and malware bytes, removing the malware which i thought was the keylogger. I then changed my password and began playing again. Roughly 30miniutes later, as i got all my items back my account was broke into and password had been changed once again. I hopped on as fast as i could and changed the password and added a authenticator to my account. Now blizzard banned my account until i can prove its me and i remove this goddamn thing off my computer.

    I ran many programs such as spybot s&d, avast!, malware bytes many times, with not much luck of finding anything. Spybot found a few infected areas which i fixed, but not too sure if this was the keylogger or not.

    How can i tell if my PC still has some sort of malware and what can i do to remove this stupid thing?

    Many thanks,
    Moley :major
     
    Moleybear, Oct 12, 2012
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Oct 12, 2012
    #2
  3. Moleybear

    Moleybear Private E-2

    I've ran throughout all the steps successfully - finding nothing. Do you think i am 100% secure or should i do anything to ensure im secure from any malware as such?

    Thanks:major
     
    Moleybear, Oct 12, 2012
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Not a clue until I can see the requested logs.
     
    TimW, Oct 12, 2012
    #4
  5. Moleybear

    Moleybear Private E-2

    Sorry, im not the best with this kinda stuff. All i have is the logs which say no malware was found, do you want me to attach those?

    Thanks
     
    Moleybear, Oct 12, 2012
    #5
  6. Moleybear

    Moleybear Private E-2

    This is all i got ;/. Nothing found in other programs so i had nothing really to log (as of in these). MGLogs made like 9 logs but i dont know if there up to much use...

    Thanks
     

    Attached Files:

    Moleybear, Oct 12, 2012
    #6
  7. Moleybear

    Moleybear Private E-2

    Right i need help they have stole every email address i have. I dont know what this could be, but i need to get rid of it somehow or another.

    Please hlep :cry:cry:cry:cry
     
    Moleybear, Oct 12, 2012
    #7
  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Look, even if nothing is found by the programs, we still want to see the logs :) so please attach for TimW logs from running HitmanPro and yes, we also want to see the complete MGlogs.zip. It's the most important one of all!

     
    Kestrel13!, Oct 13, 2012
    #8
  9. Moleybear

    Moleybear Private E-2

    The MGLogs are all here (i think aha), but i swear you can only create a log in hitmanPro if you find anything?

    Thanks
     

    Attached Files:

    Moleybear, Oct 13, 2012
    #9
  10. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Not true but it really does not matter so much for the Hitman log so don't worry about that. TimW will log in later on.
     
    Kestrel13!, Oct 13, 2012
    #10
  11. Moleybear

    Moleybear Private E-2

    Ok thanks, you have any idea what this thing is? It seems invincible! :cry
     
    Moleybear, Oct 13, 2012
    #11
  12. Moleybear

    Moleybear Private E-2

    I also included here Combofix logs and TDSS killer logs as i assume it maybe helpful.

    Many thanks :major
     

    Attached Files:

    Moleybear, Oct 13, 2012
    #12
  13. Moleybear

    Moleybear Private E-2

    Hi

    Dosent matter now about the logs as i am now nuking my hard drive of all its data and re-installing windows.

    I just have one last question, with me nuking my hard drive of all its data, is there a chance that this spyware/malware/ virus could survive and still be on my system when i have installed windows again.

    Thanks
     
    Moleybear, Oct 13, 2012
    #13
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please put ComboFix directly on your desktop!! not here:
    Running from: c:\users\User\Downloads\ComboFix.exe


    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    ClearJavaCache::
KILLALL::
File::
C:\Users\User\AppData\Local\Temp\15116100994655818.tmp
C:\Users\User\AppData\Local\Temp\15116100994655896.tmp
C:\Users\User\AppData\Local\Temp\1682576114664835.tmp
C:\Users\User\AppData\Local\Temp\1682576114665116.tmp
C:\Users\User\AppData\Local\Temp\35906606024654913.tmp
C:\Users\User\AppData\Local\Temp\35906606024655272.tmp
C:\Users\User\AppData\Local\Temp\41530318194669577.tmp
C:\Users\User\AppData\Local\Temp\41530318194669796.tmp
C:\Users\User\AppData\Local\Temp\REG158.tmp
C:\Users\User\AppData\Local\Temp\REGDAE3.tmp
C:\Users\User\AppData\Local\Temp\REGE501.tmp
C:\Users\User\AppData\Local\Temp\utt41F0.tmp
C:\Users\User\AppData\Local\Temp\utt41F1.tmp
C:\Users\User\AppData\Local\Temp\utt41F2.tmp
C:\Users\User\AppData\Local\Temp\utt41F3.tmp
C:\Users\User\AppData\Local\Temp\utt46D4.tmp
C:\Users\User\AppData\Local\Temp\utt46D5.tmp
C:\Users\User\AppData\Local\Temp\utt46D6.tmp
C:\Users\User\AppData\Local\Temp\utt46D7.tmp
C:\Users\User\AppData\Local\Temp\utt8036.tmp
C:\Users\User\AppData\Local\Temp\utt80C4.tmp
C:\Users\User\AppData\Local\Temp\utt80C5.tmp
C:\Users\User\AppData\Local\Temp\utt8133.tmp
C:\Users\User\AppData\Local\Temp\uttA18F.tmp
C:\Users\User\AppData\Local\Temp\uttA1EE.tmp
C:\Users\User\AppData\Local\Temp\uttA24D.tmp
C:\Users\User\AppData\Local\Temp\uttA29C.tmp
 
Folder::
C:\1647
C:\1649
C:\1651
C:\1653
C:\1654
C:\1689
C:\1691
C:\1692
C:\1693
C:\1694
C:\1698
C:\1699
C:\1700
C:\1705
C:\1706
C:\1707
C:\1708
C:\1709
C:\1710
 
Registry::
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows
"AppInit_DLLs"=""
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}]
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the previous file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below
    Note:
    Do not mouseclick combofix's window while it is running. That may cause it to stall.
    Note: If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below log:
    • C:\MGlogs.zip
    • C:\Combofix.txt
    Make sure you tell me how things are working now!
     
    TimW, Oct 13, 2012
    #14
  15. Moleybear

    Moleybear Private E-2

    I nuked my hard drive just before you said that sorry.

    Could this invincible virus survive a dban nuke and reinstallation of windows?

    Thanks:major
     
    Moleybear, Oct 13, 2012
    #15
  16. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    If you did a complete reformat and re-partition, then no, it will not survive.
     
    TimW, Oct 13, 2012
    #16
  17. Moleybear

    Moleybear Private E-2

    Well im using dban and it nukes and re-writes all the data on the hard drive 3 times, so i dont need to repartition i dont think.

    Thanks for all the help :D:major:major
     
    Moleybear, Oct 13, 2012
    #17
  18. Moleybear

    Moleybear Private E-2

    Or do i need to re-partition? If so could you please explain it to me :p(im a big noob with this stuff). :D
     
    Moleybear, Oct 13, 2012
    #18
  19. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    dban will do the job. Not to worry.
     
    TimW, Oct 13, 2012
    #19

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds