Keylogger Problem (logs included)

Discussion in 'Malware Help (A Specialist Will Reply)' started by Goblinmatt12, Jan 22, 2008.

  1. Goblinmatt12

    Goblinmatt12 Private E-2

    Well, this morning I got an email about my games account password was changed. I did a few scans and it picked up nothing. I was able to find a .log file called richtX32 in my system32 folder that had a log of everything typed in game, and in my browser. I deleted everything in the document, and changed it to read only which seemed to stop any more key logging.

    I can give you a sample of what the log shows if you want.

    I was also told that process explorer may be able to track down whats going on. I looked through each process and didn't see anything dealing with richtX32.


    Any help would be awesome.
     

    Attached Files:

    Goblinmatt12, Jan 22, 2008
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let's do a couple of things:

    Please disable all anti-virus and anti-spyware programs while we do the following:

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Now use windows explorer to find and delete:
    C:\WINDOWS\TEMP\Down(0)ow.dll

    Now lets do one more things:
    Bitdefender agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files. Once Bitdefender completes the scan:

    Click-on the Detected Problems tab. Then select Click here to export the scan report

    When the window comes up to save the report, change the Save as type: box to Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click save. This will save a file named bdscan.txt in whatever folder you are currently in when you save the file (take notice of where you are at so you can find it later). This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

    Attach the Bitdefender log and tell me how things are.
     
    TimW, Jan 23, 2008
    #2
  3. Goblinmatt12

    Goblinmatt12 Private E-2

    Thank you for the help! Bitdefender is scanning right now but its very slow. Is this normal? Should I restart?

    Everything was fine untill I was supposed to delete C:\WINDOWS\TEMP\Down(0)ow.dll. It is not there, but I may of deleted it.

    This elite anti keylogger program I got detected some .dlls that were trying to hook themselves to programs and stuff, and I was able to delete some. Others keep coming back and are blocked by the program. I'll show you after I finish the bitdefender scan if you want.

    The richtX32.log file stopped logging even when not on read-only after I used the keylogger program, and I was able to delete it. The program is still showing some .dlls as keyloggers though, not sure if they are harmful.
     
    Goblinmatt12, Jan 23, 2008
    #3
  4. Goblinmatt12

    Goblinmatt12 Private E-2

    I think I messed this up a bit.

    Thanks again.
     

    Attached Files:

    Goblinmatt12, Jan 23, 2008
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    BitDefender was showing it in the system restore files and deleted it.

    What .dll's are you referring to?
     
    TimW, Jan 24, 2008
    #5
  6. Goblinmatt12

    Goblinmatt12 Private E-2

    This is what it already detected from yesterday.

    I can let it run for a bit now if these are bad to check if they are still causing problems.
     

    Attached Files:

    Goblinmatt12, Jan 24, 2008
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    shell32.dll is a library which contains Windows Shell API functions, which are used when opening web pages and files.

    msctf.dll is a module which belongs to the Microsoft Text Service Module.

    mshtml.dll is a module containing HTML-related utility functions.

    msswch.dll is a part of Windows Vista.

    ieframe.dll is a Internet Explorer Browser UI Library from Microsoft Corporation.
     
    TimW, Jan 24, 2008
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds