Keylogger

Hello there again guys. I believe I have a keylogger on my PC. The reason I think this is because I play the game World of Warcraft and my account has been comprimised and noone but I has the account info. I have followed your rules and here are my logs. Please let me know if you find anything. Thank you.

 

Final log

 

Hi Lirpa,

Please run both of these

• BitDefender RootkitUncover
• Running GMER to detect rootkits for info on using and getting a log (Vista)

and then go to Using PandaActiveScan and run it as well. It requires Internet Explorer with Active X enabled.

Attach the logs when you finish.

abri

 

Hello, sorry it took a while for me to get the scans done. Bit defender found nothing and I cant figure out how to do the log. Here are the other logs. AVG Defender has found multiple PSW.OnlineGames.** trojans. I also have this same trojan on another pc but 1 at a time I will post. Thanks for all your help. Please let me know what you see.

 

Hi Lirpa,

At the moment I don't see any obvious signs of a keylogger. If you are using VZAccess Manager, you may want to check for vulnerabilities at Secunia's website here:

http://secunia.com/product/16313/

When you run AVG, does it remove everything it finds, and if you allow it to do a system scan again, does it find the same things anywhere but in its own quarantine?

If AVG is not removing the trojans, then I recommend downloading one of the trial versions, for instance Counterspy which can be found in the Alternate Scans
and allowing it to run.

Also, please do the following:

Download and install Erunt. Use it to create a backup of your registry.

Then please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the File Type is set to "all files". Once you have saved it, look for it on your desktop and when you find it, double-click it and allow it to merge with the registry.

Then I would like for you to remove all the installation programs from your desktop which you no longer need. If you want to keep them, make a special folder for them.

Then CCleaner.

If World Of Warcraft is the only problem you've been experiencing on your computer, then I would advise you to check with the WoW forum for possibilities besides keyloggers for people breaking into your account. I noticed that you put the Windows Product Key Update Tool on your computer the same day as AVG. Also on that day a file called 16dec07.xls appeared. A few days later this was installed on your desktop: 312295.exe

I can't help but think I don't have all the information regarding your computer, but if you have been without a valid activation key for a period of time, it's possible you missed some updates and since these serve the function of removing vulnerabilities, your computer may have been without protection for a short time.

Let me know how the above goes and if you decide to run Counterspy, if it finds anything.

abri

 

Abri, Thank you for your time. I dont use VZAccess manager on this pc. I used it initianally to see how to set it up for my phone and laptop so I have deleted it. AVG hasnt seen PSW.Onlinegames.*** where the *** are 3 random letters since the first time it did and fixed. I tried to install the programs you suggested but now it seams I cannot run any exe files now. I get errors like "Unable to execute file in the temporary directory. Setup aborted." Seen one saying that I didnt have admin rights but I am admin on this pc. This just started today. Also, my D: which was just storage is now not in my computer anymore. That is the location I had World of Warcraft if that means anything. Prolly not. I ran the fixme and installed successfully. Also deleted all the setups on desktop and ran CC again.

Yes you are right there are things you are not aware of. A few weeks ago I got jumped by some spyware and worked with Chaslang to get rid of it and that is also the same time that I was getting a popup stating that my windows wasnt legitimate, which is not the case.

Here is the thread:

http://forums.majorgeeks.com/showthread.php?t=160526

This started the instant I got the spyware. I posted and was told to download the Windows Product Key Update Tool which failed over and over again so yes, I wasnt able to update windows because of that. Then one day I wake up to find the pop up gone and I had updates waiting for install, so I did. So yes there was maybe a week that I wasnt able to update. However, it was updated when I got this keylogger, which I know I got it from Youtube looking at a WOW video. Then the rest you know. Ran the read me again and posted. Since I recieved this keylogger, like a dummy, I coppied some wow mod settings over to a usb and transfered them to my desktop. STUPID I know as I passed it to my laptop and when I scanned over 300 instances of this PSW.Onlinegames.*** trojan. So, since I just got my laptop from service for the fan and HP re-imaged my hardrives anyways, I just formated and reinstalled windows to get rid of it. My concern is the desktop which you have been helping me with since I cannot reformat. I just would like to make sure that it is gone as I spend way too much time and effort into that game, not to mention that the game masters are working to recover everything that was taken. So right now, cant run those 2 programs. Any suggestions? Thanks again for your time.

 

Hello again Chaslang!

I guess I was just trying to open. I saved Counterspy and to my documents and was able to install and run them. Ran GetLogs.bat and SuperAntiSpyware and attached the logs. AVG is the one that detected it from the resident shield. I have no idea what G: is prolly a jump drive but I have formatted it so Im assuming that is good, but I attached the log from it. Also had it on my laptop but I have reformatted and reinstalled windows on that one but It had found over 300 instances of that PSW.Onlinegames. My concern is this pc which yall have been helping me with which I cannot just format. Still seeing no D drive which is just storage and cant scan it anymore. Let me know what you see. THanks again. I know you guys do this out of your own time. Its appreciated.