Looking for keylogger

Discussion in 'Malware Help (A Specialist Will Reply)' started by dainenyu, Apr 28, 2014.

  1. dainenyu

    dainenyu Private E-2

    My dad got hit with a whammy this weekend. His AOL mail account was compromised and some fraudulent charges were made on his credit card. Once we realized what was happening, we changed our security questions and passwords on his AOL and the master AOL accounts. I thought that would be the end of it, but some emails that my father had wanted to keep as evidence of the fraud have disappeared from the account.

    Basically, I'm afraid there may be a keylogger on his computer that the hacker used to get his AOL password again. (I've since changed his password using another computer and haven't entered any sensitive data on the compromised computer since I started suspecting a keylogger.)

    I've run the required scans and am attaching the logs. The HitmanPro log was too large to upload as a .txt so I zipped it. Any help would be greatly, greatly appreciated. Thanks ever so much.
     

    Attached Files:

    dainenyu, Apr 28, 2014
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there. :)

    Re run Hitman Pro and have it remove all that it finds.

    http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.



    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.
     
    Kestrel13!, Apr 28, 2014
    #2
  3. dainenyu

    dainenyu Private E-2

    Ok, I reran Hitman Pro and had it clean up what it found. JRT and MGtools logs are attached.
     

    Attached Files:

    dainenyu, Apr 28, 2014
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Please download SystemLook

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :regfind
ilivid*
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
    Kestrel13!, Apr 29, 2014
    #4
  5. dainenyu

    dainenyu Private E-2

    Systemlook log is attached
     

    Attached Files:

    dainenyu, Apr 29, 2014
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there. How are things running? :)
     
    Kestrel13!, Apr 29, 2014
    #6
  7. dainenyu

    dainenyu Private E-2

    Everything's running fine and my dad doesn't report seeing any other emails go missing. Thanks for your help.
     
    dainenyu, Apr 29, 2014
    #7
  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You are most welcome. :)

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

    7. After doing the above, you should work thru the below link:
     
    Kestrel13!, Apr 30, 2014
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds