Removal of keylogger second set of eyes.

Discussion in 'Malware Help (A Specialist Will Reply)' started by Walleyjig, Oct 8, 2010.

  1. Walleyjig

    Walleyjig Private E-2

    I am having problems with a keylogger was wondering if I could get another set of eyes on my hijack this log.

    Windows 7 64bit

    I have update ran Norton AV/ Windows Defender/ Spybot SD/ malwarebytes. Nothing detected.
    The problem was with my WOW account being jacked. I deleted all the addons. I ran Hijack this and ran the paser from here http://hjt.networktechs.com/

    At the bottom of the log mainly lines such as
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    I have tried to delete in safe mode to no avail.

    Any suggestions would be much appreciated.
     
    Walleyjig, Oct 8, 2010
    #1
  2. Walleyjig

    Walleyjig Private E-2

    OK I am running through the read me procedure and will submit logs when completed.
     
    Walleyjig, Oct 8, 2010
    #2
  3. Walleyjig

    Walleyjig Private E-2

    Ok I found the key logger it is
    ~THE SZK~\Keygen.exe (RiskWare.Agent.CK) ->
    Any suggestions on its removal?
     
    Walleyjig, Oct 8, 2010
    #3
  4. Walleyjig

    Walleyjig Private E-2

    Yes I quarantined and removed the file from Malwarebytes.
     

    Attached Files:

    Walleyjig, Oct 8, 2010
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    If you are having problems with WOW, see this thread:
    WoW Account Hacked?

    Please Disable Spybot's TeaTimer --> Should have been done as per the R&R instructions!

    * Run Spybot and click Mode
    * Select Advanced Mode.
    * Then click Tools and select Resident.
    * Now in the right window pane, uncheck TeaTimer.
    * Also while this is open, in the left column now select IE Tweaks
    * and then in the right pane make sure all the Miscellaneous locks are unchecked.
    * Now quit Spybot!

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Now use windows explorer to find and delete:
    C:\User\cyberg\\AppData\Local\Temp\27341437.txt

    Now tell me what malware issues you may still be having, if any.
     
    TimW, Oct 9, 2010
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds