Transcriptionist Getting a Lot of Firewall Messages about a Keylogger

Hi, there. Ever since I installed (and uninstalled after it didn't do jack for me) iTunes Agent on my desktop computer, I have been getting a lot of firewall messages asking permission for this mysterious "M" to perform various things on my computer. I obviously can't find anything on it in Google because--well, you can't look up the letter M and get any meaningful results.

At the same time, I started getting warnings from my firewall about a keylogger. I got this warning also whenever I ran iTunes Agent and it went to open iTunes. At the time, I figured, "Oh, it's just one of those false positive thingies," and clicked "allow" without clicking "remember my decision" or "trust this program." You know, playing it as safe as I could. When I uninstalled iTunes Agent, my computer went nuts with all kinds of alarms and warnings about malware. I didn't write them down (dammit) because the only thing on my mind was getting that software off my computer. But, now, I've got this keylogger on my computer and this mysterious "M" that gives me the willies.

The keylogger is obviously my greatest concern as a transcriptionist. That is not a cool thing when one is working with people's private medical records. That M thing could very well be nothing, but I figure now that I'm getting this keylogger warning more and more that it's about time to turn in logs. Hope they can tell you something!

 

Here's my MGTools log. I'm sorry I didn't say thank you in my last post. It used to say that in my signature!

Thanks for any and all help, folks. :grouphug

 

Not trying to bump my thread, but there have been new developments that I think are extremely relevant and are why I now only check for replies from my laptop:

1. After I posted my logs for my desktop to your forum, I went to your list of firewalls and downloaded the one labeled "pick" (i.e., PC Tools Plus). I then downloaded it and uninstalled Online Armor. When I went to install PC Tools, it said I had another firewall, AVG Firewall, running on my computer. Thing is, I uninstalled AVG Pro back in May when my license expired. But, I opened RegSeeker and searched the registry for occurrences of AVG Firewall. It found 3, so I deleted them. Then, I ran CCleaner and its registry cleaner and tried to install PC Tools again. It said the same thing. I decided, chuck it, I was going to install it anyway because it had said at the beginning of the installation that it would shut down all other firewalls on my system when I installed it.

2. Yesterday (Wednesday), I booted my computer up because I knew there had been a major Microsoft security update and I thought it couldn't hurt to put that on after everything that happened. As per usual (something I forgot to mention in my original post), the automatic update shield didn't come up with a notice that there were updates available. (It used to only come up to say updates were ready to install after I'd gone to the update site and gone through the on-site update process and begun to install the high-priority updates.) So, as usual, I went to the start menu and clicked on Microsoft Update. One small difference: I got taken to the "Welcome to Microsoft Update! Click here to start using Microsoft Update" page. I remember this happening to me once before, but I know it's not supposed to because I had been using automatic updates and Windows Genuine Advantage all along.

3. I tried to access the web to check for a response from my team leader to my e-mail regarding my computer situation. I got nothing but a blank white page when I opened Firefox.

4. I decided, just for kicks, to take a gander at my Combofix log, worried that I'd get told again I was being obnoxious sending in clean logs. I saw that it had 3 AVG components on it, even though I had uninstalled AVG back in May.

Folks, something is definitely wrong. I am NOT imagining this. Please...help me.

And, I should also mention, as long as I am without these computers, I am out of work and my company is VERY unhappy with me...and they already were.

Thanks muchly!:wave

 

Done!

The company techs are going to kill me because they have to reinsert the voice servers, etc. back into my host file again....
:duck

It's legit. It's part of the Dictaphone/Word Client/EXText Client software I use for my job. Not sure why that part's called iChart, but it is. That software has so many different names for it it's pathetic. (Oh, and...I didn't just say that because I'm not supposed to say anything to do with anything about anything within the company. But, you know, they are only responsible for problems with their own software. If we have problems with our "equipment," we have to get it fixed somewhere else. But, nobody can know anything about anything to do with anything about the company unless he or she is an employee. Uh-huh.)
rolleyes

Success!

Well, I was able to do all this, update Firefox, and update NoScript. I wasn't able to do MS update before we did this, but let me try it now. That Worm thingie we removed with HJT kinda makes me wonder if that was what was preventing me from getting the updates. If so, I just wasted MS support's time.... (I just sent them a diagnostic and support request via their web site because of my inability to get updates either way.)

I'm sorry I can't seem to tell the difference between software and malware problems. Maybe someone can explain the difference to me privately so I cause you all less irritation in the future? I'm not stupid; I just have an innate aptitude in some things and a need for repeated hands-on experience in others.

Thanks,

 

They're in my laptop's host file, too, so I'm guessing you're correct. I don't know much about what goes in the host files. All I know is these are the EXText servers settings:

General Tab
Server Connection Settings:
Server name = xxx.xxx.xxx.xxx
Protocol = ncacn_ip_tcp

Voice Server Settings Tab
Use local settings is selected:
Protocol = ncacn_ip_tcp
Address = xxx.xxx.xxx.xxx

Does that help? It's all Greek to me! :confused

I just realized: I/We have a piece of software called "Host Selector" that changes the host settings for each client in Word Client as needed if we switch from our primary to our secondary accounts depending on workload. So, the above servers probably aren't always the same. I don't know. Again, it's all Greek to me. You probably know how these things work better than I. There's a guy at your site who told me he works in hospitals...can't think of his name...OH! BJGarrick! He probably knows how this kind of setup works if you don't. I hope that didn't sound insulting. It's not meant to be.

Thanks still more,

 

Oh, and tried Java update, it didn't work, so clicked on link to see "possible solutions." The recommended deleting entire Java folder in programs folder and then restarting my computer and downloading the new version of Java afresh.

We-he-helll...

My little Windows Update shield came right up as soon as my wireless connection did! And, once that was done, I tried downloading the new version of Java and running it and...you'll never guess!

IT INSTALLED SUCCESSFULLY!!!

So, I think we're good to go, here. Let me know what you think after you read my last reply. I gotta go nightie-night.
:wave
Thank you SOOOOO MUCH!

Oh, and let me know when it's safe to run the registry part of CCleaner, now that I've uninstalled and installed some programs.

 

Okay, about the hosts thing, yeah. everything works except logging into Word Client. Host selector works, VPN works, but Word Client tells me EXT Server's not available. So, is fixing the host file something I have to go to them for, I take it? You can't tell me how to put those 2 entries back in there?

Thanks,

 

URGENT! NEED TO DELETE (INFO IN) 1 OF MY REPLIES Re: Transcriptionist Getting....

Also, I need to delete at least one of my posts (the one with the server addresses), so the info isn't visible to others' eyes. I didn't think of that when I posted that reply. Baaad, bad idea. The forum was letting me edit my posts, but all of the sudden I couldn't edit my most recent 2.
:confused
I haven't gotten anymore replies from you, and I've really got to deal with this. Did I offend you in some way? I didn't mean to. I'm sorry if I did.
:-o
Thanks,
C

 

This computer has died Re: Transcriptionist Getting...

I believe it was some variation of vundo, since the following symptoms occurred in rapid succession immediately after reconnecting the Internet after closing Avast!antivirus when I walked in and saw that it had come up with "0 infected files" other than those it couldn't scan because they were locked or whatever other reasons it gave:

1. The Internet connection showed as "Very Good," when it always comes up as "Excellent," so I moved the antenna around, whereupon it went down to "Good," so I decided to attempt to repair it because that had been helping a lot on my laptop lately. When I did it on this computer, it took it down to "Low."

2. Thinking the problem might be an aging wireless card, I restarted the computer to see whether or not that would make a difference, figuring if it didn't it was indeed the wireless card. Well...when I restarted it, I didn't get ANYthing. Nothing onscreen at ALL. Not even the pre-Windows info. I tried once more, hoping I could go into Safe Mode, but it didn't even give me the opportunity to do that. Worse yet, the orange light indicating hard drive activity stopped soon after I gave up tapping the F8 button.

I'm thinking EEK.

I've called my local guy. I'm hoping if we use my Windows disk, we can keep it alive long enough to recover my data. Otherwise, we'll have to go back to all that I had back when I had an 80GB drive. I have some stuff on DVD, but not the major stuff. *sigh*