Possible KeyLogger & SpyWare

M

memnoch_thedevil

Gawd
Joined
Jun 3, 2008
Messages
943
So I got a call from my bank today. They said my debit card had been "red flagged", and they had to ask me a question. They asked me if I had used my debit card for a site called freeuniformdating.com, and that a wrong CVC code had been used, which is why it was flagged.

I use my card online for most of my purchases, and bill pay etc...so I know my CVC code by heart, and have never heard of that site before either. I am assuming the worse that I have some kind of keylogger or spyware on my pc (hoping it's more random like a cc # generator)...so what is the absolute best way to go about checking to see if there's anything buried deep in my pc?

I am pretty frequent with just a couple of sites, and know enough not to download or hit links blindly, but I am married, and she's obsessed with FB like the rest of the world :mad: so it's possible that she downloaded something w/o knowing. I am currently running Spy bot S&D, Windows Defender, and AVG free as a start. Should I possibly boot into safe mode after downloading some other tools, and then rerun them?

Also, it seems my browser has also taken over showing me ads of recent site I visited, how do I clear that too? I ordered some flowers for Valentines day, and now every other page I open is florist ads lol...Do I just clear my cache for the browser for that?


Thanks for any info and help!









Also here's my hijack this log:



Code: 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:18:06 PM, on 2/9/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\Razer\Tarantula\razertra.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Users\McKims\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\DAP\DAP.EXE
C:\Users\McKims\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\McKims\Desktop\Trunk\D2NT\D2NT Manager.exe
C:\Users\McKims\Desktop\Trunk\D2NT\D2NT Manager.exe
C:\Program Files (x86)\Diablo II B\Game.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Users\McKims\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~2\DAP\DAPIEL~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O4 - HKLM\..\Run: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\speedbit video accelerator\sblsp.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: CLDTVHNService - Unknown owner - C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VideoAcceleratorService - SpeedBit Ltd. - C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 14674 bytes
 
Personally, when it comes down to CC security the only sure fire 100% way to know for sure is to wipe it!

Sure you can run all the tools under the sun an you probably will be clean, but there wil always be that little niggle at the back of you mind saying "are you absolutely 100% sure it`s clean?"

Obviously its your choice when it comes down to it, but I just like to know that there`s nothing on my neywork that can 'pass anything on'!
 
BigBadAl said:
Personally, when it comes down to CC security the only sure fire 100% way to know for sure is to wipe it!

Sure you can run all the tools under the sun an you probably will be clean, but there wil always be that little niggle at the back of you mind saying "are you absolutely 100% sure it`s clean?"

Obviously its your choice when it comes down to it, but I just like to know that there`s nothing on my neywork that can 'pass anything on'!
Click to expand...


Ya I had given that some thought as well...and I did partition my drive to at least make that process a little bit easier, but I really would like to try and avoid that route if possible, that's a lot of extra work, and getting everything back the way I had it is just such a pain lol...not to mention finding all of the drivers again, re-updating Windows, resinstalling and finding all of the various software and programs, god I hate it when I have to do that lol...

But you are correct, that is the only 100% sure fire way, unless it has spread to any of my networked drives, like my son or daughter's pc's in their rooms, or my partitioned drives that I keep our pictures and movies on etc...
 
That`s where my NAS comes into it`s own, everytime I`ve rebuilt my wifes laptop, sons PC or anything since I`ve had it, I`ve imaged said machine immediately, that way should the unthinkable happen, I`m straight back to the clean install with all the patches, software,settings and everything, it`s just so reassuring to know it`s there!:eek::eek:

Matter of fact, I`m just doing the wifes netbook as I type, WinXP Pro got 100 updates to get now.......:mad:

Sad I know, but that`s how we roll in our house baby!:D:D
 
BigBadAl said:
That`s where my NAS comes into it`s own, everytime I`ve rebuilt my wifes laptop, sons PC or anything since I`ve had it, I`ve imaged said machine immediately, that way should the unthinkable happen, I`m straight back to the clean install with all the patches, software,settings and everything, it`s just so reassuring to know it`s there!:eek::eek:

Matter of fact, I`m just doing the wifes netbook as I type, WinXP Pro got 100 updates to get now.......:mad:

Sad I know, but that`s how we roll in our house baby!:D:D
Click to expand...


lol...that's a little beyond what I know, I'd have to do some more research on it :p

I'm lacking in the know how of security and most things software/security related :p
 
I wouldn't trust AVG for protection. Uninstall it and use either Avast or MSE. Then download Malwarebytes and do a scan with it.
 
Ads based on websites you've visited recently isn't malware.. the ad networks use the cookies on your computer to show you more relevant ads.

I wouldn't immediately blame your computer for the credit card theft since they entered the wrong CV code then they didn't capture yours. Your number could have been leaked any number of ways and there's no real way to find out.

I would get setup with some good security software like others said, MSE for example. (Remember no security software is 100% safe it's just about being safER then others or not having any at all.)
 
Like adam30k said, it's actually more common to find credit card compromises in the physical world than online. The fact that they didn't have your CVV would lead me to believe that they didn't get it from a keylogger. If they captured you typing your card number, they'd probably capture the CVV too. The fact that they tried to use it online doesn't really tell you anything, as it's a good way for them to try to get something without needing an actual plastic card or exposing themselves if it does get caught as fraud (as opposed to physically walking into a store).


However, if you do find something on your PC...
10 Immutable Laws of Security
  1. If a bad guy can persuade you to run his program on your computer, it's not your computer anymore
  2. If a bad guy can alter the operating system on your computer, it's not your computer anymore
Click to expand...

Malware and cleaners have been going back and forth for a long time, with new ways of hiding and new ways of detecting. Most malware is like most common thieves - it's not the most sophisticated, it's just there to get a decent haul and get away with it. While they may have some defenses like multiple processes that restart each other and tricky ways of hiding, it's usually possible to find and remove them with one tool or another.

However, you could have the Ocean's Eleven of malware. Unless you can reverse-engineer the malware or view its source, there's no way to be sure of exactly what it has or hasn't done to your system (and remember that reverse-engineering it first requires you to find the entire malware package, which implies that you already know what it's doing). If someone wanted to, they could alter your filesystem drivers so that the malware's files never show up in any scan. They could alter your networking files so that its traffic never shows up. These sorts of things aren't likely simply due to the return on investment, but they are definitely possible.

If you have enough space, I'd recommend making a complete disk image to ensure that you don't lose any data. Then wipe the system and start over. The only way to be 100% sure there's nothing unwanted is to revert back to a known-good backup. If you have an image of your system, that's great, but for most people this ends up being a reinstall from the original media.

It sucks, but keep in mind that you may spend several hours digging around trying to fix the problems (with varying levels of success and certainty), when you can probably reinstall the OS and your apps in about the same time. It seems like there's always one thing you forget to backup, which is where the disk image comes in handy. Just make sure you're only copying data from it, not running its possibly-infected programs.
 
I was infected a few weeks ago when the forums java was exploited (or whatever the situation was). I did EVERYTHING under the sun with AV's, safemodes, antimalware, antispyware etc etc etc. I ended up having to format to totally get rid of it as it just kept coming back ( I didnt visit [H] when I knew what was going on, and it still kept coming back) I think the only true method is a format
 
For piece of mind, reinstall on the computer. Call the bank and tell them you want a new card issued. You won't have to worry about either things after you are done.
 
If it was really a keylogger then just formatting your PC is not enough. You need to

1) reformat all the PCs in your house
2) Change all passwords used in your house
3) change all passwords on all sites that mean anything to you. Bank, finances, loans, etc.
4) Do the same for all your wife's accounts/sites as well.
5) Change router password
6) Change your chat program type passwords
7) etc
 
Combo fix
Hitmanpro 3.5
Dr webcureit
Mbam
Superantispyware
Trojan remover
Tdsskiller
Gmer
Rooter
Malware finder
Nis2011
Karprasky bootable cd
Karpraskeyonline scan.
W32 remover
Aso

I normally run these and more on a customers pc when infected. Try some lol, they work nice. And with hit man pro if you hold left cntrl key and double click it, it does force breech mode which helps.
 
Mister Natural said:
I wouldn't trust AVG for protection. Uninstall it and use either Avast or MSE. Then download Malwarebytes and do a scan with it.
Click to expand...

I got rid of AVG a while back, it wasn`t so much a lack of trust as I`d never had a problem with it but more a performance/resource issue.

I got some AVG updates and it updated to the latest version, not sure if it was 2010 or 2011 (it was definitely AVG not that antivirus 2010/11).

After a while I noticed my laptop bogging down and task manager revealed no less that 9 different processes relating to AVG and more, up to 13 I think, at times.

I immediately looked for another solution and settled on Avast! swapped them in/out and I`ve never looked back.
 
You must log in or register to reply here.
Back
Top