007 Spy Software

[KJWilson]

This was reported on my last scan - HKEY_CLASSES_ROOT\Interface\{55C904F2-85EB-4982-BF62-C97108367B3A}. The information listed on that key is Name (Default); Type REG_SZ; Data clsSendMail. There are 3 subfolders: Forward, ProxyStubClsid and ProxyStubClsid32. The subfolders contain the same Name & Type information but have different Data. I can not determine what program installed the keys. Should I go ahead and remove the keys? I can not find anything in the forums that tell me what 007 Spy Software is or what type/how much of threat it is. By the way, I did find other helpful information on the forums, thank you for that.

[Sword]

it is a keylogger :D

[KJWilson]

Thank you Sword. OK, it is a keylogger. Can you add any information? Does the Data clsSendMail mean my keystrokes are being mailed somewhere? Is there a way to find which application installed the keys so I can delete that program? I have noticed alerts that say "logitech is trying to monitor your keyboard strokes" and I think there was one when I was working in FrontPage that was similar. Do you think one of those programs may be the culprit? Thanks for any help.

[tashi]

Hello KJWilson.

• Open SpyBot, check for and get any updates available,
• Close all browsers, check for problems and fix everything found in red
• Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except
  
• Uncheck[ ] do not report disabled or known legitimate Items.
• uncheck[ ] Include a list of services in report.
• Uncheck[ ] Include uninstall list in report.
  
• Now select (near the top) view report.
• Press export in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report please.

[KJWilson]

tashi, after viewing my logs, can you remove them? I don't know that it is "safe" to have all my system stuff exposed??

[tashi]

Hi there.
I removed your log as per your request.

However if it is of any reassurance, logs of many types are posted at all help support sites.
For instance see our malware removal forum:
Malware Forum
It is the only way we can check the system for problems.

[KJWilson]

Thank you for removing the log. I guess I should have written if it isn't safe to then remove? If it will help anyone else, you may repost the log. Can you tell from the log which program set the keylogger or how it got into the registry? Tashi, I would like to tell you again I appreciate your help.

[tashi]

Hi.

I have asked a helper to take a look at the log and respond to you here with his findings.

Cheers.

[LonnyRJones]

Hi

I see you let SSD fix it, Good.
007 Spy Software: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{55C904F2-85EB-4982-BF62-C97108367B3A}

Delete this run with your startup manager program or SpyBots tools > system startup
command: wjview /cp "C:\Program Files\MyPointsPointAlert\System\Code" Main lp: "C:\Program Files\MyPointsPointAlert"
file: C:\WINDOWS\system32\wjview.exe
Manualy delete the MyPointsPointAlert folder, do not delete wjview

[KJWilson]

I followed your instructions. Hope my system is more secure now. Thank you for your assistance.