PDA

View Full Version : sckeylogger not being removed



kieranmullen
2007-12-28, 23:29
Hello, my scan detected a keylogger and then fixed it however I looked at the directory via the command line (lest I expose myself to opening the virus program etc...) and it was still there.

I guess the next step is to scan using safe mode? Although I had no problems running the scan normally.

When I ran the scanner a second time it didnt find anything yet the file was still there in the command line.

I tried to remove via the command line and it said access was denied. When I ran superantispyware nothing was detected. (I have always used S&D and dont know if the other program is just junk)

http://img.drlinky.com/preview/213/keylogger.GIF

Thank you

KieranMullen

kieranmullen
2007-12-28, 23:30
I had a url to a screenshot image posted? What is the best way to post those?

img.drlinky.com/preview/213/keylogger.GIF

KM

Blade81
2008-01-02, 08:17
Hi

Did you already try to delete the file in safe mode?

You could post a hjt log since there may be something that Spybot didn't detect.

Download and install TrendMicro HijackThis (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe)
* Once installed open HijackThis by clicking Start > Programs > HijackThis and click the button labeled
Do a system scan only

* Click the scan button in the lower left hand corner of the interface and HijackThis will quickly scan your system.
* Once the scan is complete the scan button will now read save log. Click this button to save the log file to your PC. Once you select where you would like to save the file it will open in your systems default text editor. Typically this application is Notepad. Post the log here.

kieranmullen
2008-01-02, 08:23
Log is here.

I did a scan today and it didnt show up this time. Hwoever viruses keep appearing in the IE5 temp folder and I always use firefox. Something is very odd with this computer.

http://clip.drlinky.com/103231

Thank you

KM

Blade81
2008-01-02, 08:32
Download
SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe)
and save it to your desktop. (If you can't download with this computer try to get it downloaded on some other one.)

Please then reboot your computer in Safe Mode by doing the
following :
Restart your computer
After hearing your computer beep once during startup, but before the
Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press
Enter
.
Choose your usual account.

In Safe Mode, double click the SDFix.exe file. Click Install in appearing window,
Open the extracted folder and double click RunThis.bat to
start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the
registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool
will be running and removing files.
When the desktop loads the Fixtool will complete the removal and
display Finished, then press any key to end the script and load
your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the
contents of the results file Report.txt back onto the forum with
a new HijackThis log (post the logs into this topic to keep them in one place :))

kieranmullen
2008-01-02, 08:57
Thank you I will do that later tonight. What did you see was running from the HJ log?

KM

Blade81
2008-01-02, 09:06
Troj/Agent-GJC (http://www.sophos.com/security/analyses/trojagentgjc.html) seems to be there at least.

Blade81
2008-01-08, 17:59
Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.