Tracks - Are they really innocuous?
My cousing was recently the victim of an "account takeover" at his financial institution. He was instructed to immediately run a virus scan on his computer, change all passwords, etc. We updated all of his spyware detection and anti-virus tools, ran the scans (several times each, just to be safe), and everything seems to be pretty good except for this one thing that gets "fixed" but then comes right back - MS DirectInput. Reading through the forum, it appears that this is dismissed as just "tracks" and nothing to worry about. However, if my cousin was the victim of a banking trojan and/or a keylogger, shouldn't he be worrying about this MS DirectInput? If not, can someone explain why not? When we researched banking trojans, the info was really disconcerting. It appears that newer strains are able to hide from malware detection programs pretty easily.
So, is MS DirectInput showing up as Tracks really nothing to worry about?
Short of a reformat and clean install (for which he can't find his software), how does he know that he's protected?
Tracks... and now a keylogger??
Hi Tashi!
My cousin was using my laptop. He is not very computer savvy so, since it is my laptop to begin with, he gave it back to me in frustration. I have spent the better part of the past two days troubleshooting this. I'd like to be able to use this machine without fear of having the same issues he had, particularly the issue he had with the bank account "takeover."
I'm using Spybot 2.2 (Free edition) on the machine. It's an HP Pavillion laptop (Intel i5), 4GB RAM, with Windows 7 Home Premium, Service Pack 1. Here's what I've done so far...
Deleted unused user accounts
Updated Spybot to version 2.2, ran scans, applied fixes, applied immunization
Updated Avast! to version 2014.9.0.2008, ran scans, applied fixes
Spybot scans keep showing low threat stuff, including the tracks that prompted me to make my initial post. Since that post (and running several other programs), an additional concern has arisen. One of tools identified "PerfectKeylogger" (don't recall which one) and RogueKiller identified several registry entries that should be deleted (which I did).
Additional tools used: Ran MalwareBytes, AdwCleaner, Junkware Removal Tool, and Rogue Killer.
Registry entries of concern:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]"DisableRegistryTools"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]"DisableTaskMgr"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=dword:00000001
RogueKiller seems to have eradicated the problem registry keys, but how do I know if I'm really safe?
Guidance appreciated!
Bethany (bjmcdow)
Quote:
Originally Posted by
tashi