Results 1 to 4 of 4

Thread: Tracks - Are they really innocuous?

  1. #1
    Junior Member
    Join Date
    Nov 2013
    Posts
    11

    Question Tracks - Are they really innocuous?

    My cousing was recently the victim of an "account takeover" at his financial institution. He was instructed to immediately run a virus scan on his computer, change all passwords, etc. We updated all of his spyware detection and anti-virus tools, ran the scans (several times each, just to be safe), and everything seems to be pretty good except for this one thing that gets "fixed" but then comes right back - MS DirectInput. Reading through the forum, it appears that this is dismissed as just "tracks" and nothing to worry about. However, if my cousin was the victim of a banking trojan and/or a keylogger, shouldn't he be worrying about this MS DirectInput? If not, can someone explain why not? When we researched banking trojans, the info was really disconcerting. It appears that newer strains are able to hide from malware detection programs pretty easily.

    So, is MS DirectInput showing up as Tracks really nothing to worry about?
    Short of a reformat and clean install (for which he can't find his software), how does he know that he's protected?
    Last edited by tashi; 2013-11-14 at 02:21. Reason: Moved from the Tavern

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,471

    Default

    Hello bjmcdow,
    Quote Originally Posted by bjmcdow View Post
    My cousing was recently the victim of an "account takeover" at his financial institution. He was instructed to immediately run a virus scan on his computer, change all passwords, etc. We updated all of his spyware detection and anti-virus tools, ran the scans (several times each, just to be safe), and everything seems to be pretty good except for this one thing that gets "fixed" but then comes right back - MS DirectInput. Reading through the forum, it appears that this is dismissed as just "tracks" and nothing to worry about. However, if my cousin was the victim of a banking trojan and/or a keylogger, shouldn't he be worrying about this MS DirectInput? If not, can someone explain why not? When we researched banking trojans, the info was really disconcerting. It appears that newer strains are able to hide from malware detection programs pretty easily.
    Which version of Spybot is your cousin using please and is there a reason he isn't making his own inquiry, or do you have access to his PC?

    http://msdn.microsoft.com/en-us/libr...=vs.85%29.aspx

    Kind regards,
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Nov 2013
    Posts
    11

    Default Tracks... and now a keylogger??

    Hi Tashi!

    My cousin was using my laptop. He is not very computer savvy so, since it is my laptop to begin with, he gave it back to me in frustration. I have spent the better part of the past two days troubleshooting this. I'd like to be able to use this machine without fear of having the same issues he had, particularly the issue he had with the bank account "takeover."

    I'm using Spybot 2.2 (Free edition) on the machine. It's an HP Pavillion laptop (Intel i5), 4GB RAM, with Windows 7 Home Premium, Service Pack 1. Here's what I've done so far...

    Deleted unused user accounts
    Updated Spybot to version 2.2, ran scans, applied fixes, applied immunization
    Updated Avast! to version 2014.9.0.2008, ran scans, applied fixes

    Spybot scans keep showing low threat stuff, including the tracks that prompted me to make my initial post. Since that post (and running several other programs), an additional concern has arisen. One of tools identified "PerfectKeylogger" (don't recall which one) and RogueKiller identified several registry entries that should be deleted (which I did).

    Additional tools used: Ran MalwareBytes, AdwCleaner, Junkware Removal Tool, and Rogue Killer.

    Registry entries of concern:

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]"DisableRegistryTools"=dword:00000000

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]"DisableTaskMgr"=dword:00000000

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=dword:00000001

    RogueKiller seems to have eradicated the problem registry keys, but how do I know if I'm really safe?

    Guidance appreciated!

    Bethany (bjmcdow)

    Quote Originally Posted by tashi View Post
    Hello bjmcdow,

    Which version of Spybot is your cousin using please and is there a reason he isn't making his own inquiry?

    http://msdn.microsoft.com/en-us/libr...=vs.85%29.aspx

    Kind regards,

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,471

    Default

    Hi bjmcdow,

    Thank you for the information.

    Quote Originally Posted by bjmcdow View Post
    One of tools identified "PerfectKeylogger" (don't recall which one)
    If you did not install a key logging program on the laptop, someone with physical access?

    It might be best if you start a topic in the Malware Removal Forum so someone can take a look at the system.

    If you choose to do that please see the forum FAQ which also includes instructions in post #2 on how to provide DDS and aswMBR logs, which are used in the preliminary analysis.

    http://forums.spybot.info/showthread.php?t=288

    From the sticky,
    "If one has already run tools/fixes before posting please inform your helper, so that s/he is aware changes may have been made to the system and why. Running fixes before being assisted can destroy evidence in an infection, leaving the malware difficult to detect."

    For that reason please provide a link back to this thread so that our volunteer analysts know the background.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •