sckeylogger not being removed

[kieranmullen]

Hello, my scan detected a keylogger and then fixed it however I looked at the directory via the command line (lest I expose myself to opening the virus program etc...) and it was still there.

I guess the next step is to scan using safe mode? Although I had no problems running the scan normally.

When I ran the scanner a second time it didnt find anything yet the file was still there in the command line.

I tried to remove via the command line and it said access was denied. When I ran superantispyware nothing was detected. (I have always used S&D and dont know if the other program is just junk)

Thank you

KieranMullen

 

[kieranmullen]

I had a url to a screenshot image posted? What is the best way to post those?

img.drlinky.com/preview/213/keylogger.GIF

KM

 

[Blade81]

Hi

Did you already try to delete the file in safe mode?

You could post a hjt log since there may be something that Spybot didn't detect.

Download and install TrendMicro HijackThis
* Once installed open HijackThis by clicking Start > Programs > HijackThis and click the button labeled
Do a system scan only

* Click the scan button in the lower left hand corner of the interface and HijackThis will quickly scan your system.
* Once the scan is complete the scan button will now read save log. Click this button to save the log file to your PC. Once you select where you would like to save the file it will open in your systems default text editor. Typically this application is Notepad. Post the log here.

 

[kieranmullen]

Log is here.

I did a scan today and it didnt show up this time. Hwoever viruses keep appearing in the IE5 temp folder and I always use firefox. Something is very odd with this computer.

http://clip.drlinky.com/103231

Thank you

KM

 

[Blade81]

Download
SDFix
and save it to your desktop. (If you can't download with this computer try to get it downloaded on some other one.)

Please then reboot your computer in Safe Mode by doing the
following :

• Restart your computer
• After hearing your computer beep once during startup, but before the
  Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press
  Enter
  .
• Choose your usual account.

• In Safe Mode, double click the SDFix.exe file. Click Install in appearing window,
• Open the extracted folder and double click RunThis.bat to
  start the script.
• Type Y to begin the script.
• It will remove the Trojan Services then make some repairs to the
  registry and prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• Your system will take longer that normal to restart as the fixtool
  will be running and removing files.
• When the desktop loads the Fixtool will complete the removal and
  display Finished, then press any key to end the script and load
  your desktop icons.
• Finally open the SDFix folder on your desktop and copy and paste the
  contents of the results file Report.txt back onto the forum with
  a new HijackThis log (post the logs into this topic to keep them in one place )

 

[kieranmullen]

Thank you I will do that later tonight. What did you see was running from the HJ log?

KM

 

[Blade81]

Troj/Agent-GJC seems to be there at least.

 

[Blade81]

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.