Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

apparent keylogger malware infection


  • This topic is locked This topic is locked

#1
BobLewiston

BobLewiston

    Member

  • Member
  • PipPip
  • 22 posts
A day or two ago AVAST! AntiVirus warned me I was attempting to access a dangerous website. (I don't remember what website it was.) I took the warning and didn't access the website.

Later I did a sweep with AVAST! It reported three malware infections. All 3 were of High severity and of the same type (Win32:Malware-gen).

Two of the infections were within two different copies I had of the GMER executable, one on my main disk ©, and the other on my backup disk (E). These two executables were not actually named gmer.exe because, in order to avoid being impregnated with malware by the forces of evil before these files were even downloaded, those parties who make these files available for download give them random names.

The third infection was in:

E:\System Volume Information\_restore {D18642E0-9885-4956-BEC4-09E7EF0136D4}\RP453\A0106921.EXE.

As this is a hidden directory, I was unaware of its existence on my backup disk. (I had originally obtained this disk drive from a friend.)

AVAST! successfully quarantined the two infected copies of the GMER executable, but said it could no longer find the third infected file.

I ran AVAST! again twice, Malwarebytes' Antimalware twice, and SUPERAntiMalware once, in all cases doing complete scans. No malware was found in any of these scans.

Now PC Tools Firewall Plus has just reported:

"Office Data Provider for WBEM

Office Data Provider for WBEM is attempting to monitor and/or intercept NetgearCUv2 MFC Application events. This hook monitors keystroke messages. The hook procedure is associated with all existing threads running in the same desktop as the calling thread.

Only allow this if you know the application is Safe."

(Netgear is my wireless network adapter.)

I of course didn’t allow the application to run.

Apparently I've got a malware infection, and it's a keylogger (in addition to God knows what else).

Any help available?
  • 0

Advertisements


#2
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

From the sounds of your post it seems like you are inquiring about receiving Malware assistance with your computer. Unfortunately you will need to create a new thread and post the required logs in this forum here: Malware Forum. Please make sure you follow the steps outlined in this thread here: START HERE. These self-help tools will help you clean up 70% of problems on your own. If you are still having problems after doing the steps, then please post the requested logs in THAT forum. If you are unable to run and/or post the required logs, then post that in your initial post in the topic you create in that forum.

Best of Luck.

Cheers,
SweetTech.
  • 0

#3
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Going to close this since you have posted the same topic at the following sites

http://forums.majorg...d.php?p=1495683
http://forums.malwar...mp;#entry260964
http://bytes.com/top...lware-infection
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP