Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Found XLDEF folder under Users Folder - keylogger?

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 1 posts
I manage a hotel in Los Angeles and recently hired an IT consultant. As he come recommended by an employee, I used him for installing and configuring security cameras.

Towards the end, he was very problematic and I ended up firing him. However, he had used my computer at times to test the internet links to the security cameras.

After he left, I found messages from Winpatrol that certain startup commands had been disabled, including WinPatrol. When I checked, I found a a folder under Users/{My User Account}
named XLDEF.

When I reviewed the folder, I found three VBS scripts, setup.vbs, start.vbs, and another. In addition, there were three DAT files. One had a very complex VB script. The other two files were compiled DAT files. In addition, there were over 580 files with random numbers and random extensions. When I checked some of these files, they contained only 1 entry, usually a character string starting with the leter K and a number after the K.

I have removed the entry in the registry, moved the files and directory off the hard drive, and made a copy. I am suspicious that this is a keylogger but nothing is detecting it. MSE did say it was suspicious and I sent it to them, but who knows how long it will take to find.

For obvious reasons, I have not uploaded it yet and will provide it to the right people for review.

  • 0


Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP