Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Keylogger in Message Base

Started by Dantin , Oct 07 2005 06:44 PM

  • Please log in to reply

#1
Dantin
Posted 07 October 2005 - 06:44 PM

Dantin

    New Member

  • Member
  • Pip
  • 1 posts
Hi I run a BBS and I did a thorough scan with all the prior instructions before posting. Although I used Spybot 1.4 instead of the one listed. That shouldn't be a problem right. Any way when I used Spyware Doctor I get a Keylogger detection. None of the other detecting programs pick up on it. Anyway according to the scan it says its imbedded in a message base for a League I'm in for IBBS Doorgames. Said something to the effect Win32: Keylogger no specific name. Looked in that file with a hex editor and all I see is 01 01 01 <- Which I believe terminates files according to some online documentation. Other than that the text translation is a Ascii character three of them in the form of boxes. Here are the logs of the scans:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:20:41 PM, 10/7/2005
+ Report-Checksum: C574CD28

+ Scan result:

:mozilla.17:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Stainless\Application Data\Mozilla\Firefox\Profiles\udnz9ehz.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Stainless\Local Settings\Temp\Cookies\stainless@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup


::Report End


and another:

Registry scan
No suspicious entries found
Inifile scan
No suspicious entries found
Port scan
No suspicious open ports found
Memory scan
No trojans found in memory
File scan
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BPSSpywareRemover.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CometCursors.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Startupfiledoesnotexist.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Wrongapppath.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Wrongapppath1.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Wrongapppath2.zip
Not scanning password-protected file sbRecovery.ini in C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Wrongapppath3.zip
Warning: Unable to unpack UPX-packed file C:\Documents and Settings\Stainless\Desktop\AdbeRdr70_enu_full.exe (Add to ignore list)
C:\hiberfil.sys Not scanned (in use by another application)
C:\pagefile.sys Not scanned (in use by another application)
Warning: Unable to unpack UPX-packed file C:\Program Files\TrojanHunter 4.2\InstTimeUpdater.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\$NtServicePackUninstall$\usbuhci.sys (Add to ignore list)
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\mscorrc.chs.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\mscorrc.cht.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\mscorrc.ger.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\mscorrc.kor.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\system.web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\system.xml.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\vbc7ui.chs.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\vbc7ui.cht.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\vbc7ui.ger.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\vbc7ui.kor.dll
Warning: Executable file with double extensions found: C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\mscorrc.chs.dll
Warning: Executable file with double extensions found: C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\mscorrc.cht.dll
Warning: Executable file with double extensions found: C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\mscorrc.ger.dll
Warning: Executable file with double extensions found: C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\mscorrc.kor.dll
Warning: Executable file with double extensions found: C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\system.web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\system.xml.dll
Warning: Executable file with double extensions found: C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\vbc7ui.chs.dll
Warning: Executable file with double extensions found: C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\vbc7ui.cht.dll
Warning: Executable file with double extensions found: C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\vbc7ui.ger.dll
Warning: Executable file with double extensions found: C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\vbc7ui.kor.dll
Warning: Unable to unpack UPX-packed file D:\SBBS\data\dirs\rnbbscom\dosboxqm.zip/d3dx9.dll (Add to ignore list)
Warning: Executable file with double extensions found: D:\SBBS\data\dirs\rnbbsdgs\SMURF120.ZIP/BNU188B.ZIP/LoFBC9HM.BNU.COM
Warning: Unable to unpack UPX-packed file D:\SBBS\data\dirs\rnwinuti\dosbox.zip/d3dx9.dll (Add to ignore list)
Warning: Executable file with double extensions found: D:\SBBS\data\dirs\rnbbsdgf\rn-free.zip/5tCiON.RCL.EXE
Warning: Executable file with double extensions found: D:\SBBS\data\dirs\rnbbsdgf\rn-free.zip/RN500B2.ZIP/oR1BjD5a.RCL.EXE
Warning: Executable file with double extensions found: D:\SBBS\baja\BBS Registered Stuff\regpit401.zip/RPIT401.ZIP/D3FvbA15.PIT.EXE
No trojan files found
17771 files scanned in 953 seconds

Finally HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 6:12:03 PM, on 10/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Documents and Settings\Stainless\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.co...earch_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autofix /waitstart
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Aventurer's Alley MUD.lnk = D:\SBBS\warpmud\startup.bat
O4 - Startup: DynDns Updater.lnk = C:\Program Files\DynDNS Updater\DynDNS.exe
O4 - Startup: Funeral Quest Server.lnk = C:\Program Files\FQServer\fqserver.exe
O4 - Startup: Radius Front Door Program.lnk = D:\SBBS\radius\radius.exe
O4 - Startup: Scorched Earth 2000 Startup.lnk = D:\SBBS\web\html\webgames\scorch\rs.bat
O4 - Startup: Synchronet Control Panel.lnk = D:\SBBS\exec\sbbsctrl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1128496431130
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing)
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks for any info you can provide. Also that runonce entry has been running everytime I reboot the computer. For some odd reason. :) But I know you guys can get me through this.. I'm hoping that this keylogger is an isolated event and hasn't spread anywhere. Possibly a false detection. :tazz: Better Safe than sorry.

Edited by Dantin, 07 October 2005 - 11:51 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP