Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not-a-virus.monitor.win32.keykey.121


  • Please log in to reply
4 replies to this topic

#1 Bogus Exception

Bogus Exception

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 29 March 2008 - 08:42 PM

I scanned with AVG, and it found Not-A-Virus.Monitor.Win32.KeyKey.121 multiple times.

Is it a trojan? A dialer? A trojan dialer?

Running WinXP, I'm curious if anyone has had the same problem? It comes up in google, but resolution is non-descript, and I've seen posts saying it will come back after reboot.

I have well over 1 million files to scan, so AVG takes a LONG time to go through everything. I'd like to have advice before going through the very timely process of re-verifying re-installation.

And on the academic side, what exactly does this infection do? Do I need to change all my online passwords, etc.?

TIA!

Bogus Exception

BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:56 PM

Posted 30 March 2008 - 08:01 AM

Did AVG provide a specific file name associated with this malware threat and if so, where is it located (full file path) at on your system?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Bogus Exception

Bogus Exception
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 30 March 2008 - 10:11 AM

quietman7,

I was using the free version, which never appeared to actually do anything.

Like an idiot, I sent them feedback with the logs (viewable from inside the app), and didn't copy the logs to a file. Then I deleted the app, deciding to buy Spy Sweeper. Weird thing is, Spy Sweeper is still stopping my computer from accessing a bunch of websites, in alphabetical order. It goes through the list, and starts over.

Like:

[...]
4softget.com
a.flashpoint.bm
a.targetsaver.com
a7p7.com
about-blank.biz
[...]

It just kept going, as if from an ordered list. I do have my hosts file appended by the bad sites list from www.mvps.org (winhelp2002), but that list is not in alphabetical. It looks more like this:

[...]
127.0.0.1 community.adlandpro.com #[Ad-Aware Tracking.Cookie]
127.0.0.1 pk.adlandpro.com
127.0.0.1 te.adlandpro.com #[eTrust.Tracking.Cookie]
127.0.0.1 trafficex.adlandpro.com
127.0.0.1 www.adlandpro.com #[Ad-Aware Tracking.Cookie]
127.0.0.1 engine.adland.ru #[eTrust.Tracking.Cookie]
127.0.0.1 publicidad.adlead.com
[...]

I know this isn't part of the original question, and that I have gotten rid of AVG, which makes the original symptom harder to deal with. Sorry about that. But was/is the not-a-virus.monitor.win32.keykey.121 trying to get to these sites?

I read an obscure thread saying that the Dell Support software can do this, so I uninstalled all the Dell stuff from the laptop. That made no difference. Spy Sweeper claims I have nothing bad. But as I write this, Spy Sweeper stopped my box from going to GATORCME.GATOR.COM.

I'm sure these are related, but I can't find a definition for exacly what not-a-virus.monitor.win32.keykey.121 is!

Any ideas? Why can't I find a spyware killer that can identify and kill this critter?

Many thanks in advance!

Bogus Exception

#4 Bogus Exception

Bogus Exception
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 30 March 2008 - 10:45 AM

I have Zone Alarm, full Internet suite, and it found an infection 2 days ago (2 of them), but there is absolutely no information in the log or the GUI. I deleted them from the quarantine area, but of course this does no good.

Zone Alarm doesn't find anything either, when told to do a spyware scan.

Just saw Spy Sweeper stop my computer from accessing newoutserv.com. And the log looks liek this:

[...]
11:37 AM: The Internet Communication shield has blocked access to: NEWOUTSERV.COM
11:37 AM: The Internet Communication shield has blocked access to: NEWOUTSERV.COM
11:37 AM: The Internet Communication shield has blocked access to: NEWOUTSERV.COM
11:37 AM: The Internet Communication shield has blocked access to: NEWADS2.COM
11:37 AM: The Internet Communication shield has blocked access to: NEWADS2.COM
11:37 AM: The Internet Communication shield has blocked access to: NEWADS2.COM
11:37 AM: The Internet Communication shield has blocked access to: NEWADS1.COM
11:37 AM: The Internet Communication shield has blocked access to: NEWADS1.COM
11:37 AM: The Internet Communication shield has blocked access to: NEWADS1.COM

[...]

I've sent reports to Spy Sweeper, no response yet. This is so obvious, so blatant and easy to see, that I'm sure someone has seen this before, right?

Is there a better spyware program out there? I mean, SS is 1/2 way there by seeing it, but is failing to close the deal by deleting it.

Any suggestions? If ZA, SS and SVG can't fix this, who/what can?

TIA!

Bogus Exception

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:56 PM

Posted 30 March 2008 - 11:36 AM

Not-A-Virus.Monitor.Win32.KeyKey.121 could refer to such files as kkey.zip, keykey.exe which are related to keylogging programs that monitor your activity. See http://www.symantec.com/security_response/...-99&tabid=2

Keylogging programs can be legitimate but their related files are often detected by anti-virus or anti-malware scans as a "RiskTool", "Hacking tool, "Potentially unwanted tool" or even a "Trojan". These types of programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. Potentially unwanted does not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus and anti-malware utilities cannot cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

If you did not install this program, is it possible that your parents or another member of your family installed it?

If no one claims responsibility for installing the software, you should consider the computer compromised. If it was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums. They should be changed by using a different computer and not the one where the keylogger was installed. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat and reinstall the OS. Please read "When should I re-format? How should I reinstall?"

If you do a search of your HOSTS file list from www.mvps.org, you will find those entries stopped by SpySweeper to be included but they are not in alphabetical order.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users