Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very Short HJT Log Inside


  • This topic is locked This topic is locked
3 replies to this topic

#1 Cauhauna

Cauhauna

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 23 February 2009 - 11:41 PM

Long story short:
1)I had a keylogger for sure
2)I tried to remove with HJT, failed.
3)I eventually removed it by deleting its two entries from registry, which allowed HJT to "fix", which allowed me to delete the files from the system.
4)They are no longer present in scan. Am I secure?

Complete log below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:04 PM, on 2/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 1196 bytes

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:17 PM

Posted 24 February 2009 - 06:04 AM

Hi,

Any reason why you don't have an Antivirus installed? How are you supposed to prevent malware?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Cauhauna

Cauhauna
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 24 February 2009 - 03:56 PM

Hi,

Any reason why you don't have an Antivirus installed? How are you supposed to prevent malware?



I don't really need antivirus. I don't run any files or download anything. This machine is (was) very secure.

The keylog came about because I accidentally launched the file (I knew it was infected).

Anyhow, thats not the issue.

Is there anything else I need to do to verify the box is now infection free? I'm not interested in any A/V or Firewall, as it hogs unnecessary resources.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:17 PM

Posted 24 February 2009 - 04:12 PM

This machine is (was) very secure.

Very secure without any Security software installed? An up to date Windows isn't enough though...

Is there anything else I need to do to verify the box is now infection free? I'm not interested in any A/V or Firewall, as it hogs unnecessary resources.

But you managed to get infected anyway?
The only way to verify if the box is malware free is to install an Antivirus and scan with it.

Also, please read this:
http://miekiemoes.blogspot.com/2008/08/i-d...use-i-have.html

I know perfectly what sites I can visit, what files I can download and where to stay away, but I still have an Antivirus installed to prevent drive by downloads via compromised legitimate websites, 0 day exploits etc etc... After all, better to have 50% protection than no protection at all.
We can only warn you and recommend to install an AV. After all, malware isn't the same anymore as a couple of years ago. It's a lot more nastier and damages + compromises much more.

If you don't want to secure your computer, then it's also your responsibility if you get infected and you should take care of your own problems. As I said, we can only warn you.

I don't think I have anything more to add here. Since you perfectly know what you are doing and don't need an Antivirus - then I assume you can deal with it as well ;-)

Edited by miekiemoes, 24 February 2009 - 04:12 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users