Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Perfect Keylogger


  • Please log in to reply
3 replies to this topic

#1 Gunningm2

Gunningm2

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 12 April 2009 - 01:24 PM

OKay so i have bitdefender 2009, it has found 18 infections every time its rana scan for the last week, its the same 18 infections every time and it always says that no action is possible.

Here is the list of infections:

Object Name Threat Name Final Status
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP172\a0113829.exe=](RAR Sfx o)=]svchots.exe=](Quarantine-PE) Application.Keylog.Perfect.S Infected (no action was possible, file was in an archive)
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP185\a0122082.exe=](RAR Sfx o)=]svchots.exe=](Quarantine-PE) Application.Keylog.Perfect.S Infected (no action was possible, file was in an archive)
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP196\a0126835.exe=](RAR Sfx o)=]svchots.exe=](Quarantine-PE) Application.Keylog.Perfect.S Infected (no action was possible, file was in an archive)
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0128021.exe=](RAR Sfx o)=]svchots.exe=](Quarantine-PE) Application.Keylog.Perfect.S Infected (no action was possible, file was in an archive)
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0129012.exe=](RAR Sfx o)=]svchots.exe=](Quarantine-PE) Application.Keylog.Perfect.S Infected (no action was possible, file was in an archive)
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP229\A0145994.exe=](RAR Sfx o)=]svchots.exe=](Quarantine-PE) Application.Keylog.Perfect.S Infected (no action was possible, file was in an archive)
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP172\a0113829.exe=](RAR Sfx o)=]rinst.exe Spyware.Perflogger.CB Infected (no action was possible, file was in an archive)
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP185\a0122082.exe=](RAR Sfx o)=]rinst.exe Spyware.Perflogger.CB Infected (no action was possible, file was in an archive)
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP196\a0126835.exe=](RAR Sfx o)=]rinst.exe Spyware.Perflogger.CB Infected (no action was possible, file was in an archive)
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0128021.exe=](RAR Sfx o)=]rinst.exe Spyware.Perflogger.CB Infected (no action was possible, file was in an archive)
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0129012.exe=](RAR Sfx o)=]rinst.exe Spyware.Perflogger.CB Infected (no action was possible, file was in an archive)
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP229\A0145994.exe=](RAR Sfx o)=]rinst.exe Spyware.Perflogger.CB Infected (no action was possible, file was in an archive)
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP172\a0113829.exe=](RAR Sfx o)=]svchotshk.dll=](Quarantine-PE) Trojan.Peflog.CB Infected (no action was possible, file was in an archive)
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP185\a0122082.exe=](RAR Sfx o)=]svchotshk.dll=](Quarantine-PE) Trojan.Peflog.CB Infected (no action was possible, file was in an archive)
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP196\a0126835.exe=](RAR Sfx o)=]svchotshk.dll=](Quarantine-PE) Trojan.Peflog.CB Infected (no action was possible, file was in an archive)
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0128021.exe=](RAR Sfx o)=]svchotshk.dll=](Quarantine-PE) Trojan.Peflog.CB Infected (no action was possible, file was in an archive)
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP202\A0129012.exe=](RAR Sfx o)=]svchotshk.dll=](Quarantine-PE) Trojan.Peflog.CB Infected (no action was possible, file was in an archive)
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP229\A0145994.exe=](RAR Sfx o)=]svchotshk.dll=](Quarantine-PE) Trojan.Peflog.CB Infected (no action was possible, file was in an archive)

Now i've looked these up and it seems that its something called a perfect keylogger, i had never heard of one before. I downloaded PC tools spyware doctor and it found the same infections and removed them, i even found some files on the computer associated with these perfect keyloggers including bpk.exe.. these have all been removed by Spyware Doctor but when i run bit defender it still finds the same 18 infections, i thought i had got rid of them but i cant seem to.

I have ran super anti spyware, malwarebytes, bit defender, spyware doctor, combo fix and counter spy.

the only ones that find anything are bit defender and spyware doctor.

can anyone help me romove this from my computer.

Thanks in advance

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:06:09 PM

Posted 12 April 2009 - 02:21 PM

Run a full scan with MBAM after updating it

Post the whole log please

C:\System Volume Information\_restore


means system restore, but let's see if MBAM sees them there also
Chewy

No. Try not. Do... or do not. There is no try.

#3 Gunningm2

Gunningm2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 12 April 2009 - 06:23 PM

cheers for the help, got it sorted though

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,556 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:09 PM

Posted 12 April 2009 - 09:29 PM

Perfect Keylogger is a commercial keylogger. It records all user keystrokes including passwords, takes screenshots, tracks user activity in the Internet, captures chat conversations and e-mail messages. Perfect Keylogger can be remotely controlled. It can send gathered data to a configurable e-mail address or upload it on a predefined FTP server. The keylogger must be manually installed. It runs on every Windows startup.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users