Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with a Keylogger


  • This topic is locked This topic is locked
15 replies to this topic

#1 mdo5006

mdo5006

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 16 April 2009 - 05:08 PM

Hello everyone,

This morning I was unfortunately informed by my World of Warcraft colleagues that my characters were logging on and off in and erratic fashion around 7:30 A.M. Unfortunately, I didn't stop them in time from wiping my characters clean. I called Blizzard to talk with them and they notified me that my email was most likely compromised too. I checked my GMail, and sure enough there was a login from 123.182.15.82, originating from the Asian Pacific according to Who.is. I immediately changed my passwords on a different computer and went back to the WoW computer to begin scans. After running AVG Free, Spybot, and Malware Bytes, nothing could be found. As a last resort, I opened up a command line and started running netstat to monitor the connections. Whenever I ran WoW or Firefox, I started noticing random addresses monitoring port 3724, which is what WoW uses as its main TCP port. I started punching these addresses into Who.is, noticing several of them were also from the Asian Pacific. I'm not sure where this keylogger came from, but I'm seriously concerned about using my computer to enter sensitive information now. I'm out of ideas and can't do anything but watch the connections come and go on netstat. Any and all help that can be offered will be tremendously appreciated.

Matt

DDS (Ver_09-03-16.01) - NTFSx86
Run by Matt at 17:58:16.14 on Thu 04/16/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.432 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\mspaint.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\Matt\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AOL Search Enhancement: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - AOLSearchHook Class
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - Viewpoint Toolbar BHO
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.8.0\IEViewBar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\matt\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgetEngine.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: trymedia.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://extraweb-americas.ey.com/home/extraweb/iNotes6.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164838277187
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177566796580
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\matt\applic~1\mozilla\firefox\profiles\g97pqo05.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\documents and settings\matt\application data\mozilla\firefox\profiles\g97pqo05.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-16 325640]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-16 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-16 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-16 298264]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-9-12 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-11-15 47640]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2005-12-15 28800]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2005-12-15 217472]
S2 gupdate1c9b98624666e7e;Google Update Service (gupdate1c9b98624666e7e);c:\program files\google\update\GoogleUpdate.exe [2009-4-9 133104]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-11-19 280344]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-04-16 17:54 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-16 17:11 <DIR> --d----- C:\hjt
2009-04-16 16:20 <DIR> --d----- c:\docume~1\matt\applic~1\Malwarebytes
2009-04-16 16:20 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-16 16:20 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-16 16:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-16 16:20 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-15 02:00 <DIR> --d----- c:\program files\common files\xing shared
2009-04-12 00:19 <DIR> --d----- c:\program files\common files\DivX Shared
2009-04-11 23:45 <DIR> --d----- c:\program files\Combined Community Codec Pack

==================== Find3M ====================

2009-04-16 17:54 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-16 17:54 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-15 02:00 499,712 a------- c:\windows\system32\msvcp71.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2007-02-12 19:10 2,682,880 -------- c:\documents and settings\all users\VCREDI~3.EXE
2003-05-21 13:28 4,815,360 a------- c:\documents and settings\matt\Setup.exe
2008-05-14 16:08 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051420080515\index.dat

============= FINISH: 17:58:47.39 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:06:57 AM

Posted 01 May 2009 - 10:19 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 mdo5006

mdo5006
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 02 May 2009 - 12:39 PM

Thank you very much for your reply. The requested information is posted.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Matt at 13:37:43.21 on Sat 05/02/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.305 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Matt\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AOL Search Enhancement: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - AOLSearchHook Class
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.9.0\ViewBarBHO.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.9.0\IEViewBar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\matt\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgetEngine.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: trymedia.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://extraweb-americas.ey.com/home/extraweb/iNotes6.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164838277187
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177566796580
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\matt\applic~1\mozilla\firefox\profiles\g97pqo05.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\documents and settings\matt\application data\mozilla\firefox\profiles\g97pqo05.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-16 325896]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-16 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-16 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-16 298264]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-9-12 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-11-15 47640]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2005-12-15 28800]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2005-12-15 217472]
S2 gupdate1c9b98624666e7e;Google Update Service (gupdate1c9b98624666e7e);c:\program files\google\update\GoogleUpdate.exe [2009-4-9 133104]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-11-19 280344]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-04-16 22:15 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-16 22:15 35,328 -c------ c:\windows\system32\dllcache\sc.exe
2009-04-16 22:15 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-16 22:15 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-16 22:15 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-16 22:14 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 22:14 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 22:14 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 22:14 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-16 22:14 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-16 22:10 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 22:10 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 22:10 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-16 17:54 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-16 17:11 <DIR> --d----- C:\hjt
2009-04-16 16:20 <DIR> --d----- c:\docume~1\matt\applic~1\Malwarebytes
2009-04-16 16:20 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-16 16:20 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-16 16:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-16 16:20 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-15 02:00 <DIR> --d----- c:\program files\common files\xing shared
2009-04-12 00:19 <DIR> --d----- c:\program files\common files\DivX Shared
2009-04-11 23:45 <DIR> --d----- c:\program files\Combined Community Codec Pack

==================== Find3M ====================

2009-05-02 08:43 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-02 08:43 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-15 02:00 499,712 a------- c:\windows\system32\msvcp71.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 14:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 06:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll
2007-02-12 19:10 2,682,880 -------- c:\documents and settings\all users\VCREDI~3.EXE
2003-05-21 13:28 4,815,360 a------- c:\documents and settings\matt\Setup.exe
2008-05-14 16:08 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051420080515\index.dat

============= FINISH: 13:38:24.63 ===============

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:06:57 AM

Posted 02 May 2009 - 12:45 PM

Hang on.

It still may take a day or so for a review and assistance.

We are stuffed. But you are not ignored.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#5 mdo5006

mdo5006
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 02 May 2009 - 12:57 PM

Your help is much appreciated. Take your time!

#6 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:06:57 AM

Posted 03 May 2009 - 08:14 PM

Howdy, my name is Hoov, and I will be helping you with your dilemma.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
  • Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
  • Clean all the entries in the "Windows Explorer" section.
  • Clean all entries in the "System" section.
  • Clean all entries in the "Advanced" section.
  • Clean any others that you choose.

In the Applications Tab:
  • Clean all except cookies in the Firefox/Mozilla section if you use it.
  • Clean all in the Opera section if you use it.
  • Clean Sun Java in the Internet Section.
  • Clean any others that you choose.
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

Please perform a BitDefender Online Virus and Malware Scan here:
http://www.bitdefender.com/scan8/ie.html
* Click on I Agree.
* An ActiveX warning box will appear, click on Install.
* Under Select What You Want To Check For Viruses.
* Please Check My Computer and Click Ok
* Now Click On Click Here To Scan
* Next, Click on Click here to export the scan report
* Save it to your Desktop.
* In your next reply, please include the BitDefender log.

Next click start-->run
Type cmd in the Run box.
In the command prompt that opens, type or copy and paste the following:
netstat -b 5 > activity.txt

Press Enter. Wait 2 minutes then press Ctrl+C.
Type activity.txt on the command line to open the log file in notepad.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#7 mdo5006

mdo5006
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 04 May 2009 - 10:06 AM

Hello Hoov,

Thank you very much for taking the time to help me with my problem. The morning after my WoW account and Gmail were illegally accessed, I ran netstat and monitored the connections my computer was making. I was able to find a few IP addresses that traced back to the Asia Pacific Information Center, all listening on port 3724, the port WoW uses to communicate. I then ran several different types of anti-virus and anti-malware programs in an effort to remove the keylogger. Some of the programs I ran included AVG Free, Spybot, and Malwarebytes' Anti-malware. I also attempted to use a keylogger detector and started the WoW program without entering my password information to see if it could see where a log file was being written. Unfortunately, none of these programs returned anything that leads me to believe the keylogger has been cleaned from my computer, although I have not seen any unusual connections through netstat for a few days now. Any additional help you can provide would be wonderful!

Regards,
Matt

P.S. Attached are the BitDefender logs and netstat activity logs.

Attached Files



#8 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:06:57 AM

Posted 04 May 2009 - 11:31 AM

Have you noticed any other problems with the computer? Anything at all, even something minor? Please update Malwarebytes' Anti-Malware and run a full scan instead of a quick scan, post the log. Also please run combofix and post the log.

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


There is one more program that may help. Winpatrol , if you run it, go to the Startup Program tab and there is a checkbox near the top for showing the locations of hidden programs. Check the box and go thru the list of programs and see if there are any programs there that you are unfamiliar with.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#9 mdo5006

mdo5006
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 04 May 2009 - 02:22 PM

Hello again,

The requested log files are attached. Also, as for any other problems with the computer... Maybe the only real thing I can say is the hard drive seems to be working quite a lot whenever the computer is idle and a screensaver is on. This isn't just because of the daily anti-virus scan either, it can happen at any point in the day.

Thanks for the continued help.

Attached Files



#10 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:06:57 AM

Posted 04 May 2009 - 04:16 PM

Please perform a BitDefender Online Virus and Malware Scan here:
http://www.bitdefender.com/scan8/ie.html
* Click on I Agree.
* An ActiveX warning box will appear, click on Install.
* Under Select What You Want To Check For Viruses.
* Please Check My Computer and Click Ok
* Now Click On Click Here To Scan
* Next, Click on Click here to export the scan report
* Save it to your Desktop.
* In your next reply, please include the BitDefender log.


After this, try logging onto WoW while watching netstat and see if the asian connection comes back. If it does, give me the IP address.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#11 mdo5006

mdo5006
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 05 May 2009 - 08:53 AM

Hello again,

I appologize for the extended wait time for this reply. I ran the BitDefender scan as requested. Also, I ran netstat and launched WoW with it monitoring connections. I noticed quite a few suspicious IP addresses listening on port 3724. Some coming from Amsterdam, some coming from the U.S. and two specifically coming from the Asia Pacific Network Center.

TCP VALUED-2D4C2DDC:1795 125-239-10-19.jetstream.xtra.co.nz:3724 SYN_SENT 3088
[WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe]

TCP VALUED-2D4C2DDC:1894 120.16.74.252:3724 SYN_SENT 3088
[WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe]


These two entries traced back to Asian addresses according to who.is. I have noticed over time watching these addresses from the Asian networks appear that they are always different. I don't really recall seeing the same connection twice. I will include the full activity log from with the WoW patcher running if you need it.

Thanks,
Matt

Attached Files



#12 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:06:57 AM

Posted 05 May 2009 - 03:38 PM

First, I believe you are misinterpreting some of the info you are seeing. Those two results are indeed from APNIC, but that is not necessarily Asia. More correctly it is the Asia Pacific Network Information Center. The first entry is actually from New Zealand. The second is from Australia. But what is more interesting is the program that is originating these connections. [WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe] I have been doing some research on this program, and it seems to be an update for WoW. And because it is running, and from your problem, I am assuming it has been for a while, I think the update has hungup and cannot finish. So I did some more looking and found something that you might want to look at. It is on the WoW forums here. Try following those instructions and see if it improves things.

Also, just for informational purposes, APNIC covers China, Korea, India, Japan, Micronesia, Australia, New Zealand, and all the little countries around that area.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#13 mdo5006

mdo5006
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 05 May 2009 - 09:44 PM

Hoov,

Thanks for your continued efforts to help me out. My patcher finished successfully as I was monitoring the connections. The biggest reason I was worried about the APIN was that the IP address that Gmail identified as logging into my account illegally came from there. I can continue to monitor the connections when WoW is running to see if any other strange connections come up.

Regards,
Matt

#14 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:06:57 AM

Posted 05 May 2009 - 10:25 PM

OK, but just so that you know, I have helped 6 or 7 people in the last month and a half that have had their WoW account compromised. They always blame keyloggers, yet in almost all the cases the systems were pristine, and the other cases had no keylogger, just minor problems. I contacted Blizzard, and they could not give me any more information, even though they claim that the keylogger was undetectable by most software. But they could not tell me what keylogger it was, or the software that would detect it. In doing some searching about this issue, I have found that they have been blaming keyloggers for compromised passwords for over 3 years. As far as I know, they have more security problems on keyloggers than ANY other site I have ever seen. I don't know what kind of security they have in place, but it seems to me that is the place they need to look.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#15 mdo5006

mdo5006
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 06 May 2009 - 09:54 AM

Hoov,

Your help with my issue has been tremendous. Thank you so much for helping me out. I was sort of suspecting your information about Blizzard was true as I am very adamant about security on my computers through using NoScript, avoiding shady websites, etc. As long as in your opinion, there are no issues with my computer, I am more than happy to move forward. Thanks again for everything!

Regards,
Matt




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users