Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran KL-Detector, and it says the following


  • Please log in to reply
1 reply to this topic

#1 tapioca15

tapioca15

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 15 November 2009 - 01:08 PM

Hello I am new to this great forum. I just discovered this forum today. I wished I have known this forum long time ago. I am not good in computer and like to ask about this situation. I always suspect there maybe some keylogging spyware on my computer, and I found this free" KL-detector program", and ran it and it says"

KL-Detector has found a suspicious file:
C:\WINDOWS\System32\DRIVERS\26e5b99e.sys

Please check; someone might have installed a keylogger on your computer!

then I click the full report, although I do not know what this means, it shows"

Below are some file operations that were done during the monitoring process.
Review them carefully and check for suspicious files.


C:\WINDOWS\System32\DRIVERS\26e5b99e.sys
was modified.

C:\WINDOWS\System32\DRIVERS\26e5b99e.sys
was modified.

C:\WINDOWS\System32\DRIVERS\26e5b99e.sys
was modified.

C:\WINDOWS\System32\DRIVERS\26e5b99e.sys
was modified.

C:\WINDOWS\System32\DRIVERS\26e5b99e.sys
was modified.

C:\WINDOWS\System32\DRIVERS\26e5b99e.sys
was modified.

C:\Documents and Settings\CUSTOMER\Application Data\Mozilla\Firefox\Profiles\3fwcnbj2.default\places.sqlite-journal
was modified.

C:\Documents and Settings\CUSTOMER\Application Data\Mozilla\Firefox\Profiles\3fwcnbj2.default\places.sqlite-journal
was modified.

C:\Documents and Settings\CUSTOMER\Application Data\Mozilla\Firefox\Profiles\3fwcnbj2.default\places.sqlite
was modified.

C:\Documents and Settings\CUSTOMER\Application Data\Mozilla\Firefox\Profiles\3fwcnbj2.default\places.sqlite-journal
was modified.

C:\WINDOWS\System32\DRIVERS\26e5b99e.sys
was modified.

C:\WINDOWS\System32\DRIVERS\26e5b99e.sys
was modified.


Also some background info, no one has physical access to this computer, if this info offers some help.

Please help me, I am very anxious. Thank you

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:11:42 AM

Posted 17 November 2009 - 09:09 PM

Welcome to BC

C:\WINDOWS\System32\DRIVERS\26e5b99e.sys is a rootki infection
I recommend you submit a DDS / HJT log



Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

You will also be instructed to create a Root Repeal Log

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

The HJT team is very busy and it will take awhile to get to your post
Please be patient and good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users