Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keylogger headaches


  • Please log in to reply
4 replies to this topic

#1 Hideous piping

Hideous piping

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 12 April 2010 - 07:45 AM

It looks like I have a keylogger in my system and I cannot seem to find it and remove it. Here's the scenario, I play World of Warcraft, yesterday someone was able to use my log-in information to change the email and password I use for logging into the game and for my account administration page. I called Blizzard and they have changed the email address and password from there end twice now, but no sooner do i log into the game or into the account administration site the 3rd party person changes all of my info and I am locked out of my own account once again. I have used all the tools noted below before changing any of my information but they still are able to snag my info.

I have done full scans with :
Avast-twice at boot level
Superantispyware
Spybot search and destroy
Hijackthis
Malware bytes
CCcleaner

They all find things like "Adware-Tracking cookie" that i have had them remove but still the issue persists.
This is the 1st time i have had an issue like this because my system is usually locked down tight, so I am at a loss for what to do as a next step, short of a full reinstall of my OS. Thanks for any help or suggestions, I will be checking the thread throughout the day.

I am running on Vista home-32bit
Firefox with Ad Block plus and No-script.

BC AdBot (Login to Remove)

 


#2 sduvick

sduvick

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 12 April 2010 - 09:09 AM

usually a keylogger will run as an EXE and should be fairly easy to find in a HJT log, so can you run HJT again and create a log, then attach that log?

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:34 PM

Posted 12 April 2010 - 12:40 PM

It looks like I have a keylogger in my system and I cannot seem to find it and remove it.

What makes you think a keylogger is present?....there are various ways for your machine to become compromised. Please read How Malware Spreads - How did I get infected which explains the most common ways malware is contracted and spread.

If your scans are coming up clean, then the hijacking may be linked to the website or a malicious pop-up ad you encounter when going there.

Gaming sites are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. They can lead to other sites containing malware which you can inadvertently download without knowledge. Users visiting such sites may encounter innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. For these reasons gaming sites can put you at risk to fraud, phishing and theft of personal data. Even if the gaming site is a clean site, there is always the potential of some type of malware making its way there and then onto your system. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. In those cases, recovery is not possible and the only option is to reformat/reinstall the OS.

...Microsoft Security has issued a research report where it notifies that virus creators are continuously assaulting online video game players...a malicious family of software programs are seeking out popular online computer games such as World of Warcraft, Maple Story, Lineage and several others. According to Microsoft’s seventh Security Intelligence Report, cybercrooks use computer worm parasites for stealing confidential personal information from local computer users through online games, unsecured file sharing and removable disk drives...The most dangerous and prevalent malware involve Taterf and Conficker worms which have infected millions of computer systems worldwide...

Malware Makers Target Online Games to Spread Worms

Microsoft warned video game developers...that their PC games are now a target for criminals...Popular massively multiplayer online games, such as World of Warcraft, have created a market for valuable game identities...Using malware or software designed to infiltrate a computer system, hackers steal account information...

Microsoft warns game developers of cyber thieves

...Gaming sites are becoming a growth area for malware and other security threats. The newer threats are sophisticated and are designed to draw in unsuspecting users...

Game Sites Next Big Malware Target?

The design of online game architecture creates an open door for hackers...hackers and malware hoodlums go where the pickings are easy -- where the crowds gather. Thus, Internet security experts warn game players that they face a greater risk of attack playing games online because few protections exist....traditional firewall and antimalware software applications can't see any intrusions. Game players have no defenses...Online gaming sites are a major distribution vehicle for malware....

MMO Security: Are Players Getting Played?

...Moral of the story?
1. Do not allow online games
2. Block ports used by online games
3. Block sites related to these online games
4. Educate your users...

online game + online trade = Trojan Spy

Security researchers...poked around in World of Warcraft and other online games, finding vulnerabilities and exploiting the system using online bots and rootkit-like techniques to evade detection...Some Trojan Web sites have done what they can do to collect gamers' authentication information so they can loot their characters (and) accounts.

Real Flaws in Virtual Worlds: Exploiting Online Games

...a very significant release for Gamers everywhere with the addition of a variety of password stealers directly targeting Online games. The main targets are mostly based in Eastern Asia (Lineage Online, Legend Of Mir, ZT Online just to name a few), but World of Warcraft and Valve’s Steam client are high on the hit-list too...

Taterf – all your drives are belong to me!

BTW, HijackThis logs are only permitted in the Virus, Trojan, Spyware, and Malware Removal Logs forum, not here. Further, HijackThis only scans certain areas of your system/registry to help diagnose the presence of undetected malware in known hiding places. Therefore, a hijackthis log may not always show all the malware on your system so we use more effective alternatives such as DDS as instructed in the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 sduvick

sduvick

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 12 April 2010 - 01:01 PM

I agree with quietman, there is no real evidence that there is a key logger.
@quietman, why are they not allowed here? they are a valuable tool in gaining knowledge of the system in need of fixing.
yes it only scans certain parts, but it lists running processes and commonly mischanged registry settings used by viruses and malware.
I do agree that it may not always show the malware, but it's an easy place to begin.
what is the difference between DDS and HJT? it seems to do the same thing, and even cites HJT in its results?

EDIT: my apologies for my naivety, i'm new to this forum, I just enjoy helping people with fixing things. are DDS logs allowed here? or nothing at all?

Edited by sduvick, 12 April 2010 - 01:14 PM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:34 PM

Posted 12 April 2010 - 01:39 PM

HijackThis and DDS logs are only allowed in the Virus, Trojan, Spyware, and Malware Removal Logs forum because that forum is where the trained experts work those types of logs.

DDS is a specialized tool that produces a Psuedo HijackThis Report (a scaled down and simplified version of 'HJT lines' that provides the same information in a more condensed format). In addition, it collects much more information that is useful for malware detection, then later removal with other tools. You cannot fix any of the entries with DDS. It's primary purpose is detection of malware in various areas and providing a detailed log to a trained malware removal Helper who can use the report to plan a strategy of attack.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users