Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Systemsleuth Keylogger Infection


  • Please log in to reply
9 replies to this topic

#1 politruc2003

politruc2003

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 28 January 2006 - 03:31 PM

Hi guys,

I ran Spyware Doctor and it says I'm infected with SystemSleuth Keylogger. I did not install this on my PC. I have WinXP home updated. Could anyone please help me get rid of it?

Thanks!

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:40 PM

Posted 28 January 2006 - 03:35 PM

Hi politruc2003
Have you tried to uninstall the program? Try doing this by clicking on start, then control panel, and then double-click on add/remove programs. Let me know if it can be deleted that way.
David

#3 politruc2003

politruc2003
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 28 January 2006 - 03:40 PM

Hi David,

Thanks for your answer. I tried that, but it doesn't show on my list of programs. Any ideas?

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:40 PM

Posted 28 January 2006 - 03:43 PM

Hmm....I'm thinking this may possibly be a false postive, or just a small registry entry.

Can you tell me if this folder is present:

C:\ProgramFiles\SystemSleuth

Let me know.....
David

#5 politruc2003

politruc2003
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 28 January 2006 - 03:47 PM

No, I don't see a folder with that name.

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:40 PM

Posted 28 January 2006 - 03:50 PM

When spyware doctor finds this "infection", does it give you a pathname, or any link to where it is coming from? Im not familiar with the spyware doctor interface so this may not be an option, but see if you can find a path name.

David

#7 politruc2003

politruc2003
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 28 January 2006 - 03:59 PM

Yes, it does. here it is:

C:\SystemVolumeInformation\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0009849.exe

I searched for the file, I couldn't find it.

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:40 PM

Posted 28 January 2006 - 04:01 PM

Ahhh...You won't be able to find it i don't think :thumbsup: You need to do this to remove that file:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

Rescan with the "doctor" and tell me if it still finds it :flowers:
David

Edited by D-Trojanator, 28 January 2006 - 04:28 PM.


#9 politruc2003

politruc2003
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 28 January 2006 - 04:28 PM

Yeeeeeessss! It worked! :thumbsup:

Thank you so much for your help!!!

#10 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:40 PM

Posted 28 January 2006 - 04:29 PM

Ok, i'm glad i could help :thumbsup:
David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users