Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Found 007 Spy Ware (key Logger?)


  • Please log in to reply
8 replies to this topic

#1 Davexx1

Davexx1

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Winter Springs, Florida
  • Local time:06:48 AM

Posted 14 March 2006 - 10:03 AM

After finally removing Spy Falcon and other associated files from my PC, I ran a Spybot scan and found more crud. In that scan a file was found called 007 Spy Ware. I was told that is a key logger program. The Spybot program deleted it then I purged it. Hopefully it is gone forever.

My questions are: can a key logger program like that get placed on my PC via an email, hidden attachment, virus, spy ware, or does it have to be manually installed????? Is there any way it can be traced to see where it came from or where the collected info was sent to?

Thanks, Dave

BC AdBot (Login to Remove)

 


#2 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:05:48 AM

Posted 14 March 2006 - 10:21 AM

Hi Davexx1

Here is some info. from Symantec.com


http://www.symantec.com/avcenter/venc/data...are.007spy.html

Behavior
Spyware.007Spy is a commercial spyware program that logs keystrokes, Web sites visited, programs used, and files and folder activity. It also has the ability to capture screenshots and can use FTP or email to send all the logs to a remote server or email address.

This spyware can be run automatically in a silent, undetectable mode and it cannot be accessed until it is brought out of silent mode. This can be done with a hot-key combination (the default combination is Ctrl+Alt+7).

Symptoms
The files are detected as Spyware.007Spy.

Transmission
This spyware must be manually installed.


Posted Image

#3 Davexx1

Davexx1
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Winter Springs, Florida
  • Local time:06:48 AM

Posted 14 March 2006 - 12:42 PM

I bought this Dell Dimension 8250 computer via mail order directly from Dell. My wife and I are the only ones that have used it or had access to it. Wife Sally could care less what I do on the computer and doesn't know anything about the 007 program. I believe and trust her.

That said, how did the program get on there?? If it has to be manually loaded as indicated, is there any chance it came from Dell with it on there??

Dave

#4 Herk

Herk

  • Members
  • 1,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S.E. Idaho, USA
  • Local time:06:48 AM

Posted 14 March 2006 - 01:00 PM

This is a commercial program, though I wouldn't be surprised to find that someone has hacked a way for it to be included in a trojan.

#5 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:06:48 AM

Posted 14 March 2006 - 01:04 PM

This is a commercial program, though I wouldn't be surprised to find that someone has hacked a way for it to be included in a trojan.

That would be my guess also. In your case it came in with something else.
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#6 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:04:48 AM

Posted 14 March 2006 - 01:07 PM

Was this a remanufactor\refurbished computer? It could have been a corporate computer that was confiured and then later return. The tech that certified it may have not been looking for such a program, hence missed it.

???Who really knows???
"2007 & 2008 Windows Shell/User Award"

#7 Davexx1

Davexx1
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Winter Springs, Florida
  • Local time:06:48 AM

Posted 14 March 2006 - 01:11 PM

It was a brand new fresh in the factory wrapper computer. Sally and I are the only hands that have touched it (that I know of).

Dave

#8 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:04:48 AM

Posted 14 March 2006 - 01:14 PM

Just a thought.
"2007 & 2008 Windows Shell/User Award"

#9 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:05:48 AM

Posted 14 March 2006 - 05:35 PM

You probably agreed to have it installed while downloading some "freeware" like screensavers or something like Bonzai Buddy.

READ ALL EULAS before you select the "I AGREE" button.

Use the following to scan and protect your computer:

Anti-malware freeware (You can run as many of these as you wish. Generally there is no conflict between these and you should always run several)

Ad-Aware SE Personal is a free version and it can be downloaded from our Mirror Sites in the Download section at Lavasoft website. However, please note that while the free Ad-Aware SE naturally helps you remove all spyware, it does not provide real-time memory scanning; this capability comes with the paid versions.

http://www.lavasoft.com/

Spybot S&D: http://www.safer-networking.org/en/index.html
Be sure to enable “Teatimer” which gives you realtime protection.

Did you have Teatimer enabled?


Microsoft Windows Defender
http://www.microsoft.com/athome/security/s...re/default.mspx
This also provides realtime protection.

SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html

Microsoft Malicious Software Removal Tool (Win XP and Win 2000):
http://www.microsoft.com/security/malwareremove/default.mspx

A˛ - Free from http://www.majorgeeks.com/download4281.html . Run it, click Search for Updates, then click Scan.


Run the following web based scans using IE.

Web based online Antivirus and anti-malware scans: (these can be run regardless of whatever else you are using. You must use Internet Explorer to run these.)

Kaspersky Anti-Virus Web Scanner
http://www.kaspersky.com/service?chapter=161739400#betatest


Panda Activescan
http://www.pandasoftware.com/activescan/co...n_principal.htm

Trend Micro antivirus and malware scan:
http://housecall-beta.trendmicro.com/en/st...orp.asp?id=scan

Etrust Anti-virus web scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx.

online trojan scans here -
http://scan.sygatetech.com/pretrojanscan.html


Windows Security Trojanscan
http://windowsecurity.com/trojanscan
See instructions for it here:
http://www.windowsecurity.com/trojanscan/trojanscan.asp


After you do that follow the directions in the following and post a HJT log in the HJT Forum:

Read the pinned post in our “HijackThis” forum, here
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
Carefully read and follow all directions explicitly.

Following instructions run a log, and post it in following HJT forum,
at this link
http://www.bleepingcomputer.com/forums/posthjtlog.html

Do not as yet attempt to fix anything by yourself using Hijack This as even what may seem to be a small mistake can render your op system inoperable.
Some files when in one folder may be fine while in another may be malware.


A member of our HJT Team will analyze your log, make recommendations and offer assistance.

It may take a period of time to get a response to the log you posted because the members of our HJT Team are kept very busy.
Please be patient as this team is manned by volunteers. They will help you as soon as possible.

NOTE
Once you have posted your HJT log, please DO NOT make any additional posts in the HJT forum thread you created until you get a response from a member of our HJT expert team.

The first criteria they have when looking for logs that need replies are posts showing 0 replies. If you make an additional post, it will show as having 1 reply.
A team member, looking to see if a reply has been made might well assume another HJT Team member is already assisting you and might not open the thread to respond.

So, make your post and wait for a response from a team member.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users