Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cisvc.exe keylogger


  • Please log in to reply
8 replies to this topic

#1 BrothaJeff

BrothaJeff

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 23 December 2012 - 10:59 PM

Hi there,

How do I know that the cisvc.exe that is just recently causing my CPU to use 100% of it's memory is or isn't a hack/virus?
I tried to find the indexing service from a post I found about this before. But I sadly couldn't find it. I went through control panel and found something similar and disabled it, but it still runs and uses 100% of my CPU.

When I try to find the file it says it can't be located. In Norton I went to Security History to Performance Alert and found the path of the file.

It is - C:\users\MyName\appdata\local\temp\wtfbnnrik\cisvc.exe

I'm worried it could be a keylogger and my passwords are at risk.

Thank you for any help in advance!

Jeff

BC AdBot (Login to Remove)

 


#2 Jimbob85

Jimbob85

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:VA, USA
  • Local time:06:31 AM

Posted 27 December 2012 - 02:45 PM

Hi, Welcome to BC.

Lets try a few scans and see what we find.


Please Download Malwarebytes AKA MBAM

Update Malwarebytes via the update tab.
Run a full scan
When the scan finnishes please select Remove Selected and make sure all of the boxs are checked
Please post the results

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to
include the top portion which shows MBAM's database version and your operating system.



Download

ESET online scanner

Install it

Click on START, it should download the virus definitions
When scan completes, click on LIST of found threats

Export the list to desktop, copy the contents of the text file in your reply
You may not get a listing if nothing is found

#3 Quads

Quads

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CHCH New Zealand
  • Local time:11:31 PM

Posted 29 December 2012 - 05:48 PM

User did their own thing instead,

Quads

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:31 AM

Posted 29 December 2012 - 09:32 PM

User did their own thing instead,

Quads

How would you know that?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 BrothaJeff

BrothaJeff
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 29 December 2012 - 09:35 PM

I am here. I still have a problem with the cisvc.exe. I will follow your instructions.
Thank you for helping me.

Also I have a photo of the cisvc.exe file that keeps popping up while my computer is idle. Not sure where I can't host the image.

I already disabled the indexing service, so it shouldn't be running.

Edited by BrothaJeff, 29 December 2012 - 09:36 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:31 AM

Posted 29 December 2012 - 09:43 PM

Inserting An Image Within A Post
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Quads

Quads

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:CHCH New Zealand
  • Local time:11:31 PM

Posted 29 December 2012 - 09:45 PM


User did their own thing instead,

Quads

How would you know that?



cisvc.exe keylogger/Virus FIXED!
Options
‎12-30-2012 10:41 AM

Hi guys. I decided to fix this annoying cisvc.exe CPU hogging virus on my own.

I found the path of the Virus in C:\users\MyName\appdata\local\temp\wtfbnnrik\cisvc.exe
I went searching around in that folder and found about 5 or 6 folders with cisvc.exe in them.
I restarted my computer in safe mode and deleted the folders and some other suspicious looking folders.
Restarted my computer and it ran very fast and smooth again. The CPU was running much lower around 20% average instead of 70%.
Suddenly my Norton anti-virus had huge updates that were being suppressed by the virus. I updated and restarted in safe mode and scanned my computer fully to make sure it got everything.

Now my computer is running good as new.

Thought I should post this in case other have the same problem.

From http://community.norton.com/t5/Norton-Internet-Security-Norton/cisvc-exe-keylogger-Virus-FIXED/td-p/879700

That is how, 2 forums

Quads

#8 BrothaJeff

BrothaJeff
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 29 December 2012 - 09:57 PM

I thought it was fixed but it is not fixed. I posted that later in that thread. Now I'm fallowing these instructions.

Posted Image

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,924 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:31 AM

Posted 30 December 2012 - 12:21 AM

@Quads
that is at least a clear explanation above what you first posted.



Now lets do thiose scans to see if it is a malicious spyware program

Cisvc.exe, or “Content Indexing Service,” is actually a program that’s part of the central Windows OS indexing service. It’s purpose is to monitor the indexing service to make sure it doesn’t use too many resources in terms of memory and CPU usage

Also run these...

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.





MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users