Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Might have a Keylogger..


  • Please log in to reply
9 replies to this topic

#1 alextehbomb

alextehbomb

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 30 July 2013 - 08:47 PM

Hello,

I was playing a game and they had a chat group open for a community hunt where others help each other find things in the game. Someone in the chat suggested a website with locations of these items. The locations listed were correct, and I thought that was that. Later in this chat, someone of high ranking asked me what site I used for the locations, and I told him (world60pengs.com). He said that the site was not owned by the chat and that other users have said they have contracted viruses from the site. Usually any malware used against a player in this game is a keylogger to take their items and sell it off somewhere illegally. Anyways, if I do have a virus on my machine, I'm 90% sure it would be a keylogger. The site had a light green WOT trust rating, which is probably why it made me think the site was safe (it still could be a safe site, but I'm not sure). All help is appreciated :P



BC AdBot (Login to Remove)

 


#2 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 31 July 2013 - 02:51 AM

:welcome: Alex

 

Give this a try:

 

:step1: Install and run MBAM

:step2:  Running TDSSKiller to obtain log

 

Note: Don't cure or delete a threat, but choose skip for all instead.

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • In the Additional options: Check Detect TDLFS file system
  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • Choose for all threats to Skip for all of them.
  • Click Continue
  • Please post the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

===================================================

 

:step3: ESET Online Scanner

==================

Note: If your AV is blocking Eset online scanner, please temporarily disable your AV.

 

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and » UNCHECK "Remove found threats" <== Important
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. (If no malware was found you will not be presented with a log).
  • Click the Back button.
  • Click the Finish button.

===================================================


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#3 alextehbomb

alextehbomb
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 31 July 2013 - 11:29 AM

I am unable to find a malwarebytes log in the directory, just 2 folders labelled chameleon and languages. I have a TDSSKiller Log, but the logs is too big to post. The results were clean though. The ESET scanner came with a result that said I have a virus called ScrInject.B.Gen. Here is the result:

C:\Users\Francis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00086d HTML/ScrInject.B.Gen virus

 

Thanks for all your help so far.



#4 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 31 July 2013 - 11:39 AM

Repeat the MBAM scan and let the infections by quarantinzed if they exists.

Next clean your Google Chrome cache.


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#5 alextehbomb

alextehbomb
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 31 July 2013 - 12:46 PM

No threats again.

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.07.31.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Francis :: FRANCIS-PC [administrator]
 
Protection: Enabled
 
7/31/2013 12:46:44 PM
mbam-log-2013-07-31 (12-46-44).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 366921
Time elapsed: 34 minute(s), 59 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
I cleared the cache manually, and then used CCleaner to make sure.


#6 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 31 July 2013 - 12:49 PM

I think you're clean of infections now. Do you have any issues related to malware left?

 

:step1: My advice is to keep your computer up to date with Windows Updates, Java and Adobe Reader and Flash Player.

 

:step2: Use WOT to inspect sites if they are safe or not :http://www.mywot.com/

 

:step3: A good working AntiVirus is also important. I personally advice Avast free or Avira. MSE it's detection is not so great.

 

:step4: Let's check how good your security is:

 

Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#7 alextehbomb

alextehbomb
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 31 July 2013 - 01:18 PM

Here is the security check log.

 

Results of screen317's Security Check version 0.99.71  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 SpywareBlaster 5.0    
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Flash Player 11.7.700.202  
 Adobe Reader XI  
 Mozilla Firefox 21.0 Firefox out of Date!
 Google Chrome 28.0.1500.71  
 Google Chrome 28.0.1500.72  
````````Process Check: objlist.exe by Laurent````````
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Spybot Teatimer.exe is disabled!
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log``````````````````````
 
 
Also, should I run another ESET scan to be sure?

Edited by alextehbomb, 31 July 2013 - 01:18 PM.


#8 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 31 July 2013 - 01:21 PM

:step1: Spybot is no longer recommend (in the old days it was a good tool...), because of it's low detection ratio. I would deinstalled it. 

 

 

:step2: There is a new version of Firefox available. I would install always the new version.

 

 

:warrior: The rest is perfect! Safe and happy browsing the web again.


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#9 alextehbomb

alextehbomb
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 31 July 2013 - 01:35 PM

And should I run another ESET scan? Here is my Security check after the updates.

 

Results of screen317's Security Check version 0.99.71  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 SpywareBlaster 5.0    
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Flash Player 11.8.800.94  
 Adobe Reader XI  
 Mozilla Firefox (22.0) 
 Google Chrome 28.0.1500.71  
 Google Chrome 28.0.1500.72  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Spybot Teatimer.exe is disabled! 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#10 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 31 July 2013 - 01:38 PM

You may run another Eset scan. I would also do an Avast boot scan, this scan is intensive but detects many things.

 

The security log is perfect, you're good protected now. 


Edited by GodfatherKing, 31 July 2013 - 01:39 PM.

If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users