Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Key Captor


  • Please log in to reply
11 replies to this topic

#1 Elendil

Elendil

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:07:19 AM

Posted 20 May 2006 - 03:07 PM

My HJT log from my personal analysis looks clean but I posted it in the HJT forum anyways. Basically, I'm on a trial version of PestPatrol. After a scan, it detected Key Captor. I checked out ETrust's website infor on it and checked all of the locations its "supposed" to be at and nothing is there. How can I remove this program?
Stanford '14
B.S. Candidate | Computer Science

BC AdBot (Login to Remove)

 


#2 Elendil

Elendil
  • Topic Starter

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:07:19 AM

Posted 20 May 2006 - 03:31 PM

Talk about being pissed off >.< I have no clue what's legit and what's not now. Aluria says I have 7 spyware programs on my PC one of them being a CWS. PestPatrol continues to insist I have Key Captor, and I'm running NoAdAware and nothing is coming up. :thumbsup:
Stanford '14
B.S. Candidate | Computer Science

#3 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:05:19 AM

Posted 20 May 2006 - 03:32 PM

You shouldn't make any changes to your system, until your log has been verified as clean.
Any changes you make, could skew the results of the HJT log.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:19 AM

Posted 20 May 2006 - 03:35 PM

As tg1911 says you should wait until your log is checked before doing anything.

For information on KeyCaptor see: http://www3.ca.com/securityadvisor/pest/pe...px?id=453098324

PestPatrol detects the following files and registry entries for this software..
%program_files%\keycaptor\keycaptor.exe
%program_files%\keycaptor\nostealth.exe

Also see: http://www.symantec.com/avcenter/venc/data....keycaptor.html
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Elendil

Elendil
  • Topic Starter

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:07:19 AM

Posted 20 May 2006 - 03:39 PM

I know, I've just been scanning. In fact EarthLink Anti-Spyware (Powered by Aluria I believe), has just finished scanning. Now I have 17 spyware programs on my computer. False positivies I'm hoping. Either that or Aluria has major issues and deserves to be sued.
Stanford '14
B.S. Candidate | Computer Science

#6 buddy215

buddy215

  • Moderator
  • 13,510 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:19 AM

Posted 20 May 2006 - 03:59 PM

A lot of the time when this number of spyware programs are picked up, they are "cookies". Check and see. Also, you can keep these off in IE by blocking 3rd party cookies. Same in Firefox.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 Elendil

Elendil
  • Topic Starter

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:07:19 AM

Posted 20 May 2006 - 04:36 PM

My cookies have been cleared, I then scanned with SpySweeper and nothing came up so I'm officially dubing Aluria software fraud programs that display False Positives.
Stanford '14
B.S. Candidate | Computer Science

#8 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:19 AM

Posted 20 May 2006 - 04:44 PM

What you've got is probably Pest Patrol picking up strings from the defintion files of other security programs you have running on your machine. Pest Patrol is notorious for finding items that may or may not be a problem, you have to interpret the information yourself. It's more for advanced users.

Post here exactly what Pest Patrol is telling you. What the file name is and most importantly where is it located (what folder is it in)? That's the only way to tell if you have a real problem or not. I've looked at your log and don't see anything but way too many scanners running. Although you may have something there that HijackThis can't "see".

Same for Aluria--what are they saying is bad--what files and locations? Theirs could be false positives. Pest Patrol's could be as well, but more likely they are just telling you what is there and letting you decide if it's bad or not.

We always did feel the same

We just started from a different point of view

Tangled up in blue--Bob Dylan


#9 Elendil

Elendil
  • Topic Starter

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:07:19 AM

Posted 20 May 2006 - 07:20 PM

Well, Earthlink AS and Aluria just give me the numbers and no location (an indication to me that they are displaying false positives), while PestPatrol gives me the follow:


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs

Only problem is there are a thousand entries in it >.<
Stanford '14
B.S. Candidate | Computer Science

#10 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:19 AM

Posted 20 May 2006 - 10:58 PM

Well, that's a legit reg key and yeah there will be a lot of values listed underneath it. Pest Patrol is bound to have given more information than just that. Did they flag a value? List all the values or did you check the key yourself? Where did you get Key Captor?

The devil is in the details. I need to know exactly what Pest Patrol reported. Everything. There should be some way to save a log to a file so you can copy and paste the info here, but if not, type it out exactly as it appears. Every jot and tittle.

Aluria just give me the numbers and no location

What numbers? If those are CLSID's you can find out what is being reported, if it's bad or not, or why it might be mistaken for being bad. Again I need to know exactly what is being reported before deciding if it's a false positive and if it is what the FP is.

Aluria makes a pretty good scanner. They may do a few fishy things so I woudn't recommend them, but even if they are finding FP's, that doesn't make them a fraud. Even the best programs make mistakes that are understandable given how much malware is out there and the way it mutates. It's better not to get mad at them unless you report the FP's to them and they do nothing about it. And to report FP's you need to have proof.

Rushing to judgement and not giving the relevant details is not very scientific.

Also did you install Aluria's standalone scanner or just use the one at Earthlink?

We always did feel the same

We just started from a different point of view

Tangled up in blue--Bob Dylan


#11 Elendil

Elendil
  • Topic Starter

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:07:19 AM

Posted 21 May 2006 - 09:57 AM

Sorry... lack of sleep is getting to me. Aluria & Earthlink only told me the number of spyware I am infected with. No location - nothing. I installed Aluria's stand alone and then Earthlink's scanners. Also, I was on IE 6 browsing some information (Mozilla didn't work so well with the website) when I got a popup with something about Drive Cleaner, it then proceeded to do something but I closed the window. I can't find Drive Cleaner on Spyware Warrior, but I have a feeling it's bad. In regards to PestPatrol, it only gave me that location and nothing else and I have no idea how I acquired key captor.

Edited by Elendil, 21 May 2006 - 09:58 AM.

Stanford '14
B.S. Candidate | Computer Science

#12 Elendil

Elendil
  • Topic Starter

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:07:19 AM

Posted 21 May 2006 - 11:58 AM

Just now I installed StopZilla and it came up with 255 traces of spyware/adware which I seriously doubt. All of them were in the following registry location:

Hkey_users\S-1-5-21-1012504376-1906599609-1861663958-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
Stanford '14
B.S. Candidate | Computer Science




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users