Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kl Detector Free Software


  • Please log in to reply
2 replies to this topic

#1 help!

help!

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 11 June 2006 - 08:26 PM

Hi, here is the short log that I got after I ran this free program that detects keyloggers
how can I tell if I have a keylogger??

I have xp; newer; with mcafee firewall and antivirus

thanks!! :thumbsup:

KL-Detector has found some suspicious files:
C:\Documents and Settings\owner\Cookies\owner@www.msn[1].txt
C:\Documents and Settings\owner\Cookies\owner@www.msn[2].txt
Please check; someone might have installed a keylogger on your computer!

You MAY want to take a look at:
C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\

C:\Documents and Settings\owner\

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\X8W3T9KD\

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\89YFW5Q7\

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\2RYFMH27\

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\QL7WLWVU\

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\OX0DIFOD\

C:\WINDOWS\system32\config\

C:\Documents and Settings\owner\Cookies\

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\X3VMYVER\

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\0C46Y4IC\

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\Y98V2HA5\

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\AP28KGIJ\

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\SRPJYEZH\

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\4W1K6NLZ\


Then there was this longer log (I only copied and pasted part of it; it's very long) you click on something in the program to get this longer log;

do you need this to tell?

Below are some file operations that were done during the monitoring process.
Review them carefully and check for suspicious files.


C:\Documents and Settings\owner\ntuser.dat.LOG
was modified.

C:\Documents and Settings\owner\ntuser.dat.LOG
was modified.

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\0C46Y4IC
was modified.

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\13N3DP86
was modified.

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\2RYFMH27
was modified.

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\4W1K6NLZ
was modified.

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\89YFW5Q7
was modified.

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\8LEB49QN
was modified.

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\AP28KGIJ
was modified.

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\EXDUJ2T0
was modified.

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\JJ9JVHSW
was modified.

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\OLIJKLUN
was modified.

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\OX0DIFOD
was modified.

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\QL7WLWVU
was modified.

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\SHMB0HM3
was modified.

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\SPUNK9E3
was modified.

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\SRPJYEZH
was modified.

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\WT8R8ZS7
was modified.

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\X8W3T9KD
was modified.

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\Y98V2HA5
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat
was modified.

C:\Documents and Settings\owner\Cookies\index.dat
was modified.

C:\Documents and Settings\owner\Local Settings\History\History.IE5\index.dat
was modified.

BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:09:52 PM

Posted 11 June 2006 - 09:53 PM

Hi help!

I would run through our malware removal guide. I'm not familar with KL Detector, but haven't seen it on a rogue listing either, so I don't know how reliable it is. Run throught the cleaning steps and post an HJT log to make sure all is well.

Good luck,

rigel

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 help!

help!
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 12 June 2006 - 12:53 PM

thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users