Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible keylogger


  • This topic is locked This topic is locked
4 replies to this topic

#1 Phil McCavity

Phil McCavity

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, NSW
  • Local time:11:58 AM

Posted 19 March 2015 - 08:52 PM

This is a follow-up to my original post here : http://www.bleepingcomputer.com/forums/t/570651/possible-keylogger/

 

To reiterate, I have a computer on which I've almost finished cleaning up the usual slew of adware and other rubbish but there's one item remaining that I can't figure out. I've run rkill, sc_cleaner, JRT, roguekiller, adwcleaner, malwarebytes, an avast boot-time scan and the boot CD scans with both avast and kaspersky antivirus and while they've removed quite a bit of rubbish I can't remove, or figure out, this last entry. I can's see anything using Autoruns that leaps out at me either.

 

Roguekiller is reporting, on the "rootkit" tab, in red, the following entry :

 

Detection                                       Name                                                                  Module

Filter : (Root.Keylogger)                \Driver\kbdclass @ \Device\0000007b               \Driver\eabfiltr @ Unknown

 

Can anybody tell me how to figure out if this is genuine malware or if it's simply misidentified by Roguekiller?

Attached Files



BC AdBot (Login to Remove)

 


#2 Phil McCavity

Phil McCavity
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, NSW
  • Local time:11:58 AM

Posted 20 March 2015 - 03:28 PM

Additional info : the Avast! free antivirus on this computer occasionally pops up and says it's detected a rootkit (SVC : swcustcfg > ??? - rootkit hidden service)



#3 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:58 AM

Posted 23 March 2015 - 09:25 AM

Hi there,

Both services are not malware related. This is a known false positive from Avast. You can ignore Rogue Killer's warning.

See also here and here.

I advise you to delete all old versions from Java Runtime Environment that are installed on your computer and download the latest version of it, though.

Do you have any more questions for me? :)
Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#4 Phil McCavity

Phil McCavity
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney, NSW
  • Local time:11:58 AM

Posted 23 March 2015 - 02:25 PM

Excellent - thanks for the info. Much appreciated.



#5 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:58 AM

Posted 23 March 2015 - 04:24 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users