Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Little Spy V2


  • Please log in to reply
5 replies to this topic

#1 Elendil

Elendil

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:08:23 PM

Posted 13 July 2006 - 02:02 PM

Hey everyone! I'm short on time so I'll cut right to the point. I've just installed ZeroSpyware and have performed a rootkit scan. After the scan was completed, ZeroSpyware informed me that I was infected with the My Little Spy v2 Commercial Keylogger. The location of this baddie was: C:\Windows\System32\sysinfo.dll However, what is interesting is that ZeroSpyware says that this malware affects Windows 98 & ME platforms; but, I am running a Windows XP Pro. After googling this item, it appears like it malware regardless of the OS, but since it is in System 32 (I screwed up my computer a few months back by deleting a .dll in System32 that I believed was a corrupted file and ended up having to reformat... but yes I know malware, in particular the big baddies, like System32 but it can't hurt to be safe) I thought I'd double check here. So is my file:
C:\Windows\System32\sysinfo.dll malware or a false positive by ZeroSpyware?
Stanford '14
B.S. Candidate | Computer Science

BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:23 PM

Posted 13 July 2006 - 07:49 PM

sysinfo.dll info here and here.

Download and scan with Ewido Anti-Spyware v4.0
Print out the Ewido Install and Scan Instructions.

Then perform these online Virus scans:
[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.]
Trend Micro Housecall Scan
Panda ActiveScan
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Elendil

Elendil
  • Topic Starter

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:08:23 PM

Posted 14 July 2006 - 08:27 AM

Ok, I've performed scans with Ewido, A-Squared, and Ad-Aware SE. It appears that I am clean from all spyware and that ZeroSpyware removed sysinfo.dll successfully. But like I said, the location of the program was C:\Windows\System32\sysinfo.dll, but in the BC startup database, sysinfo.dll is running from C:\Program Files\Common Files\Microsoft Shared\MSInfo\SysInfo.DLL
Stanford '14
B.S. Candidate | Computer Science

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:23 PM

Posted 14 July 2006 - 10:21 AM

The installation executable for Troj/LegMir-AA installs the following DLL:
%COMMON FILES%\Microsoft Shared\MSInfo\SysInfo.DLL

sophos.com

Anytime you come across a suspicious file you should always do a search on it and then go
to jotti.org or jotti.org, browse to the location of the suspicious file and submit [upload] it for scanning/analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Elendil

Elendil
  • Topic Starter

  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The US
  • Local time:08:23 PM

Posted 14 July 2006 - 06:37 PM

!!! I forgot about that website with a million online scanners. I've used it three times today so far, it's amazing, thanks for the link QM7! :thumbsup:
Stanford '14
B.S. Candidate | Computer Science

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:23 PM

Posted 14 July 2006 - 06:49 PM

Your welcome. Just more tools for your malware fighting toolkit. :thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users