Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is my computer infected with a key logger or ??


  • This topic is locked This topic is locked
15 replies to this topic

#1 gasgousegorillaz

gasgousegorillaz

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 10 October 2015 - 03:02 PM

I've been having a few strange computer things going on and believe someone is intercepting traffic from my laptop
 
A year ago I was looking at some postings on Craigslist and then the next day someone with a Yahoo email address with a variation of my name forwarded those Craigslist postings to my wife's email. 
 
A few weeks later I posted something on a travel web forum and someone responded using the same screen name that I use on another website. The poster also revealed some additional personal info about myself.
 
I scanned my desktop and laptop with two virus scanners and also used Kapersky to make a boot CD and scan for rootkils and viruses outside of windows - all systems were clean. I also bought a new router and beefed up my wireless security, creating new complex passwords (using special characters) and using WPA2.
 
At home I connect to the internet through the router and Comcast cable modem. I use windows remote desktop to access my desktop computer from my laptop over the wireless network.
 
So everything was fine and nothing weird was happening until yesterday. I'm traveling out of town using the hotel's wifi with my laptop. I visited Craigslist and later that day someone, again using an email with a variation of my name, sent links from the CL pages I visited to my wife.
 
I'm currently running Avast Antivirus on my laptop and it scans clear
 
Is it possible someone is intercepting traffic form my laptop?  What can I do to prevent this?
 
I ran FRST and the log is attached
 
 
Thanks in advance for any help

Attached Files

  • Attached File  FRST.txt   59.65KB   8 downloads


BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:04 AM

Posted 14 October 2015 - 04:51 AM

Hello gasgousegorillaz  and welcome to BleepingComputer!                      :)

 

My name is Sirawit and I'm here to help you.

 

Please note that I'm currently in training and my fixes need to be approved first, that may delay our fix a bit, but I will normally reply back in 24 hours.

 

If I don't reply after 3 days, feel free to PM me.                       :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 3 days I will bump the topic, if you didn't reply in next 3 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

 

Please post addition.txt log located in the same folder as FRST.exe and FRST.txt.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 gasgousegorillaz

gasgousegorillaz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 14 October 2015 - 07:59 PM

here is the  addition.txt file

Attached Files



#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:04 AM

Posted 18 October 2015 - 02:10 AM

Hi gasgousegorillaz.
 
We need to remove programs using "Programs and Features"

Open Computer and click on the "Computer" tab, then click on Uninstall or Change a Program.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking the below entries and selecting "Remove":

Google Toolbar for Internet Explorer

Additional instructions can be found here if needed.

 

-----------------------

 

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Attached File  fixlist.txt   1.52KB   3 downloads
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

 

We need to search for a file with FRST:

  • Download Farbar's Recovery Scan Tool and save it to your desktop
  • Double-click on FRST.exe/FRST64.exe to open it, in the search box, type the following: proxy.js
  • Press the Search Files button, allow FRST to run
  • A log file Search.txt will appear when complete, please post this in your next reply

---------------

 

After the fix has been completed, please create a new FRST log for me.

 

Thank you.

 


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 gasgousegorillaz

gasgousegorillaz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 18 October 2015 - 09:41 AM

Thank you

Attached Files



#6 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:04 AM

Posted 20 October 2015 - 02:17 AM

Hi gasgousgorillaz.

 

Emsisoft Emergency Kit
 
Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually C:\).

  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objectsNote, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

---------------

 

How is your computer running now?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#7 gasgousegorillaz

gasgousegorillaz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 20 October 2015 - 06:35 PM

No apparant current problems with my computer

Attached Files



#8 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:04 AM

Posted 22 October 2015 - 09:17 AM

Hi gasgousgorillaz.

 

Now we're going to update your programs.

 

Important Note: Your Google Chrome Installation is outdated. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow steps below to update your Google Chrome to the latest version.

  • Go to this link, you may set Chrome as default Browser or let Chrome send usage statistics and crash report to Google automatically.
  • Click Accept and Install.
  • Please download the file to your desktop.
  • Run the installer and follow the instructions.

------------------

 

Important Note: Your version of Adobe Flash is out of date.

Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to update Adobe flash:

  • Please download the latest version of Adobe Flash from http://get.adobe.com/flashplayer/otherversions/ to your Desktop
  • Double click the file to start the installation process
  • Repeat 1. and 2. for every other browser you have installed (eg Internet Explorer / Firefox / Chrome / Safari / Opera..) as applicable.

---------------

 

Important Note: Your version of Firefox is out of date.

Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to update Firefox:

------------------

 

Your version of Adobe Reader is out of dateOlder versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

-----------------

 

After that, please create a new FRST log for me.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#9 gasgousegorillaz

gasgousegorillaz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 23 October 2015 - 10:19 AM

I wasn't able to update Adobe Flash as there is no current version for windows 10

 

 

Attached Files

  • Attached File  FRST.txt   63.07KB   1 downloads


#10 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:04 AM

Posted 23 October 2015 - 10:24 AM

Please use the one for Windows 8. It should work.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#11 gasgousegorillaz

gasgousegorillaz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 25 October 2015 - 07:56 PM

here it is

Attached Files

  • Attached File  FRST.txt   63.36KB   1 downloads


#12 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:04 AM

Posted 26 October 2015 - 01:23 PM

Hi gasgousegorillaz.

 

From your logs, I can verify that there's no malware or keylogger on your computer. Your computer is clean and now we need to remove our tools.

 

bwebb7v.jpgDownload Delfix from here and save it to your desktop.

  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click the Run button.

When the tool is finished, a log will open in notepad. Please copy and paste the log in your next reply.
 
Some tips to keep your computer safe.
 
Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.
 
Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#13 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:04 AM

Posted 29 October 2015 - 01:03 PM

Are you still there?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#14 gasgousegorillaz

gasgousegorillaz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 29 October 2015 - 01:27 PM

Yes, thank you for your help 



#15 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:04 AM

Posted 30 October 2015 - 09:22 PM

No problems.:)


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users