Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keyboard typing messages without my control (possible trojan, keylogger)


  • This topic is locked This topic is locked
7 replies to this topic

#1 torsvped

torsvped

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 27 June 2017 - 08:04 AM

Hi all. I'm not sure how to catergorise my problem as I have only had one symptom:

The lines "EXCUSEME EXCUSEME" "IM U" Typed on to whatever I had selected at the time. This has happened inside a game while I was AFK (much to my guilds confusion), on a search bar engine I had selected and twice more in the game. Always the same thing. Only occurs when I am connected to the wifi and quite a few hours after my computer has been running. Happened on windows 10 and 8.1

 

This occured one day after downloading AVAST because my previous AVAST made my chrome close every time I clicked it. Did a full uninstall of AVAST, then reinstalled from the website. No pop ups or anything. 

 

Here's what I've tried already for better or worse:

 

I assumed a keylogger and went a little rambo on my computer:

- Reset my PC, no backups or recoveries. Reinstalled OS (Windows 8.1, disc), deleted and reformatted partions.

- Downloaded Avira, scan revealed nothing.

- Downloaded chrome, guild wars 2, discord

- It typed to me once more few hours later 

 

Had to go harder rambo

- Ran DBAN from boot disc. Overwrote my hard drive.

- Reinstalled windows 8.1 (disc). Deleted and reformatted partitions

- Connected to wifi

- Downloaded Avira, scanned. 

- Used netstat -abo . Read some articles to interpret what was going on. Looked okay ? No obviously weird .exes

- Left it for 5 hours with connection and an open document. Nothing.

- Downloaded chrome, guild wars 2, discord

- 4 hours later, types to me again

 

 

Found one 'warning' thing according to Avira scans afterwards: ccc2app.exe for the AMD control centre. Online has mixed feelings about what this file does. Most say okay, some say malware. 

 

A friend has suggested to me that my keyboard or SSD may be harboring whatever it is. Additionally, I cannot access BIOS. I am met with a blank black screen. I've never tried to open BIOS previously so I don't know if that's due to my extremely out-dated computer screen (apparently one cause of this problem). But DBAN had no problem booting from disc so I assume it's set to disc boot first.

 

Any suggestions on how to move forward are welcome. I had planned to use samsung magic to 'reset' my SSD, do another DBAN wipe on harddrive, reinstall windows and then use a antivirus from a disc to offline scan. But i'd like to proceed with more guidance. I'm not very tech savvy and I have no idea what this is

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:51 AM

Posted 29 June 2017 - 11:54 AM

Ok, lets scan it.

MiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP conf[iguration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • And finally I'd like us to scan your machine with ESET OnlineScan:
  • Please download and run ESET Online Scanner
  • Check qy7AMI8.jpg (if available) and click on the ePL5oyv.jpg button.
  • It is recommended to turn off your antivirus program. Click on the E5rfZI9.png button to see which antivirus is currently enabled:
  • c4VVzVO.png
  • Turn off your antivirus program. See here how to do this.
  • Check the option beside: Enable detection of potentially unwanted applications.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
  • Enable detection of potentially unsafe applications
    Enable detection of suspicious applications
    Scan archives
    Enable Anti-Stealth Technology
  • Click on the Change button and select only Operating memory, Autostart locations and drive C:\ to be scanned.
  • yKulboi.jpg
  • Push the dtoGjAL.png button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • 8L8IBHJ.png
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
  • imxEgHt.png
  • Push thecRhRYZ8.png button and save the file to your desktop using a unique name, such as ESETScan.txt. Include the contents of this report in your next reply.
  • Push the 9IjfdXq.png button.
  • Check the box beside RHzfZB1.png to uninstall the application when closed.
  • Push Vc3btaC.png and the close the application clicking the X in upper right corner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 torsvped

torsvped
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 29 June 2017 - 12:51 PM

MiniToolBox

Spoiler

 

AdwCleaner

 

found 3 things

 

Spoiler
 
JRT
found + deleted 2 things
 
Spoiler

 

ESET found nothing

 

 

havent yet allowed adwcleaner to remove what it found, should i? 2 of them were removed by JRT already

 

After letting adwcleaner remove+restart:

 

Spoiler

Edited by torsvped, 29 June 2017 - 01:41 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:51 AM

Posted 29 June 2017 - 01:35 PM

EDIT, sorry posted wrong reply..

We should get a deeper look. Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.

Edited by boopme, 29 June 2017 - 01:39 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 torsvped

torsvped
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 29 June 2017 - 01:44 PM

Will do! Thanks for the assistance so far.



#6 torsvped

torsvped
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:51 AM

Posted 29 June 2017 - 01:52 PM

Sorry, where do you want me to post the topic? This forum still? not sure



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:51 AM

Posted 29 June 2017 - 02:02 PM

See the last step. But it's here
Virus, Trojan, Spyware, and Malware Removal Logs

You're welcome!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:51 AM

Posted 29 June 2017 - 03:47 PM

Thank you... new topic
https://www.bleepingcomputer.com/forums/t/650415/program-typing-without-my-consent-unknown-origin/

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 3 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users