Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Keylogger Bug In My Compy


  • Please log in to reply
6 replies to this topic

#1 CrisGer

CrisGer

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:03:03 PM

Posted 22 April 2007 - 02:16 PM

OK< I go on line, and soon, after a minute of so, my internet access through IE does not work, yet my router is flashing a million miles a second, and something is using my compy but not me. Usage on the Program manager goes up to 100% and everything crawls. :flowers:

I had a problem a week ago, Saturday, was surfing and then wham it was like i hit a wall, Something was wrong. I installed as much anti virus as I could until i found i could not run several at once. I tried Avast, AVG 7.5, SpyBot, a tech I hired to try to help who was mostly a waste, used SpyDoctoer, and he installed Zone somthing firewall, a Registry Fixer but did not run it in detailed mode, just did a scan, and called it a day. :thumbsup:

Well, the symptoms of the problem were, BSOD shutting me down, which was actually an aspect of a variant of the SmithFraud permission refusal bug i think but BSOD none the less and then some failed attempts by the system to reboot, with having to go into Safe mode and finally in to full ops, this problem with teh internaet access, the modem going nuts but me not beaing able to get on, and a number of viruses and bugs. And my internet speed dropped to nothing, i could not stay on line and my compy usage went up to 100% with nothing showing in the Program manager.

I and the tech cleaned about maybe some 15 torjans, and other critical objects, over about three days. I am back where I started with no access to the net after about two mintues of being logged on. I have DSL from the phone company and the service here is spotty but I do have a good download and upload potential. But with the current problem I am having to use the office computer to post here, as I would not be able to at home.

(I am a little above novice about tech stuff) I hope to leaern enough to be able to tell the next tech what I need and to know if he or she is able to really fix things. This system that is in trouble is my main test and developemtn sysetm, and very valueable to me, as it has tons of rirrepalceable files. I have not been able to back up the whole htings recnetly as my DVD player will currently not work right, it may have a problem induced by Starforce but that will have to wait until I get my main problems dealt with.

Due to pressure at day job, (I am a Marketing and Sales Manager of a hotel and conference center undergoing liquidation) I have not had time to deal with this as fully as I would like but a fellow computer researcher and game reviewer told me about you all and how you saved the life of her computer so here i am, hopeful and eager to learn what I can.

So I suspect what I have is either a keylogger of some kind or a parasite or slave situation, and I am indeed woorried. I will be honestt, I dont think I can learn the techncial stuff I saw on glancing at the tutorials, I am a right brained artist type (http://www.christophergerlach.com) and frankly I am amazed that I have been able to over the past ten years learn to use and be somewhat familar with compys, but I am fearful of my ability to learn too much complex things. But I will try and do all i can if anyone can make some suggestions. I am also eager to see if there are some tools or programs you all know if that I can try to get this nasty thing out of my system with out borking the whole thing up.

I have tried a bunch of the anti virus cleaners as described above, but to opoerate my system as it is currently I had to delete ZoneAlarm I think it was called the free firewall the last tech installed, as it could not allow me to even get online ......so I am using the Windows Firewall now and AVG 7.5 but am on line not at all as I hate to see those green lights flashing with something in side my system that I do not konw what it is doing or to what or from who.

Any suggeiosnts eagerly watched for, I am back and forth trom home office to work office so i will check thie stread and the alterts to replies as I can, so thanks in advance for any suggestions or hlep, and I do have the DXDIAG of my system and i will get the exact list of the cleaners I tried if that is useful too. I am soewhat dislexic about names of things so I do not recall all the names right now. Thanks again and I am very glad you all are here. :trumpet: :inlove:

I am going to try SuperAntiSpy Ware program now as it looks pretty good from what is posted in this forum.

My system is an AMD Athion 3400 2.6 ghz~ 2.5 GB RAM, 400 GB Hard Drive, 2ZS Audigy Snd Card, 6600 GT Nvida Vid card, running Win XP Pro SP2.

Edited by CrisGer, 22 April 2007 - 08:14 PM.

Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin

BC AdBot (Login to Remove)

 


m

#2 CrisGer

CrisGer
  • Topic Starter

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:03:03 PM

Posted 22 April 2007 - 08:23 PM

Sorry for double posting, but i did a ful scan three times of my system wth SuperAntiSypware and got some results

The first scan found 40 threats:

2 memory Items
34 infected files
4 Items in the Regisry

they were:

Trojan Downloader MSNETAX 4 of them
Trojan Spam-RUCrzy 3
Browser Hijacker Apro9pos Media/PeopleOnPage 4
Adware Tracking Cookies 11
Adware Acoona 1
Trojan Loksy Variant 12
Trojan Downloader-WinCom32/RootKit 1
Trojan Rootkit-Windev/H 1
Trojan Downloader-Gen/Snuke 3

It quarantied and removed them all.

I scaned a second time right away and found:

Adwar Acoona 1
Trojan Downloader MSNETAX 2
Trojan Spam-RUcrzy 2

they were in these locations:

C:/CPO2915.NLS

and I think in the restore point files:

C:/SYSTEM VOLUME INFORMATION\_RESTORE (54BFCF64-7301-4988.A46

I was worried that the scans were not getting everytihng so I scanned again and fouind:

Trojan Spam-RUCrzy 2 in this location:

C:/CP2227.NLS

then i uninstalled SuperAntiVirus becasue it would freeze up my system when I booted up, until it could connect online, and I dont want to go online unless I really have to. anyway, my system now wont connect online at all.

Does anyone have any suggesiotns? I think there is something that is re spawing infected files, expecially the Trojan Spam-RUCrzy which keeps reappearing.

Any suggestions gratefuly welcomed. :thumbsup:
Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin

#3 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:04:03 PM

Posted 22 April 2007 - 09:00 PM

I suggest you post a HijackThis log for examination.
A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.

Once you post your log, don't make any changes to your system, as that could change the results of the posted log, making it more difficult to properly clean your system.

Read Preparation Guide for use before posting a HijackThis Log.
Please read, and follow, all directions carefully!!!

If the steps, prior to the posting of a HijackThis log don't eliminate the problem:

Run a log, and post it in the HijackThis forum, >at this link<.
Do not, post it in this topic.
Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response from the HJT Team, because they are very busy. Please, be patient, as these people are volunteers. They will help you, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.

If you haven't heard back from them in 5 days, go to this topic, Haven't Had A Reply In Five Days?, and carefully follow all directions.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#4 CrisGer

CrisGer
  • Topic Starter

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:03:03 PM

Posted 22 April 2007 - 09:13 PM

thanks a lot for the reply tg1911, thank you so much.

yes i am just studying how to do that log posting. I must download and install the programs to run from my office computer, as the infected computer now will not go on line, alas. I managed to get a lot of cleaning and testing done but it wont allow me to surf at all now. So I will do all i can using the downloadable programs and get the log asap. thanks a lot and much much appreciated.

:trumpet: :flowers: :inlove: :huh: :thumbsup:

I must confess I am afraid of what is going on in my computer with years of work at risk......especially the thought that some malware is connecting to the internet without my control or knowledge. It is a sad thing that people put their effort and energy intos such bad acts. I will do all i can to learn here and help with the process. thanks agian to all of you good good people. :huh:

Edited by CrisGer, 22 April 2007 - 09:15 PM.

Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin

#5 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:04:03 PM

Posted 22 April 2007 - 09:50 PM

You're welcome, CrisGer.
Good luck with your HJT log.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#6 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:03 PM

Posted 22 April 2007 - 10:47 PM

When you get your log posted, post the link back here and I'll see what I can do. :thumbsup:

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#7 CrisGer

CrisGer
  • Topic Starter

  • Members
  • 306 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Colorado and California
  • Local time:03:03 PM

Posted 23 April 2007 - 03:15 PM

Here is my HiJack This Thread:

http://www.bleepingcomputer.com/forums/ind...t=0#entry504997


OK, thanks PapaKid and TG1911, I ran all the tests and debuggers listed on the instructions for doing HijackThis, along with the Smithfraud Fixer which I found here too....now there is a new wrinkle, alas,
tho the last virus reports were completely clean.whcih was exciting

I am still getting BSOD on start up, two in a row first start up this AM ...

And the intenet connection is live but the Windows DNS wont activate and allow a connection something on the system itself, not the router....i called in a tech here, and he is trying to save my system but I want to post my log so you guys can see it.

I listed the bugs I found yesterday using SuperAntiVirus yesterday, which were interesting and with each scan most were treated and gotten rid of, with the exception of one that kept coming back. weird.

It is hard for me to get help if i cant log on, right now i have been running back and forth from work to home office with downloaded programs, and have made a valient effort to clean things up following the guidlines here....so i will post the log and put a link up here too in case anyone here has inspirations as to my sit. The tech said there were a bunch of configs changed in windows by something recently either the bugs or my cleaning efforts, the one that may have done some of that was the McFee registery cleaner listed here, but I really dont know, it did ask me if i wanted to clean the registery and i said Y......and the program never asked me to rebooot at the end, which was indicated it would in the tutorial ....ok, log next.
and thanks guys, even having responses has given me courage here :thumbsup:

Edited by CrisGer, 23 April 2007 - 03:43 PM.

Game Researcher and Designer
http://3dworldandgamedevelopers.blogspot.com//
Admin
3D Worlds and Game Developers Group Linkedin




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users