Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kl-detector Found This


  • Please log in to reply
1 reply to this topic

#1 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:10:12 PM

Posted 31 May 2007 - 07:29 PM

In another thread, boopme gave a link to KL-Detector for keyloggers.

Out of curiousity I decided to run it and it found the following:

KL-Detector has found a suspicious file:
C:\WINDOWS\Internet Logs\IAMDB.RDB

Please check; someone might have installed a keylogger on your computer!

You MAY want to take a look at:
C:\WINDOWS\Internet Logs\
C:\WINDOWS\system32\config\


The full report is

Below are some file operations that were done during the monitoring process.
Review them carefully and check for suspicious files.


C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.

C:\WINDOWS\Internet Logs
was modified.

C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.

C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf
was modified.

C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf
was modified.

C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.

C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.

C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.

C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.

C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.

C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.

C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.

C:\WINDOWS\system32\config\default.LOG
was modified.

C:\WINDOWS\system32\config\default.LOG
was modified.

C:\WINDOWS\Internet Logs\tvDebug.log
was modified.

C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.

C:\WINDOWS\system32\config\default.LOG
was modified.

C:\WINDOWS\system32\config\default.LOG
was modified.

C:\WINDOWS\system32\config\default.LOG
was modified.

C:\WINDOWS\system32\config\default.LOG
was modified.

C:\WINDOWS\system32\config\default.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\Internet Logs\EVIE.ldb
was modified.

C:\WINDOWS\Internet Logs\EVIE.ldb
was modified.

C:\WINDOWS\Internet Logs\ZALog.txt
was modified.

C:\WINDOWS\Internet Logs\fwpktlog.txt
was modified.

C:\WINDOWS\system32\config\default.LOG
was modified.

C:\WINDOWS\system32\config\default.LOG
was modified.

C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.

C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.

C:\WINDOWS\Internet Logs\EVIE.ldb
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\software.LOG
was modified.

C:\WINDOWS\system32\config\default.LOG
was modified.

C:\WINDOWS\system32\config\default.LOG
was modified.

C:\WINDOWS\system32\config\default.LOG
was modified.

C:\WINDOWS\system32\config\default.LOG
was modified.

C:\WINDOWS\Internet Logs\IAMDB.RDB
was modified.


Notice it says look at and review. What should I be looking for? I'm totally clueless on this one.
Nothing new has been installed on my computer, I'm careful about opening email attachments, I scan often with anti-virus, Spybot, etc.

If a HJT log is needed, let me know and I'll post one.

Right now, I'm going to start running all my "keep the computer clean and healthy" tools.

PS-if this isn't the correct forum for this, please move it to the appropriate place.

Edited by Queen-Evie, 31 May 2007 - 07:31 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:12 PM

Posted 31 May 2007 - 07:43 PM

"Iamdb.rdb file is where the user settings of ZA is stored. Backup.rdb is just a backup of the Iamdb file in case it goes missing for funny reasons. If you look at posts where we have asked users to reset their database due to corruption, you will see us telling them to delete these two files.

In the EULA, ZL relies on information from users to help them set priorites and aid them in the analaysis of many programs out there on the net for their SmartDefence Advisor database. The main thing collected is the permissions people give their programs (Indirectly related to the iamdb.rdb file). Knowing what are the most common programs users have will allow ZL to prioritise which program needs analysis first and the permissions people give can give an idea to Zone labs on whether the program is malicious or not. ZL does not collect people's personal information or surfing behaviour
http://www.helpscreen.com.au/index.php?msg...86363&cid=1
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users