TechSpot

Am I infected with a keylogger?

By Frogshark40
Aug 9, 2008
Topic Status:
Not open for further replies.
  1. I believe I am personally, I play a game where alot of nerds attempt to hack you for personal gain and I think I may of got hit. I go to a site that has to do with glitches and stuff for the game, incase that may be a factor.

    www.ezud.com <---Don't click, just saying thats the site.

    Here is the HJT log.

    I use a program called ProxyFirewall & Vadilia, but for nothing bad, just friends ban me from their ventrilo servers for a good laugh and I use it to somehow give myself a new identity and able to connect.

    I also use a BNC service for a IRC server irc.swiftirc.net if that may be something, but I heard they are pretty reliable.
  2. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      [b] C:\Windows\system32\cssdll32.dll [/b]
    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  3. Frogshark40

    Frogshark40 TS Rookie Topic Starter Posts: 49

    DllUnregisterServer procedure not found in C:\Windows\system32\cssdll32.dll
    C:\Windows\system32\cssdll32.dll NOT unregistered.
    C:\Windows\system32\cssdll32.dll moved successfully.

    OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08092008_164451

    Sorry for the delay, had to do something. So what is a hook and how does it effect me?
  4. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    can you post a fresh hijackthis, What we removed was a backdoor trojan
  5. Frogshark40

    Frogshark40 TS Rookie Topic Starter Posts: 49

    So this trojan was able to record keystrokes/mouse strokes/clicks? (There is a PIN you can set in this game to access your bank and you have to click the numbers.

    And was this trojan what screwed me over?
  6. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    start HijackThis and then click on the Config button. Then click on the Misc Tools button and finally click on the ADS Spy button. Press the Scan button and the program will start to scan your Windows folder for any files that are Alternate Data Streams now click on the save log and attach it to your next reply
  7. Frogshark40

    Frogshark40 TS Rookie Topic Starter Posts: 49

    [​IMG]

    Didn't know if thats supposed to happen, but those are my results.
  8. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    do not check quick scan
  9. Frogshark40

    Frogshark40 TS Rookie Topic Starter Posts: 49

    The 2 mp3 & WAV, I used Audacity to record a song and a ventrilo conversation, I don't know why there there.
  10. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    nothing bad there can you run the tool below

    Please download Deckard's System Scanner (DSS) and save it to your Desktop.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
  11. Frogshark40

    Frogshark40 TS Rookie Topic Starter Posts: 49

    Alot of firewall popups. >_> Had to switch to installation mode.

    /Edit, your DSS link is broken. Had to Google a download.
     
  12. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    First you have 2 firewalls software installed you need to remove one either norton or comodo if you remove norton it will take out the AV and AS


    FW: COMODO Firewall Pro v3.0 (COMODO)
    FW: Norton Internet Security v2007 (Symantec Corporation)
    AV: Norton Internet Security v2007 (Symantec Corporation) Outdated
    AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
    AS: Norton Internet Security v2007 (Symantec Corporation) Outdated
  13. Frogshark40

    Frogshark40 TS Rookie Topic Starter Posts: 49

    Norton wants me to buy the full version, which I'm not going to do, so I'll stick with COMODO. How do I remove the other one successfully?

    Also, am I safe to change my passwords and stuff so this trojan can't log my keystrokes?
  14. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    use the tool below then for anti virus install avira you can get it by clicking on my sig it is the last one

    Norton Removal

    • Download Norton Removal to your desktop
    • Run the Uninstaller
    • Reboot computer
  15. Frogshark40

    Frogshark40 TS Rookie Topic Starter Posts: 49

    Ok, so after I remove Norton, I can still keep COMODO? And then I get Avira.

    Now am I safe from this trojan?
  16. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    You should be how is your computer running
  17. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    please run this tool to make sure there are no trojans

    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version. Then reboot into safe mode by rebooting then start tapping the F8 key you will get the advance option select safe mode then load run the program
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  18. Frogshark40

    Frogshark40 TS Rookie Topic Starter Posts: 49

    Malwarebytes' Anti-Malware 1.20
    Database version: 930
    Windows 6.0.6000

    7:18:51 PM 8/11/2008
    mbam-log-8-11-2008 (19-18-51).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 140799
    Time elapsed: 45 minute(s), 35 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  19. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    ok looks good I will post cleanup instructions later today
  20. Frogshark40

    Frogshark40 TS Rookie Topic Starter Posts: 49

    So, I'm safe then hopefully...
  21. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    looks like it do you notice anything wired or is it running fine I still need to post the clean up
  22. Frogshark40

    Frogshark40 TS Rookie Topic Starter Posts: 49

    I mean its running fine, it always has been running fine its just I got hacked in this game, I havent noticed them log in it anymore, but that may be because they cleaned me out and didnt think twice about it.
  23. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,214

    how do you know you got hacked and which game
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.