Keylogger Detected - HJT included

By TimeParadoX
Mar 6, 2008
  1. I was downloading a file from Xfire and Avast! detected a Keylogger, I deleted the file and disconnected from my internet, ran all the anti-virus programs I have and nothing was found. I ran HJT and found a few odd things that I haven't seen before, so I was wondering if anyone can check it and see if it's a bad file or not.
  2. kritius

    kritius TS Guru Posts: 2,084

    Where these the entries?

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O20 - AppInit_DLLs:

    Think it might be worth your while downloading the three tools in the Viruses/Spyware/Malware, preliminary removal instructions and run them.

    Also you should maybe do a Panda antirootkit scan.

    Nice short log by the way.
  3. TimeParadoX

    TimeParadoX TS Rookie Topic Starter Posts: 2,273

    I don't know where they are, They recently appeared since I've never seen them in my log ( I did one about 3 days ago )

    I've downloaded and tried the three tools from the guide, I've also ran a Antirootkit scan. Also thanks for the compliment on my log, I use to have about 12 entities but now I have alot more. :D
  4. kritius

    kritius TS Guru Posts: 2,084

    Maybe just run combofix and post a log, just to be sure. You could also maybe have HJT fix those two entries, the first one should definitely be ok.

    I would possibly wait and see if Blind Dragon or Momok could have a look at the logs just to be sure.

    Are you having any other problems?

    about the log, yours had 4815 bytes, I saw somebodys recently with over 20000, I think they had their entire computer running at once and evry virus you could think of!!
  5. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    You can Launch Hijackthis and Select Do a System Scan only and check these

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O20 - AppInit_DLLs:

    Select fix checked

    Also I didn't notice a firewall running

    If you want to run combofix and attach the log I would be happy to take a look

    • Download Combofix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • Type "1" (and Enter) to start the fix.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt
  6. TimeParadoX

    TimeParadoX TS Rookie Topic Starter Posts: 2,273

    Here is my ComboFix log, I reinstalled Comodo Firewall, I uninstalled it before I reformatted.

    Attached Files:

  7. TimeParadoX

    TimeParadoX TS Rookie Topic Starter Posts: 2,273

  8. kritius

    kritius TS Guru Posts: 2,084

    hey TimeParadoX ,

    Sorry about the no reply, its been pretty busy round here.

    I cant read ComboFix logs so we'll have to wait for someone who can, have you tried messaging Momok?
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...