Is this a keylogger or something?

Discussion in 'privacy problems' started by caspian, Oct 16, 2009.

Thread Status:
Not open for further replies.
  1. caspian
    Offline

    caspian Registered Member

    Can anyone tell me the best place to post a hijackthis log? I think I may have a keylogger or something. There are a few entries with a red X. Does anyone know what this means?

    http://i36.tinypic.com/2hyc7xk.jpg
  2. aigle
    Offline

    aigle Registered Member

    Very starnge log, all I can say only.
  3. Keyboard_Commando
    Offline

    Keyboard_Commando Registered Member

    What software is that you're using? Looks like the software is just misinterpreting.


    I use Eset's Sysinspector here See if that reports anything suspicious (red entries). Posting results might get whacked though because the forum TOS.
  4. JRViejo
    Offline

    JRViejo Global Moderator

    caspian, perhaps a review of this Wilders thread: If you are currently infected will point you in the right direction.

    Like Keyboard_Commando has stated, a HJT log posting here, not only would be immediately removed, but also close this thread, as per this Policy.
  5. caspian
    Offline

    caspian Registered Member

    The scan that I used originally was Trend hijachthis and I ran it through hijackthis.de to get the report.

    I just ran the Eset Sysinspector. I found VSSVC.EXE in the Eset scan and it says that is is "Microsoft Volume Shadow Copy Service". I found netlogon.dll 102 and it says the internal name is Isass.exe and is a Microsoft product "Local security authority Process". I found a couple of the other ones and they also said Microsoft. I am pretty sure that I have run this same trend scan before and did not see any red X's. I wonder if I should just reinstall the OS?

    This computer is a HP Pavilion Vista 64 bit.
  6. aigle
    Offline

    aigle Registered Member

    May be problem with hijackthis.de. Can u re-try them?

    BTW why did u run HJT scan?
  7. Keyboard_Commando
    Offline

    Keyboard_Commando Registered Member

    I guess if you are running any virtualization products you could be getting reports of files running from places they shouldn't be - might explain this. But I'd still go with interpretation error of hijackthis.de. The reports given are somewhat generic.
  8. caspian
    Offline

    caspian Registered Member

    Well I ran the eset scan that you recommended, Hitman Pro 3, F-Secure, Sophos, GMER and I can't find anything. Maybe it is just with the website hijackthis.de. But it says that the items are not operating from the location that they are suppose to be. I do have Returnil. But I get the same reading whether it is active or not. I also wonder if a Vista 64 bit OS is a little harder for hijackthis to analyze.
Thread Status:
Not open for further replies.