Klez variation F&B keylogger

Discussion in 'malware problems & news' started by greenzooey, Jan 14, 2007.

Thread Status:
Not open for further replies.
  1. greenzooey

    greenzooey Registered Member

    Jan 14, 2007
    anybody know about klez?

    here's what's up... caught a nasty strand of klez. it rounded up all my everything, but mostly gaming data. it created its own msgs (primitive message system) that only sends data. it locks regedit through the run>regedit . you can still access your regedit through clicking on the icon inside your computer. that doesn't matter though because the root keys are created and hidden. it uses admin features to block your use of regedit / msconfig / and the like. i dug a bunch of them out, but couldn't resolve the issues. i had to format. i am pretty sure that i caught it through either a p2p or most likely clicking on a y! messenger message. if you recieve a strange message on ANY messenger you use with a link, DO NOT CLICK ON IT. it will be from one of your friends as when you click on it, it sends the message through your address book in an IM. so, if you get a strange message with a link , message your friend back and ask them... did you just send me a message with a link? if they don't respond, or respond and say "NO" , then tell them they are infected and it's spreading through their messenger address book. tell them also that it is because they clicked on a link. this is the method of spreading. from there you are being monitored , backdoor style, and data files are being sent to where ever it is sending them through the msgs it creates. typical klez extraction tools b , f , and all the rest are rendered inert due to the lock down of regedit etc. just giving you a heads up and trying to find out if anybody else has seen this variation of klez. also found data files , possibly logging my keystrokes, and stealing passwords. it behaves as a cross between b and f and has hidden root keys. the keys can be identified with mcafee root kit. also it is identified through on-line scanners like house call. i'm calling it SUPER KLEZ. it's a nasty one. couldn't kill it , had to format. if you catch it , remember to change your passwords after you have either formatted your hard drive, or otherwise removed it.

    most interesting too was that when i killed the msgs that it had created, the data files began to build up as they could not be sent. this created more hidden keys. it would even ring them, as in "you've got mail" , when i came on-line through the msgs it made. how clever was that ? they had been inside my machine for at least two weeks without me knowing. i feel violated!

    lol... they alien probed me. hit me up with an email if you have experienced this sort of monster. greenzooey at yahoo.com
    Last edited by a moderator: Jan 14, 2007
Thread Status:
Not open for further replies.