explorer.exe taking screenshots

Discussion in 'malware problems & news' started by mr_28, Jul 1, 2013.

Thread Status:
Not open for further replies.
  1. mr_28

    mr_28 Registered Member

    Joined:
    Nov 23, 2011
    Posts:
    10
    Hello... I have this great concern spyshelter alerted me that explorer.exe is making screenshots and it automatically allows it to do so. The explorer is in windows folder and i scanned it in virustotal and it was not detected by any scanners ~VT link removed per forum policy~ The hash of the file is BDEEC76823F763883C14CEEB3C231C5773198275 Spyshelter says it's not a signed file, virustotal says it's a signed file. This file is a finnish version of the explorer.exe. Virustotal gives this warning about the file "Warning
    Possibly corrupt Version resource" I dont know what that means...

    I have the following security programs running in my computer super antispyware pro, spyshelter premium, f-prot antivirus, look n stop firewall and i also have hitman pro which i use to scan my computer about once a week but none of the scanners i have used did not find any malware. Is this normal or not? Thanks for your kind replies! :)
     
    Last edited by a moderator: Jul 1, 2013
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
  3. mr_28

    mr_28 Registered Member

    Joined:
    Nov 23, 2011
    Posts:
    10
    Thanks for the reply. I sent a message to the support... I hope to get some information about this matter. *puppy*
     
  4. mr_28

    mr_28 Registered Member

    Joined:
    Nov 23, 2011
    Posts:
    10
    another thing today happened. I downloaded the bitlord program which is used to download those torrent files and there is in taskbar or systray or whatever the small bitlord icon and when i right clicked it to get the small pop-up menu spyshelter alerted me about the bitlord program for keylogging and screencapturing...
     
  5. mr_28

    mr_28 Registered Member

    Joined:
    Nov 23, 2011
    Posts:
    10
    So i used injected dll from nirsoft to see what dll files are injected to every process and it found these...

    [img=http://s17.postimg.org/x68n29um3/injecteddll.jpg]

    When i speculate in my head about the possibility of keylogger in my computer the only change i see is by some dll file. Are those dll files normal? Thanks! :)
     
Loading...
Thread Status:
Not open for further replies.