HELP.. suspected keylogger!

Discussion in 'malware problems & news' started by mikew3456, Apr 18, 2007.

Thread Status:
Not open for further replies.
  1. mikew3456

    mikew3456 Registered Member

    Apr 18, 2007
    i downloaded a program StarsBuddy which is a buddy list program for a poker site that i play on. there have been many hacks on poker accounts and money has been stolen. i cant believe i didnt think of that before installing this program, but i didnt.

    i normally run as a limited user account, and install programs as admin. so i installed this as admin. because of this, i dont use real time antivirus. dont know if it wouldve caught this anyway. so im playing poker and using this program, and browsing the internet. then comodo firewall gives me this popup

    i use SnoopFree and it didnt give me any popup warning about keylogger but i want to be safe and remove this program completely. i rebooted immediately, and i cant seem to find if Buddy.exe is running in the background, or if its EventHandler.dll is running either.

    how do i see which dlls are hooked in the background and running? how do i completely remove this from my system and all traces of it? i have the sysinternals suite of programs but dont really know how to use Process Monitor and those. any help or guidance is appreciated
  2. nadirah

    nadirah Registered Member

    Oct 14, 2003
    In Sysinternals process explorer, click on explorer.exe in the list of running processes, and look at the 2nd column below, it will show all DLLs which are currently loaded in the explorer.exe process.

    You can also use DCS's APM tool to search for EventHandler.dll inside explorer.exe
    Download it from here:
  3. ASpace

    ASpace Guest

    You can perform scan with antivirus software .

    When you find the DLL , send both Buddy.exe and EventHandler.dll to VirusTotal

    and block it with Comodo until you find out what it is . Generally speaking it sound suspicious and I personally don't know of a "free" poker site :thumb:
  4. kjempen

    kjempen Registered Member

    May 6, 2004
    The same issue has been discussed in this forum, and there's a response from one of the developers (I think).
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.