Is this a keylogger or something?

Discussion in 'privacy problems' started by caspian, Oct 16, 2009.

Thread Status:
Not open for further replies.
  1. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,334
    Location:
    Oz
    Can anyone tell me the best place to post a hijackthis log? I think I may have a keylogger or something. There are a few entries with a red X. Does anyone know what this means?

    http://i36.tinypic.com/2hyc7xk.jpg
     
  2. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,109
    Location:
    Saudi Arabia/ Pakistan
    Very starnge log, all I can say only.
     
  3. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    What software is that you're using? Looks like the software is just misinterpreting.


    I use Eset's Sysinspector here See if that reports anything suspicious (red entries). Posting results might get whacked though because the forum TOS.
     
  4. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    27,012
    Location:
    U.S.A.
    caspian, perhaps a review of this Wilders thread: If you are currently infected will point you in the right direction.

    Like Keyboard_Commando has stated, a HJT log posting here, not only would be immediately removed, but also close this thread, as per this Policy.
     
  5. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,334
    Location:
    Oz
    The scan that I used originally was Trend hijachthis and I ran it through hijackthis.de to get the report.

    I just ran the Eset Sysinspector. I found VSSVC.EXE in the Eset scan and it says that is is "Microsoft Volume Shadow Copy Service". I found netlogon.dll 102 and it says the internal name is Isass.exe and is a Microsoft product "Local security authority Process". I found a couple of the other ones and they also said Microsoft. I am pretty sure that I have run this same trend scan before and did not see any red X's. I wonder if I should just reinstall the OS?

    This computer is a HP Pavilion Vista 64 bit.
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,109
    Location:
    Saudi Arabia/ Pakistan
    May be problem with hijackthis.de. Can u re-try them?

    BTW why did u run HJT scan?
     
  7. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    I guess if you are running any virtualization products you could be getting reports of files running from places they shouldn't be - might explain this. But I'd still go with interpretation error of hijackthis.de. The reports given are somewhat generic.
     
  8. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,334
    Location:
    Oz
    Well I ran the eset scan that you recommended, Hitman Pro 3, F-Secure, Sophos, GMER and I can't find anything. Maybe it is just with the website hijackthis.de. But it says that the items are not operating from the location that they are suppose to be. I do have Returnil. But I get the same reading whether it is active or not. I also wonder if a Vista 64 bit OS is a little harder for hijackthis to analyze.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.