Keylogger? or false alert?

Discussion in 'privacy problems' started by Hakuna, May 23, 2006.

Thread Status:
Not open for further replies.
  1. Hakuna

    Hakuna Registered Member

    Joined:
    Dec 8, 2005
    Posts:
    11
    hello,


    BCG1.tmp, My Xoftspy recognize this as keylogger. Soo I remove it and logs as the BCG1.tmp has been remove but when I reboot my computer "OMG" still coming back. Just the same as I remove and reboot my PC again. I try to remove it manually but it say that another person or program using it. I try SAFEMODE but Xoftspy can't find it. I perform deep scan with my Kaspersky Anti-Virus but there isn't anything problem "can't find anything treats".

    Screenshot:
    hxxp://img458.imageshack.us/my.php?image=untitled13rf.png

    Appreciated any help!!


    THANK YOU
     

    Attached Files:

    Last edited by a moderator: May 23, 2006
  2. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
  3. Hakuna

    Hakuna Registered Member

    Joined:
    Dec 8, 2005
    Posts:
    11
    Appreciate your Help!!!

    I try your two software suggestion but Still coming back!!!
    OMG.. I try to email xoftspy but there's no response comes from them, Maybe I'll just wait.Maybe this is a false alert. I HOPE!

    THANK YOu
     
  4. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    It could just be a false alert but you still seem concerned so try this if you wish to continue.Purge the restore folder. For instructions on how to purge system restore click here http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

    Then Download Ewido http://www.ewido.net/en/download/ then set it up this way http://rstones12.geekstogo.com/ewidosetup.htm. Make sure you update it first.You will need this later in safe mode

    Please download ATF-Cleaner to your desktop from this link
    http://www.atribune.org/content/view/19/2/ You will need it later in safe mode

    Next, boot into safemode.

    Run Ewido and let it delete all that it finds.

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

    Reboot and download Hijack This here http://www.tomcoyote.org/hjt/ then place it into a folder of it's own, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.

    Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor here http://hijackthis.de/index.php?langselect=english.
    Any entries that are definitely nasties, Run Hijackthis again and select "Do a system scan only", place a check by these entries.Close all open windows and browsers, and hit "Fix Checked".


    This is a powerful tool that can crash your computer if used improperly so if your not sure, google the questionable results and if your still not sure, go here and see about posting your log.


    http://gladiator-antivirus.com/forum/index.php?showtopic=10517
     
  5. spindoctor

    spindoctor Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    83
    Is that really good advice to recommend using hijackthis.de? Most of the expert hijackthis log interpreters that I've talked to recommend avoiding that site and only rely on an expert (human) hijackthis log analyzer. I would never rely on any results I got from that site, all I get is a bunch of FPs.
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi, I jsut checked it. This site ofcourse is not for every one but I found it really very interesting and useful-- really nice work.
     
  7. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    spindoctor

    I understand your concern but that is why i say things like 'definitely nasties'- when you click on the gold stars and there are numerous replies all saying it's trouble.I also say 'if your not sure' and 'and if your still not sure'.This is a point of reference that helps shed some light on possible infections and is helpful but i still expect the user to use some common sense.It's not like i said "Any entries that don't have a green checkmark, REMOVE".
     
  8. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,798
    Location:
    Texas
  9. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    Look

    It's no biggie.I will resist offering that site in future help responces.And 'ronjor' i agree with that link.It can help but shouldn't be the only source of help.But it does also list true processes and legit malware.Anything questionable should be further investigated by the user.And 'aigle', here's another one for ya!.

    http://www.help2go.com/component/detective/
     
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks. This one less informative but practically seems much more grwon up and reliable than first one. I compared results of my system on both. Interesting work!
     
  11. Hakuna

    Hakuna Registered Member

    Joined:
    Dec 8, 2005
    Posts:
    11
  12. toxygene

    toxygene Registered Member

    Joined:
    Jun 3, 2006
    Posts:
    1
    im got the same problem and find decision. that is atwola.com temp files, they generated by advertising of your icq client or something else.. for fix that just type "127.0.0.1 ar.atwola.com" without quots in c:\windows\system32\drivers\etc\hosts for block it and for kill that run ZoneAlarm Anti-Spyware http://www.zonelabs.com/store/conte...amily.jsp?dc=12bms&ctry=&lang=en&lid=db_trial
    p.s. sorry for my english o_O
     
  13. cyclop

    cyclop Registered Member

    Joined:
    Jun 7, 2006
    Posts:
    1

    I have the same problem, youre solution work for a while, not with zone alarm, but kaspersky anti-hacker.
    when the system reboot it deleted the files,:mad: but the fff... file came back as BCGB.tmp.
     
Thread Status:
Not open for further replies.