I believe I have a keylogger virus on my PC - but NOD32 doesn't show anything: * My keyboard locks every 10 seconds for a period of 4 seconds; when released, all keystrokes are echoed, indicating that something is caching them. Mouse events are unaffected. * When typing in notepad (no other app running), Performance Monitor shows my CPU pegging out; goes to 0 when I stop typing. * When using a keylog detector (AKLT) - it sometimes is able to intercept keystrokes, sometimes not. When it is able to intercept keystrokes, it drops occasional keys - despite the fact that all keystrokes are being echoed (with 4 second pauses) on notepad. I'm using the original/standard keyboard driver that came with my system; I don't see any unusual procs running, or ports open; nothing unusual in config.sys, autoexec.bat or system.ini - however, the symptoms seem to indicate that a TSR-like keylogger is being chained into my system for 4 seconds every 10 seconds. Thoughts?
Hello and welcome to Wilders! Quick question, besides NOD32, have you scanned your system with anything else? NOD32 is an amazing product, but nothing catches 100% of baddies. You could try a scan with SuperAntispyware and/or SpySweeper (both have a 30 day free trial) and see if either catch anything that NOD may have missed. Run the scans in safe mode too. Something else you could try to do is run a HijackThis log and have someone analyze it for you to make sure you don't have anything malicious running. Wilders no longer does HijackThis Analysis, but there are quite a few places that do. I hate to turn you away from here, but this will at least give you another option. One place that is very good is CastleCops. Run a Hijackthis log and post it on the forum listed above and someone will be able to analyze it for you and tell you if you do, in fact, have something malicious running. It would be nice if you will give us an update as to what you find. HTH
Doesn't sound like a keylogger to me. Sounds like a bad keyboard or some corrput kernel or I/O drivers on your system. Is this keyboard wireless by chance?
Hello, Does the problem occur if you start the computer in Safe Mode? What about if you log in as a different user? Regards, Aryeh Goretsky
If you're savvy with the registry, you can try downloading a VB script from SilentRunners dot org. When you run it, it will list all of the programs that are starting up on your computer in a text file. Believe me, this is no simple program that shows the same things Windows does. It is the best thing that ever happened to me (for resolving suspicious computer activity at least).
"I got that too this week. Spybot found: SpyBoss one day SmartPCKeyLogger next day files: Memmand.vxd" I'm having this exact same thing happen. Ive rebooted and scanned 3 times and the first time SpyBoss was detected , the second time was ComputerMonitorKeylogger and the third time was SmartPCKeyogger. If you figure this out please post! Thanks!
I actually cant send the file memman.vxd because it was deleted the first time spybot detected spyboss on my computer. Then I rebooted and ran Spybot again and ComputerMonitorKeylogger showed up as a cookie. The third time I rebooted and ran spybot SmartPCKeylogger showed up in the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\WINDOWS\system32\memman.vxd If I look in C:\Windows\System32 directory though the file memman.vxd is no longer there. Also the third time the ComputerMonitorKeylogger showed up as a cookie again.