Question about Keyloggers?? (new here)

Discussion in 'malware problems & news' started by mydeadsea, Jul 25, 2011.

Thread Status:
Not open for further replies.
  1. mydeadsea

    mydeadsea Registered Member

    Joined:
    Jul 25, 2011
    Posts:
    13
    Hi,
    I apologize if this is the wrong section to ask this in. I'm brand new here and all this security lingo looks like Chinese to me, so I really have no clue where to ask this.

    I asked on a different site and got zero help.

    To make a long story less long, today a friend and I were on a messenger, sharing different smilies /emoticons with each other. I found a site with 'packages' of them that you had to download to access. I didnt want to download the package so I right clicked on the image I wanted and attempted to save it to my computer. Well it ended up saving an entire folder of images and what nots to my computer. I tried to delete it and it wouldnt let me, so I panicked and did a system restore.

    when system restore was complete and my computer turned back on, the first thing I saw was Kaspersky telling me that a keylogger had attempted access to my computer, and it was allowed. someone else on another site said it was fake and just a virus.. but that log is in my kaspersky.
    Heres what it looks like ..


    Detected suspicious behavior.

    [noparse]Time 7/25/2011
    Application:Unknown
    Object: kernel mode memory patch
    Reason: Action selected according to the settings.
    Result: Allowed:pDM.Keylogger[/noparse]



    what should I doo_O? o_O Its making me nervous and I feel like I cant do anything on that computer because I'm being spied on or something :(
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  3. mydeadsea

    mydeadsea Registered Member

    Joined:
    Jul 25, 2011
    Posts:
    13
    Thank you so much! I followed that step by step and now im running a full system scan again :) Will that get rid of it then?
     
  4. overangry

    overangry Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    309
    Follow the link given to you by Cundi, however I assume you haven't the ability to revert to an earlier snapshot(not Windows system restore).

    In that case if it were me, I would reformat my PC, do a fresh install of Windows.
    I would also have that feeling, something is left on my PC and I'm still in some way compromised.
     
  5. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    A disk image would've been far faster than reinstall, and just as clean (even more if you backed up MBR).
     
  6. mydeadsea

    mydeadsea Registered Member

    Joined:
    Jul 25, 2011
    Posts:
    13
    I followed those directions, but do you still think I'm in danger? I did another system restore before following those directions and after I did, I did another full computer scan and nothing popped up. The pc didnt come with a disc or anything so Im not sure how to revert back to user settings.. How would I find out if its still in my computer? I'm worried:/
     
  7. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    I would do a scan with some other Anti-Malware Scanners such as:

    SuperAntiSpyware Portable (Malware signatures are up-to-date at the time of download.):

    http://www.superantispyware.com/portablescanner.html

    Dr.Web Cureit (A full scan can take many hours to complete. Malware signatures are up-to-date at the time of download.):

    http://www.freedrweb.com/cureit/?lng=en

    Malwarebytes Anti-Malware (Requires installation and needs to be updated prior to running a full scan.):

    http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

    Hitman Pro (Very fast scan. Needs an active internet connection at the time of scan. If Malware is found you need to activate the free 30 day license to clean the Malware.):

    http://www.surfright.nl/en

    If the Malware blocks or in anyway prevents the proper scanning/cleaning of Malware with the above scanners, you may want to use a bootable Antivirus Rescue CD.

    A simple and fast Antivirus Rescue CD is the Avira Rescue System CD (The 1st download option shown is an exe which when you execute it will guide you through the CD burn process. The Malware signatures are near up-to-date at the time of download. If you have an internet connection, I would update the Malware signatures before scanning.):

    http://www.avira.com/en/support-download-avira-antivir-rescue-system

    Note: Restoring a "clean" Image would be a lot easier than the many hours of scanning/cleaning and still not knowing for sure if you have a "clean" PC.
     
    Last edited: Jul 26, 2011
  8. mydeadsea

    mydeadsea Registered Member

    Joined:
    Jul 25, 2011
    Posts:
    13
    alright, thanks! ....So, should I restore completely before I try any of those programs? Also.....how would I go about doing that?
     
  9. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    If you feel confident that the Windows Restore Point is not infected, then I would Restore first and then scan to be on the safe side.
     
  10. mydeadsea

    mydeadsea Registered Member

    Joined:
    Jul 25, 2011
    Posts:
    13
    Im fairly certain that nothing happened to my computer at the time I restored it to....Does that get rid of anything bad that might've been put into it? Also I downloaded and ran malware (malaware? ..whichever one it's called:doubt: ), and it said nothing was found, so... does that mean I'm safe or?

    One more thing, I did an entire computer search for 'keylogger' and something called keylogger.adv or something like that was found but it was found in kaspersky and it wont let me delete it .... Im not sure if it's a bad file or something that just comes with kaspersky?

    Thanks again for all the helpful answers.. sorry for being such a computer illiterate:blink:
     
  11. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Windows Restore is not like restoring an Image. Windows Restore when it makes a Restore Point it does not backup everything. In my opinion there could still be something (i.e., Rootkit) on the PC after a Windows Restore. After doing a Windows Restore, I would scan with at least two Anti-Malware type scanners.

    Scan with SuperAntiSpyware Portable and if it finds anything bad, do a Full Scan with Dr.Web Cureit.
     
  12. mydeadsea

    mydeadsea Registered Member

    Joined:
    Jul 25, 2011
    Posts:
    13
    er... what exactly does restoring an image mean? (I'm sorry.. I know how to turn a computer on and surf the web .....beyond that it's a mystery to me)
     
  13. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    My definition: An Image is a backup of either an entire hard drive or an hard drive partition including boot sector(s) and partition table(s). I usually only Image the used sectors of my Windows System Partition for space savings. I usually save the Image file to another hard drive, either internal hard drive or USB 2.0 hard drive. I sometimes save the Image file to DVD(s).

    Later if your hard drive gets infected, you can boot the PC (from CD) using the bootable Operating System provided by your Image Software company and then restore your saved Image from your backup hard drive or DVD(s).

    The following is a product description of the Image Software that I use.

    http://www.terabyteunlimited.com/image-for-windows.htm

    There are many other choices for Imaging Software. Also Windows 7 has a built-in Imaging Software and you can use Windows 7 to make a bootable Restore CD which will allow you to Restore your Image while Windows is not running.

    An Imaging Software won't help you clean your PC at this time since you have not been Imaging (have no saved "clean" Images) in the past. You should "routinely" Image at least your Windows System Partition in the future.

    For a freeware Imaging Software many people recommend Macrium Reflect Free.

    http://www.macrium.com/reflectfree.aspx
     
  14. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
  15. mydeadsea

    mydeadsea Registered Member

    Joined:
    Jul 25, 2011
    Posts:
    13
    aaaah alright.. Since I didnt do that to begin with , does that mean its too late? Also the particular keylogger I got, I read that kaspersky sometimes misdiagnoses it (the kernel so and so, whatever it's called) and that it's not dangerous. Not sure how much I believe that though.. But

    it's listed as 'inactive'

    I ran kaspersky AND malwarebytes and both arent finding anything ..... So .....what does that mean?
     
  16. constantine76

    constantine76 Registered Member

    Joined:
    Dec 18, 2010
    Posts:
    178
    You should still scan with what TheKid7 stated if your feeling jittery...might have a rootkit there. See below as posted.


    Or you can use GMER. Just my two cents. Goodluck!
     
  17. mydeadsea

    mydeadsea Registered Member

    Joined:
    Jul 25, 2011
    Posts:
    13
    alright i'll try that, thanks! :)
     
Loading...
Thread Status:
Not open for further replies.