Win32.EliteKeylogger.30

Discussion in 'NOD32 version 2 Forum' started by duca bianco, Oct 6, 2006.

Thread Status:
Not open for further replies.
  1. duca bianco

    duca bianco Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    77
    Location:
    Italy
    Win32.EliteKeylogger.30 o_O do I have a guest in the compiuter, doesn't the nod32 notice him/it, do I have to worry me? thanks!:)

    report KAspersky.

    C:\System Volume Information\_restore{0721ECB1-9A97-4073-A913-0E5F80688C2A}\RP310\A0212497.exe/data0004 Infected: not-a-virus:Monitor.Win32.EliteKeylogger.30 skipped

    C:\System Volume Information\_restore{0721ECB1-9A97-4073-A913-0E5F80688C2A}\RP310\A0212497.exe/data0005 Infected: not-a-virus:Monitor.Win32.EliteKeylogger.30 skipped

    C:\System Volume Information\_restore{0721ECB1-9A97-4073-A913-0E5F80688C2A}\RP310\A0212497.exe/data0007 Infected: not-a-virus:Monitor.Win32.EliteKeylogger.30 skipped

    C:\System Volume Information\_restore{0721ECB1-9A97-4073-A913-0E5F80688C2A}\RP310\A0212497.exe/data0010 Infected: not-a-virus:Monitor.Win32.EliteKeylogger.30 skipped

    C:\System Volume Information\_restore{0721ECB1-9A97-4073-A913-0E5F80688C2A}\RP310\A0212497.exe NSIS: infected - 4 skipped
     
  2. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    It is a "legitimate" piece of software (see here). It's doubtful it got onto your PC unless you or someone you know installed it. From the log you provided it seems to be located in your System Restore folder, which you can empty by clearing out all previous restore points (turning System Restore off then back on).

    EDIT: I do think that NOD32 should have added detection for it, maybe under the "Potentially dangerous applications" defs.
     
  3. duca bianco

    duca bianco Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    77
    Location:
    Italy
    :cautious: thanks for the answer.Now memory of what he treats.
    The nod32 also with it potentially sprouts her/it on dangerous applications, it doesn't individualize anybody threat.o_O
    :)
     
  4. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    as Kaspersky said...it's "not-a-virus" and anyway it seems to be a legitimate software. I don't think ESET should add detection for it especially.
     
  5. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    They have detection for Advancedkeylogger (hxxp://mykeylogger.com) and that looks like a legit piece of software too. So maybe they should add this one :)
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi, someone tried to spy on u or u did urself!
    It is a rootkit. If it is already installed , ordinary scanners will never detect it.
    Pls run BlackLight rootkit scan and rootkit revealer.
    Also go to start> run> and write "runelitekeylogger" without commas, don,t click OK, just wait and see what pops up.
    BTW, it needs Admin account to be installed, are u the only one using Admin account on this PC?
    Pls see my thraed here in detail.( see post no. 10 and others)

    https://www.wilderssecurity.com/showthread.php?t=143853&highlight=Playing keyloggers

    I will wait for ur reply.
     
  7. duca bianco

    duca bianco Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    77
    Location:
    Italy
    I thank you for the attention.
    but this keylogger surely is not installed on the pc.o_O
    I have tried only to unload him/it but the setup has not

    departed never.
    Thanks still.
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I am not sure. What is the meaning of it,s exe file being present in system restore?
    Check ur system restore points as well. Also see ur firewall for any unknown process rules.
    I will be highly suspisious in this case. As this is a commercial software so u can,t suppose that it just came by chance or as a drive by download.
     
Thread Status:
Not open for further replies.