Wintective Key Logger

R

RobbW

Joined
Oct 15, 2003
Messages
2,988
I just ran "No Adware" anti-spyware and it claims to have found 5 "Wintective" Reg Key/Reg Values on my computer. I just ran Kaspersky Anti-virus, Kaspersky Fire Wall, Spy Bot and AdAware, all of which failed to find Wintective.

I checked the "Startup" portion of my "System Config Utility" and find I have two unnamed entries--the "Startup" and "Item" names are completely blank.

Am I likely to have an actual problem with a keylogger, or is this just "No Adware" trying to frighten me into purchasing "No Adware"? If it is a problem, how should I best remove it? Is it possible to investigate where the spying is taking place?

Thanks,
RobbW
 
No Adaware is a fraudulent spyware finder. Yields false positives to get you to buy other things.

See:
http://blogs.pcworld.com/staffblog/archives/000567.html


kldetector is a free key logger detector

Here's a download page for it

http://dewasoft.com/privacy/kldetector.htm

I've run the app, MaximumPC vouches for it, but I haven't had a logger for it detect. It won't remove it, but will notify you if it finds one.

One caveat, this tool only detects software keyloggers. Physical keyloggers between the keyboard and PC connection will not be detected this way, but are easy to look for visually.

Phil
 
Thanks, I'm testing KL-Detector right now. I'm on a laptop so a Keylogger between the keyboard and CPU isn't an option. I hope the test goes well.
 
Here is the result of KL-Detector, it found some suspicious activity to the following files:

"Below are some file operations that were done during the monitoring process.
Review them carefully and check for suspicious files.


"C:\WINDOWS\System32\CONFIG\SOFTWARE.LOG
was modified.

"C:\Documents and Settings\Rob\ntuser.dat.LOG
was modified.

"C:\Program Files\Spybot - Search & Destroy\Languages\English.sbl
was modified."





Is this irregular?




Here is the full report with lists of "issues":


KL-Detector has found a suspicious file:
C:\WINDOWS\System32\CONFIG\SYSTEM

Please check; someone might have installed a keylogger on your computer!


You MAY want to take a look at:
C:\Documents and Settings\Rob\Local Settings\Temporary Internet Files\Content.IE5\CX0XIN8L\
C:\Documents and Settings\Rob\Local Settings\Temporary Internet Files\Content.IE5\09QRWHMZ\
C:\Documents and Settings\Rob\Local Settings\Temporary Internet Files\Content.IE5\OTMJWPIN\
C:\Documents and Settings\Rob\Local Settings\Temporary Internet Files\Content.IE5\C5AJGLIZ\
C:\WINDOWS\System32\CONFIG\
C:\Documents and Settings\Rob\
C:\WINDOWS\Prefetch\




Thanks for your input, anyone that can help.
 
Sounds suspicious to me.

And I see I messed up on your spyware tool. I searched on no adaware which is bogus, not on no adware.

phil
 
Norton detects key loggers.
I visited the key logger site, and that little voice told me to not download the program.
I'll stick with Norton.
 
I ran Norton and Trend Micro, neither of which picked up any key loggers. I guess I think NoAdware was rigged, but I'm keeping my eye out for any irregularities.

Thanks all for your comments.

Robb
 
Robb , do this.
Go to http://www.ewido.net/en/ and do the free online scanner.
This doesnt put anything on your pc you do not want , other than virus/trojan definitions.
Once it is d/l then run it , it will find anything out of whack , get rid of all that it finds.
We use this extensivly at my work as do most of my "asociates" (sic) and it never fails , it is one of the few untilities that kills Spy Sheriff and etc.
Save that page and run it once a week , you dont need any other anti spyware other than maybe ad-aware or spybot.
I had a horrid trojan last summer , silly Norton couldnt even sneeze at , but this ewido tracked it down and killed it like a roach.
 
rebeltf:

I ran the scan you suggested. Curiously, the only malware ewido found was "NoAdware.webrebate"--meduim risk. Interesting. Thanks for the link.

Robb
 
You must log in or register to reply here.
Back
Top