Computer Hope

Software => Computer viruses and spyware => Topic started by: avant12 on October 05, 2008, 10:10:36 PM

Title: KL-Detector
Post by: avant12 on October 05, 2008, 10:10:36 PM

*

Title: Re: KL-Detector
Post by: Carbon Dudeoxide on October 05, 2008, 10:22:49 PM

I didn't find anything big, but if you are concerned, we can help you look for any malicious activity on your computer if you follow Steps 3, 4, and 6 here:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

Title: Re: KL-Detector
Post by: Carbon Dudeoxide on October 09, 2008, 02:42:05 AM

Go ahead and post them.

Title: Re: KL-Detector
Post by: evilfantasy on October 09, 2008, 10:42:34 AM

Run HJT again and select Do a system scan only then put a check in the following:

O20 - AppInit_DLLs: C:\Program Files\PermissionResearch\prai.dll

Close all windows except for HijackThis and then click Fix checked.

Exit HJT.

----------

This scanner requires Internet Explorer

Scan with the  BitDefender Online Scanner (http://www.bitdefender.com/scan8/ie.html)
Click I Agree to the license and then install the ActiveX control.
Please DO NOT change the Scanning Options.
That will make your logs huge and we don't need to see clean files.
Select Start Scan to begin.
This scan can take a while so please be patient and let it complete.

Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report

(http://i154.photobucket.com/albums/s258/evilfantasy69/Tutorials/bit.jpg)

This will save a file named bdscan.html I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later)
 
You will have to upload the file online. The forums will not accept HTML.

Upload the file to Savefile.com (http://savefile.com/upload.phpSelect/)
There is no need to Register
Select Browse and locate the file.
Fill in the Title, Description and security code then click Upload
Copy the link next to Your link to the file: and post the link back here.

Title: Re: KL-Detector
Post by: evilfantasy on October 10, 2008, 01:22:05 AM

No it do any harm if it's just left in the quarantine. It is safe there unless you restored it for some reason. You can empty the quarantine to get rid of it.

-----

Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link #2 (http://subs.geekstogo.com/ComboFix.exe)

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

Title: Re: KL-Detector
Post by: evilfantasy on October 11, 2008, 11:59:37 PM

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

• The above procedure will:
• Delete the following:
• ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

.
----------

How is everything now?

Title: Re: KL-Detector
Post by: evilfantasy on October 12, 2008, 02:21:18 PM

I haven't seen any evidence of a keylogger. BUT, the only way to know that there is no keylogger on a computer is to reformat and reinstall. They are not always easily detected by any means and are sometimes very hard to remove. Again though, I see no evidence of one.

To change military time to standard time

Go to Start > Control Panel > Regional and Language Options
Click the Customize button
Select the Time tab
In the Time Format area use the down arrow to select: h:mm:ss tt
Click Apply
Click OK
Click Apply
Click OK

Restart the computer.

Title: Re: KL-Detector
Post by: evilfantasy on October 12, 2008, 07:06:00 PM

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

• Go to Start > Programs > Accessories > System Tools and click System Restore
  
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
  
• Click OK
  
• Click the More Options Tab.
  
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html) or Windows Vista System Restore Guide  (http://www.bleepingcomputer.com/tutorials/tutorial143.html)
.
----------

Use the  Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
----------

Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.

----------

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

Concerned about Browser Security? Consider using Mozilla Firefox 3.0 (http://www.spreadfirefox.com/node&id=224248&t=324) with Adblock Plus (https://addons.mozilla.org/en-US/firefox/addon/1865) and NoScript (http://noscript.net/)

To prevent unknown applications from being installed on your computer install WinPatrol 2008 (http://www.winpatrol.com/winpatrol.html)
*  Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

I suggest using SiteAdvisor (http://www.siteadvisor.com/). SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.

 SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
*  (http://www.bleepingcomputer.com/tutorials/tutorial49.html)Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)

Check out  Keeping Yourself Safe On The Web (http://evilspages.blogspot.com/2008/05/keeping-yourself-safe-on-web.html) for tips and free tools to help keep you safe in the future.

Also see  Slow Computer? It May Not Be Malware (http://evilspages.blogspot.com/2008/05/slow-computer-it-may-not-be-malware.html) for free cleaning/maintenance tools to help keep your computer running smooth.