Keylogger Virus

furryboo · 06-06-2006

Hi there,
I wonder if you can help. I exe'ed a file and it contained a keylogger virus that hides me system 32 folder in windows. I have used NOD32 and if find's the virus but states it cannot delete it because it is in operator memory. I changed me virus checker to kaspersky but that will not find it. Can anyone help me out please?

Thanks you

Da_Boo

Zimbo · 06-06-2006

Hey there furryboo,

Try booting into safemode and then running your antivirus software, the virus shouldn't be activated when in safemode.

Do you know the name of the virus/keylogger?

joe5 · 06-07-2006

See if this gets youre system32 folder to show again:

Go to start/run/cmd and type/copy: attrib c:\Windows\system32 -a -h -r -s and press enter.

If that doesn't work , and if youre AV still cant remove the keylogger then please follow the instructions in the "prework" link below in my sig , and post back with the 2 resulting log files.

furryboo · 06-07-2006

Cheers peeps for the help so far.

When I type that in it does bring back system 32 folder but when I reboot back in to windows it disappears again. I have tried virus checker in windows and in safemode......still happens.

Cheers

Da_Boo

furryboo · 06-08-2006

Problem as first post.

Cheers

Da_Boo

joe5 · 06-10-2006

Hya Furryboo.

Looks like Spysweeper has gotten rid of the keylogger.

But i dont see a firewall running on youre pc , it is recommended to have one running to be better protected. Have a look in our download section for some free firewalls if needed.

Does the system32 folder stay visible now? And if yes , do you still have any other problems?

If not , or if you still have other problems , then do a Panda active scan here:

http://www.pandasoftware.com/products/activescan

And post the log from it when done please.

furryboo · 06-11-2006

Please see attached fiel and help.

Thank you

Da_Boo

06-06-2006	#1
furryboo Bronze Member Join Date: Mar 2006 Posts: 42	Keylogger Virus Hi there, I wonder if you can help. I exe'ed a file and it contained a keylogger virus that hides me system 32 folder in windows. I have used NOD32 and if find's the virus but states it cannot delete it because it is in operator memory. I changed me virus checker to kaspersky but that will not find it. Can anyone help me out please? Thanks you Da_Boo

06-06-2006	#2
Zimbo Friend of PCHF Join Date: Sep 2004 Location: Right here ! Posts: 2,148	Hey there furryboo, Try booting into safemode and then running your antivirus software, the virus shouldn't be activated when in safemode. Do you know the name of the virus/keylogger? __________________ - PCHF Rules - PCHF Staff - Join the Team - Prework - Protect your PC - Tools - Inside your PC - Bootdisk.com Last edited by Zimbo; 06-06-2006 at 08:13 AM.

06-07-2006	#3
joe5 Elite Member Join Date: Jun 2005 Location: Netherlands Posts: 9,021	See if this gets youre system32 folder to show again: Go to start/run/cmd and type/copy: attrib c:\Windows\system32 -a -h -r -s and press enter. If that doesn't work , and if youre AV still cant remove the keylogger then please follow the instructions in the "prework" link below in my sig , and post back with the 2 resulting log files. __________________ - PCHF Team. - (NL) - Mal-ware Eradicator! - - Online AV Scans - HijackThis! - Bootdisk.com - ATF-Cleaner - Stinger - 'Prework' - 'Afterwork' - PCHF Rules - Donate to PCHF. And get>

06-10-2006	#6
joe5 Elite Member Join Date: Jun 2005 Location: Netherlands Posts: 9,021	Hya Furryboo. Looks like Spysweeper has gotten rid of the keylogger. But i dont see a firewall running on youre pc , it is recommended to have one running to be better protected. Have a look in our download section for some free firewalls if needed. Does the system32 folder stay visible now? And if yes , do you still have any other problems? If not , or if you still have other problems , then do a Panda active scan here: http://www.pandasoftware.com/products/activescan And post the log from it when done please. __________________ - PCHF Team. - (NL) - Mal-ware Eradicator! - - Online AV Scans - HijackThis! - Bootdisk.com - ATF-Cleaner - Stinger - 'Prework' - 'Afterwork' - PCHF Rules - Donate to PCHF. And get>

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode