keylogger

04/25/2011 15:05 broksen#1

Hey,

just have 1 question : could it be a keylogger?

C:\Documents and Settings\x\AppData\winlogon.exe

This entry is not running from the System32 folder, so it is probably nasty.
Possibly nasty! According to our database this process runs normally in c:\windows\system32\! Check if you know this process and arrange a viruscheck where required. This process is not running from the System32 folder as it is supposed to be.

Scaned with hijackthis.

Asking cause someone tryed to log into my acc few hours ago, anyway he was too slow cause sent full g60/g65 bofed to my friend :) but anyway wanna do something with it.

04/25/2011 15:14 RunzelEier#2

yes that is malware

you should scan it with virustotal or check if the program connects to any server.

04/25/2011 15:18 broksen#3

how to check that?

[Only registered and activated users can see links. Click Here To Register...]

are these virus's dangerous?

04/25/2011 15:30 vairisleiboms#4

int or pserver?

04/25/2011 16:00 broksen#5

what do u mean? ofc am playing int

04/25/2011 17:00 Fremo.#6

virus

04/25/2011 18:57 broksen#7

- Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll

could it be keyloger?

scanned with virustotal and nothing found

04/25/2011 19:05 Ksystem13#8

Quote:

Originally Posted by broksen

- Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll

could it be keyloger?

scanned with virustotal and nothing found

Use this

[Only registered and activated users can see links. Click Here To Register...]

:D

04/25/2011 21:06 broksen#9

that spybot deleted my antivir cause he detected it as "keyloger protector" piece of shit, helpless

04/25/2011 22:15 Ksystem13#10

Quote:

Originally Posted by broksen

that spybot deleted my antivir cause he detected it as "keyloger protector" piece of shit, helpless

Then don't beg for help anymore oke?:rtfm:

04/25/2011 23:08 broksen#11

Ty Fr..ome for tutorial how to delete svchost with the Description with "VirtualDub blabla"

@up

I love u too

but cant understand 1 thing: deleted svchost from HKCU\Software\Microsoft\Windows\CurrentVersion\Run

but hijack this still say :
O4 - HKCU\..\Run: [svchost] C:\Documents and Settings\x\AppData\svchost.exe

Must be fixed! Added by the ZAPCHAS-V TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a

Edit: problem solved

ps. my pc never was cleaner :p