[Guide] About keyloggers

Greysky · 06/09/2010, 14:05

nice ty <333333

.Faez · 06/09/2010, 14:28

i´ve got slow internet too but i dont think its i keylogger cuz its longer time.Maybe1 week before and no account of me is hacked.What should i do to make it faster??

Forfirith · 06/09/2010, 15:16

Quote:

Originally Posted by zwerg2311

i´ve got slow internet too but i dont think its i keylogger cuz its longer time.Maybe1 week before and no account of me is hacked.What should i do to make it faster??

1st of all, run your av, you might have older virus in ur pc;
2nd stop any background programs that might be stealing ur bandwidth (ex.: torrent);
3rd if you use a router/firewall, open ports/allow for your programs (ex.:browser, games, dl programs...);
4th If all else fails, contact ur isp.

Nicolias · 06/09/2010, 18:56

I can not delete or disable the autorun svechost.exe. when you try to delete the process, a blue screen and the computer is turned off. Help me.

used the program CCleaner - not helped

Nicolias · 06/09/2010, 18:59

Effects of the virus: shutdown computer a blue screen, during the work can turn on the camera.
Notebook

kingbugy · 06/09/2010, 20:55

thx
thats good for people who dont now that
you become a thanks from me
ps : if you think iam one of the people who dont now that
i now that ok^^

Teiva · 06/09/2010, 21:10

alemenos deja Creditos a la gente que te ayuda

y te da consejos sobre programas que dejar bro! un consejo para no te insulten o te dejen mala onda

. Acuerdate de eso!.

ero-Z · 06/09/2010, 22:28

Quote:

Originally Posted by Teiva

alemenos deja Creditos a la gente que te ayuda y te da consejos sobre programas que dejar bro! un consejo para no te insulten o te dejen mala onda . Acuerdate de eso!.

Jajaja nose de que gente me hablas o.o ¿Quieres creditos o algo? XD

Quote:

Originally Posted by Nicolias

I can not delete or disable the autorun svechost.exe. when you try to delete the process, a blue screen and the computer is turned off. Help me.

used the program CCleaner - not helped

First, confirm that is "svechost.exe", don't forget that "svchost.exe" is a process of the system!

zǝro · 06/09/2010, 22:59

Quote:

Originally Posted by ero-Z

Jajaja nose de que gente me hablas o.o ¿Quieres creditos o algo? XD

First, confirm that is "svechost.exe", don't forget that "svchost.exe" is a process of the system!

Hmm problem.
Look This.

If i close this, my pc crash and restart.

ero-Z · 06/09/2010, 23:08

Quote:

Originally Posted by Manack

Hmm problem.
Look This.

If i close this, my pc crash and restart.

It look's bad, it's started by your user and the icon... (XD), follow the steps, you have to delete his runkey! (CCleaner/Regedit way)

Teiva · 06/10/2010, 06:55

Quote:

Originally Posted by ero-Z

Jajaja nose de que gente me hablas o.o ¿Quieres creditos o algo? xD

Mira sobre el spybot search and destroy te deje yo el comentario para que lo dejaras no me des creditos por el aporte pero normalmente eso se hace no se si entiendes. Igualemente era otro consejo de parte mia hacia ti!. Con todo respeto!. Abrasos bro...

zkxero · 06/10/2010, 12:09

very good information..

ero-Z · 06/10/2010, 15:48

Quote:

Originally Posted by Teiva

Mira sobre el spybot search and destroy te deje yo el comentario para que lo dejaras no me des creditos por el aporte pero normalmente eso se hace no se si entiendes. Igualemente era otro consejo de parte mia hacia ti!. Con todo respeto!. Abrasos bro...

Bueno, si tienes razon, no habia leido tu post, de todas maneras el programa me lo paso _Alastor_ pero os dare thanks a los dos

FichteFoll · 06/10/2010, 16:50

Quote:

Originally Posted by kit2

svchost.exe is being run by SYSTEM not by an USER. I logged on in my pc with 2 acc apart from my admin acc, but still svchost.exe is there which is being running by SYSTEM

NOT Always. Many Keyloggers/Trojans try to immitate the svchost themselves.
To give you some orientation:

What I've marked:
1. This is usually started with windows.
2. This is extra-information on which you can identify the serviceHost. As I highlighted, this is a SERVICE-process from windows. So it has to be found inside the services.exe.
3. For more information you can look at the "Company Name" Tab or the "Path" (you can enable them manually). It's selfexplaining I think.
4. These 2 (and the explorer.exe) are also started from windows... and actually the last in the list (sort).
Any process AFTER them with a name like "csrrss.exe", "svchost.exe" or another version is obviously malware!

There also shouldn't be a "svchost.exe" here:

Look at the Tooltip for this example. This is the sidebar in Windows 7, but otherwise there shouldn't be stuff from Windows here, cuz it's lauchned from somewhere else.

After that you can try the stuff in the first post. If you can't kill them or delete them from autostart (it also starts after you've deleted it), run Windows in "save mode" and delete the file itself, after checking the its path.

@Zero (ero-Z is too time-wasting to type it all again ;P): You could add this to your 1. post, I'm too lazy atm.

€dit @ Manack: Username ftw ;f
No, try it like above and run in "Abgesicherter Modus".

ero-Z · 06/10/2010, 17:24

Quote:

Originally Posted by FichteFoll

@Zero (ero-Z is too time-wasting to type it all again ;P): You could add this to your 1. post, I'm too lazy atm.

Yeah, of course!

Anyways you can run an executable with SYSTEM user, so you have to follow these steps to know if it is a real service by SYSTEM.

I was bored XD (Alastor taught me this funny trick xD)