PDA

View Full Version : Trojan Keylogger.


remote91
02-11-08, 02:20
I keep getting this message.
http://i34.************/1g3eja.jpg
Basically, how do I get rid of it?!

Jeet
02-11-08, 03:52
Guess It Tell You To Buy Personal Defender 2009 Right?

Download & Post The Result Here Buddy,

http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

And You May Try This Automated Script Software To Delete This Virus, If It Unable To Delete It Reply Me Here...

http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe

EscondeR
02-11-08, 08:43
Run ARDiag.exe (http://www.tombraiderhub.com/download/ardiag.exe) and post the report here. We'll tell you what processes to remove.

3Jane
02-11-08, 09:57
Also worth trying Spyware Doctor . It's payware but worth it.

Jeet
02-11-08, 09:58
Avast! Antivirus + Spyware Terminator (Free)
Kaspersky Internet Security 2009 (For Rich Folks :p)

remote91
02-11-08, 13:38
Copy the following text and paste it to your report AS IS!!!

---------------------------------------------------------------
AutoRuns Diagnostics for TRF v 0.5 Developed by EscondeR
---------------------------------------------------------------



Program:
"Provides the interface to Apple mobile devices."
Publisher:
"(Verified) Apple Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Apple Mobile Device
Program path & name:
"c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe"
Enabled: [V]


Program:
"Bonjour allows applications like iTunes and Safari to advertise and discover services on the local network. Having Bonjour running enables you to connect to hardware devices like Apple TV and software services like iTunes sharing and AirTunes. If you disable Bonjour
Publisher:
any network service that explicitly depends on it will fail to start."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Bonjour Service
Program path & name:
"(Verified) Apple Inc.""c:\program files\bonjour\mdnsresponder.exe"
Enabled: [V]


Program:
"Service of ConfigFree."
Publisher:
"(Not verified) TOSHIBA CORPORATION"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
CFSvcs
Program path & name:
"c:\program files\toshiba\configfree\cfsvcs.exe"
Enabled: [V]


Program:
"Symantec Lic NetConnect Service"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
CLTNetCnService
Program path & name:
File not found: C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe"
Enabled: [V]


Program:
"TDCSrv Application"
Publisher:
"(Not verified) TOSHIBA Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
TODDSrv
Program path & name:
"c:\windows\system32\toddsrv.exe"
Enabled: [V]


Program:
"TOSHIBA Power Saver manages power saving settings supported by TOSHIBA. These settings will not work if the service has stopped."
Publisher:
"(Verified) TOSHIBA CORPORATION"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
TosCoSrv
Program path & name:
"c:\program files\toshiba\power saver\toscosrv.exe"
Enabled: [V]


Program:
"TOSHIBA Bluetooth Service"
Publisher:
"(Not verified) TOSHIBA CORPORATION"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
TOSHIBA Bluetooth Service
Program path & name:
"c:\program files\toshiba\bluetooth toshiba stack\tosbtsrv.exe"
Enabled: [V]


Program:
"ULCDRSvr"
Publisher:
"(Not verified) Ulead Systems Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
UleadBurningHelper
Program path & name:
"c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe"
Enabled: [V]


Program:
"Universal Serial Bus Camera Driver"
Publisher:
"(Not verified) Service & Quality Technology."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
DCamUSBSQTECH
Program path & name:
"c:\windows\system32\drivers\sqcaptur.sys"
Enabled: [V]


Program:
"CD/DVD Class Filter Driver"
Publisher:
"(Verified) GEAR Software Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
GEARAspiWDM
Program path & name:
"c:\windows\system32\drivers\gearaspiwdm.sys"
Enabled: [V]


Program:
"IP in IP Tunnel Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
IpInIp
Program path & name:
File not found: system32\DRIVERS\ipinip.sys"
Enabled: [V]


Program:
"IPX Traffic Filter Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NwlnkFlt
Program path & name:
File not found: system32\DRIVERS\nwlnkflt.sys"
Enabled: [V]


Program:
"IPX Traffic Forwarder Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NwlnkFwd
Program path & name:
File not found: system32\DRIVERS\nwlnkfwd.sys"
Enabled: [V]


Program:
"ZD Soft Screen Capture Driver"
Publisher:
"(Not verified) ZD Soft"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
scrcap
Program path & name:
"c:\windows\system32\drivers\scrcap.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
TpChoice
Program path & name:
File not found: system32\DRIVERS\TpChoice.sys"
Enabled: [V]


Program:
"USB Common Class Generic Parent Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
usbccgp
Program path & name:
"c:\windows\system32\drivers\usbccgp.sys"
Enabled: [V]


Program:
N/A
Publisher:
"(Not verified) TOSHIBA CORPORATION."
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs
Entry name:
Toshiba Bluetooth Monitor
Program path & name:
"c:\windows\system32\tbtmon.dll"
Enabled: [V]


Program:
"TOSHIBA Power Saver"
Publisher:
"(Verified) TOSHIBA CORPORATION"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
TPwrMain
Program path & name:
"c:\program files\toshiba\power saver\tpwrmain.exe"
Enabled: [V]


Program:
"HotStartOn"
Publisher:
"(Verified) TOSHIBA CORPORATION"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
HSON
Program path & name:
"c:\program files\toshiba\tbs\hson.exe"
Enabled: [V]


Program:
"SmoothView"
Publisher:
"(Verified) TOSHIBA CORPORATION"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SmoothView
Program path & name:
"c:\program files\toshiba\smoothview\smoothview.exe"
Enabled: [V]


Program:
"TOSHIBA Flash Cards"
Publisher:
"(Verified) TOSHIBA CORPORATION"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
00TCrdMain
Program path & name:
"c:\program files\toshiba\flashcards\tcrdmain.exe"
Enabled: [V]


Program:
"HWSetup"
Publisher:
"(Not verified) TOSHIBA Electronics Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
HWSetup
Program path & name:
"c:\program files\toshiba\utilities\hwsetup.exe"
Enabled: [V]


Program:
"SVPWUTIL Application"
Publisher:
"(Not verified) TOSHIBA"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SVPWUTIL
Program path & name:
"c:\program files\toshiba\utilities\svpwutil.exe"
Enabled: [V]


Program:
"ConfigFree(TM) tray"
Publisher:
"(Not verified) TOSHIBA CORPORATION"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NDSTray.exe
Program path & name:
"C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
Enabled: [V]


Program:
"TOSHIBA Online Product Information"
Publisher:
"(Not verified) TOSHIBA"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
topi
Program path & name:
"c:\program files\toshiba\toshiba online product information\topi.exe"
Enabled: [V]


Program:
"Desktop SMS - German"
Publisher:
"(Not verified) Interactive Digital Media"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Desktop SMS
Program path & name:
"c:\program files\idm\desktop sms\desktopsms.exe"
Enabled: [V]


Program:
"Vista Registration"
Publisher:
"(Verified) Toshiba Europe GmbH"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Toshiba Registration
Program path & name:
"c:\program files\toshiba\registration\toshibaregistration.exe"
Enabled: [V]


Program:
"iTunesHelper Module"
Publisher:
"(Not verified) Apple Computer Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
iTunesHelper
Program path & name:
"c:\program files\itunes\ituneshelper.exe"
Enabled: [V]


Program:
"Microsoft® Works Marketing Feature"
Publisher:
"(Not verified) Microsoft® Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
WorksFUD
Program path & name:
"c:\program files\microsoft works\wkfud.exe"
Enabled: [V]


Program:
"Microsoft® Works PortFolio"
Publisher:
"(Not verified) Microsoft® Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Microsoft Works Portfolio
Program path & name:
"c:\program files\microsoft works\wkssb.exe"
Enabled: [V]


Program:
"Microsoft® Works Update Detection"
Publisher:
"(Not verified) Microsoft® Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Microsoft Works Update Detection
Program path & name:
"c:\program files\microsoft works\wkdetect.exe"
Enabled: [V]


Program:
"NeroCheck"
Publisher:
"(Not verified) Ahead Software Gmbh"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NeroCheck
Program path & name:
"c:\windows\system32\nerocheck.exe"
Enabled: [V]


Program:
"SAMSUNG ODD Firmware manager"
Publisher:
"(Not verified) "
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Name of App
Program path & name:
"c:\program files\samsung\fw liveupdate\fwmanager.exe"
Enabled: [V]


Program:
"Adobe Photoshop Album Starter Edition 3.0 component"
Publisher:
"(Not verified) Adobe Systems Incorporated"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Adobe Photo Downloader
Program path & name:
"c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
Enabled: [V]


Program:
"PC Suite"
Publisher:
"(Not verified) Nokia"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
PCSuiteTrayApplication
Program path & name:
"c:\program files\nokia\nokia pc suite 6\launchapplication.exe"
Enabled: [V]


Program:
"RealNetworks Scheduler"
Publisher:
"(Verified) RealNetworks Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
TkBellExe
Program path & name:
"c:\program files\common files\real\update_ob\realsched.exe"
Enabled: [V]


Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]


Program:
"Malwarebytes' Anti-Malware"
Publisher:
"(Verified) Malwarebytes"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Malwarebytes Anti-Malware (reboot)
Program path & name:
"c:\program files\malwarebytes' anti-malware\mbam.exe"
Enabled: [V]


Program:
"Microsoft Office 2000 component"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Entry name:
Microsoft Office.lnk
Program path & name:
"c:\program files\microsoft office\office\osa9.exe"
Enabled: [V]


Program:
"Microsoft® Works Calendar Reminder Service"
Publisher:
"(Not verified) Microsoft® Corporation"
Entry path:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Entry name:
Microsoft Works Calendar Reminders.lnk
Program path & name:
"c:\program files\common files\microsoft shared\works shared\wkcalrem.exe"
Enabled: [V]


Program:
"LimeWire"
Publisher:
"(Not verified) Lime Wire LLC"
Entry path:
C:\Users\P.C\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup
Entry name:
LimeWire On Startup.lnk
Program path & name:
"c:\program files\limewire\limewire.exe"
Enabled: [V]


Program:
"CD/DVD Drive Acoustic Silencer"
Publisher:
"(Not verified) TOSHIBA"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
TOSCDSPD
Program path & name:
"C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe"
Enabled: [V]


Program:
"Veoh Client"
Publisher:
"(Verified) Veoh Networks"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
Veoh
Program path & name:
"c:\program files\veoh networks\veoh\veohclient.exe"
Enabled: [V]


Program:
"Adobe Acrobat IE Helper Version 7.0 for ActiveX"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Adobe PDF Reader Link Helper
Program path & name:
"c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
SSVHelper Class
Program path & name:
"c:\program files\java\jre1.6.0\bin\ssv.dll"
Enabled: [V]


Program:
"iTunes Mini Player DLL"
Publisher:
"(Not verified) Apple Computer Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
iTunes
Program path & name:
"c:\program files\itunes\itunesminiplayer.dll"
Enabled: [V]


Program:
"Phone Browser"
Publisher:
"(Not verified) Nokia"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
PhoneBrowser
Program path & name:
"c:\program files\nokia\nokia pc suite 6\phonebrowser.dll"
Enabled: [V]


Program:
"Shell Extension DLL"
Publisher:
"(Not verified) NeSoft"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
4movy DVD Video Converter
Program path & name:
"c:\program files\4movy dvd video converter\shell4movy.dll"
Enabled: [V]


Program:
"RealPlayer Shell Extensions"
Publisher:
"(Verified) RealNetworks Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell Extensions for RealOne Player
Program path & name:
"c:\program files\real\realplayer\rpshell.dll"
Enabled: [V]


Program:
"PDF Shell Extension"
Publisher:
"(Not verified) Adobe Systems Inc."
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
PDF Shell Extension
Program path & name:
"c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll"
Enabled: [V]


Program:
"Veoh Browser Plug-in"
Publisher:
"(Not verified) Veoh Networks Inc"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
Veoh Video Finder
Program path & name:
"c:\program files\veoh networks\veoh\plugins\reg\veohtoolbar.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name:
Sky
Program path & name:
File not found: http://www.sky.com"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name:
eBay
Program path & name:
File not found: http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN"
Enabled: [V]

Jeet
02-11-08, 14:20
http://www.removeonline.com/remove-trojan-keylogger-win32-fung-trojankeyloggerwin32fung-removal-instructions/

remote91
02-11-08, 14:48
http://www.removeonline.com/remove-trojan-keylogger-win32-fung-trojankeyloggerwin32fung-removal-instructions/
Thanks, I'm giving it a shot now :D

Jeet
02-11-08, 14:50
Welcome. :)

CrisGer
02-11-08, 16:11
If you are having trouble with spyware or trojans, I highly reccomend the following which is one of the best and latest cleaners and there is a free version:

AntiMalWarebytes AntiMalware

it really does do a good job. Be sure to get the updates regularly.

Jeet
03-11-08, 05:32
If you are having trouble with spyware or trojans, I highly reccomend the following which is one of the best and latest cleaners and there is a free version:

AntiMalWarebytes AntiMalware

it really does do a good job. Be sure to get the updates regularly.

Thats Why I Give Him This Link,
http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe

But He Want It To Do Manually, What Can I Do... :p