Jump to content

Undetectable Backdoor?


rubix3
 Share

Recommended Posts

Hi there,

I'm usually pretty tech savvy when it comes to troubleshooting Windows and dealing with malware/viruses but this one has me stumped. I noticed strange behaviour while in a text document where the typing cursor moved up a couple of lines and then proceeded to start typing usernames and passwords and bringing up the right-click menu with slight delays in between. The typing of the passwords seemed like a keylog as it makes a mistake, deletes the mistake and then re-types it out properly. It has happened more than once but I'm not quite sure what triggers it - for a while I thought it started shortly after booting up but I've tried it a couple of times since and nothing has happened. I have run several anti-virus scans (MSE/Housecall/Microsoft Malicious Software Removal Tool) and have also run Malwarebytes which found a Backdoor Win32.RBot and got rid of it - all done I thought. Unfortunately, it continues to happen and Malwarebytes detects no more problems, as does MSE and MMSRT. I've tried looking at HJT logs, running ComboFix, monitoring Process Explorer, monitoring outgoing packets from the PC but nothing has really given me any leads.

Hopefully someone may be able to shed some light or else I guess it's time to reinstall Windows!

Thanks,

Pete

Attach.txt

DDS.txt

Link to post
Share on other sites

  • 2 months later...
  • Staff

Hi and welcome to Malwarebytes.

In the future, please post all logs directly into your reply instead of attaching them unless otherwise indicated. With that said, please update MBAM, run a Quick Scan, and post its log.

Next, run DDS again and post DDS.txt directly in your reply.

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.