Jump to content

10+years of data compromised


Recommended Posts

This is extremely frustrating for me since I'm always extremely careful with my system, somehow I got a keylogger/trojan.

The files in my computer are fine, sadly I can't say the same about my email (Yahoo, hotmail) paypal, facebook and ebay accounts.

Here are the logs, I've scanned my computer in safemode with:

ComboFix, dds, Mawarebytes Anti-Malware, SmitfraudFix, Spybot Search & Destroy and Avira antivirus (Every time I restart I get two messages about two missing .dll files),

I'm still unable to login to very specific pages, moreover, some pictures appear as broken/don't load, interestingly enough, peerblock shows extremely suspicious network activity while trying to load these pages/broken images (It's always Range: Baltimore Technologies, Source:, Destination: So I'm afraid that the keylogger/worm/whatever this is hasn't been completely deleted and my information is trying (or is actually still being) redirected to this IP address)



Link to post
Share on other sites

Oh, I forgot about this info:

I'm running Microsoft Windows 7 Home Premium, my usual browser of choice is Opera. I'm a college art student so (And in finals week) so this makes the situation even more frustrating since I can't focus on my finals now. Seems like my files are fine so far, the only thing that's been compromised as of now is all the data I have online.

I also forgot to mention that malwarebytes Anti-Malware did detect some keyloggers which I quarantined, but I still have this issue with the broken images/websites and suspicious network activity.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

At this stage, I would highly suggest backing up your data, formatting your hard drive, and reinstalling Windows.

The problem with these keylogging infections is that they're often accompanied by backdoor trojans which completely compromise your computer for the future, even if we can clean any visible infections.

Here is my standard speech when I see a backdoor:

I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you have any questions, please feel free to ask.

Link to post
Share on other sites

I wish I could reinstall my OS immediately (I have an ASUS, do you think the standard factory restore tool will work? Is it possible for this infection to somehow transfer to the factory restore?) but since I'm in finals right now that's not a choice (I have to survive like this for one more week). I will back up my workfiles as soon as possible though.

I know this person is screwing up with my email just to gain more time, I tried to contact ebay and paypal as soon as I noticed this but now I'm effectively locked out from my mail (Which is funny because I've been changing passwords these last two days a lot of times, yet this person somehow manages to log back into my mail and modify my account info)

So not only my online data is compromised, but my actual computer files might be compromised too? That's extremely scary (Again, I'm in finals), I'll start backing up work files after class (Is there a chance that this infection can somehow transfer to my external while backing up? I'm a GAD student, most of my files are 3ds max files, maya files, pictures, textures, some UDK files. Plus music)

I just skimmed through your links real quick and I noticed this entry concerning formatting:

"Install a clean version of your operating system

Anything on that system could have been modified, including the kernel, binaries, data-files, running processes, and memory.

In general, the only way to trust that a machine is free from backdoors and intruder modifications is to reinstall the operating system from the distribution media and install all of the security patches before connecting back to the network. Merely determining and fixing the vulnerability that was used to initially compromise this machine may not be enough.

We encourage you to restore your system using known clean binaries. In order to put the machine into a known state, you should re-install the operating system using the original distribution media."

What should I do in this situation? Sounds like using a factory restore might not do the trick, should I take my computer to Bestbuy after finals for assistance?

Thanks for the identity fraud link, I'll check it after class, I'm late because I've been trying to deal with this issue all night.

Link to post
Share on other sites

Oh, another small detail, these are the missing dll message I get after each restart:

There was a problem starting:



Not that it matters anymore I guess... since I'm doing a clean reinstall of everything.

I still don't understand how this happened, my firewall, peerblock and antivirus (Avira) are always updated and running. Any tips to avoid dealing with this issue again? I'm very afraid, if this happened once chances are that it might happen again since now I'm targeted by this person.

Link to post
Share on other sites

No more feedback concerning possible future infections? I'm only asking because this is the first time a backdoor trojan somehow makes it into my system (even though my antivirus, firewall and peerblock are always up) and I fear that this might happen again without me or my antivirus programs noticing.

I can't really think of anything that caused this infection, but there must be something for sure that was most likely my fault. Is there a risk of this backdoor trojan somehow infecting the files I'm backing up? This is also an important question I have since sometimes we work on teams at college and we have to transfer a lot of files between us.

I really appreciate the assistance provided so far.

Link to post
Share on other sites

  • Staff


My apologies for the delay.

Infections generally can't infect the restore partition since there are special permissions set there. If you are only backing up documents, videos, and photos, you should be fine. Your music and school files should also be fine (it's important to note a distinction between backdoor trojans like what you have, and file infectors like Virut which infect individual files.

Once finals are over, I suggest backing up everything and using the recovery partition.

Link to post
Share on other sites

Oh, don't worry about the delay.

I must confess that while I'm good at dealing with some minor issues, backdoor trojans are way out of my expertise. I've never caught an infection since I started using a computer (Since 1999)... that's why I'm so worried right now, I seriously can't understand how I got infected by this trojan, and I'm worried that it might happen again.

My last question would be concerning that particular point, maybe the programs I use to protect my computer no longer doing the job (I'm mainly talking about Avira...Peerblock is doing an okay job blocking all this suspicious net activity ever since I deleted the trojans... that also means you were right and I'm not totally clean even though Malware-Bytes and other programs don't detect any more infections), do you have any suggestions in particular?

I'm glad to hear that the restore partition can't be modified, especially since I'm done backing up all of my files and I was wondering if I could somehow infect my external HDD.

Link to post
Share on other sites

  • Staff

Hi dio_85,

I will give you my standard prevention speech below. :) Avira is a good antivirus, but no one program can catch everything.

Your external should be fine. You could always do a full scan with your antivirus (and MBAM) with the external plugged in.

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Also please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,


Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.