gfr92y Posted September 18, 2016 ID:1062559 Share Posted September 18, 2016 Last week... I exceeded my 24-hour 250 SMTP relay quota at Godaddy while sending less than 15 email messages (Godaddy hosts my domain and mail server.) I changed my email password from my Gateway PC (Note: I exceeded my 24-hour 250 SMTP relay quota at Godaddy twice in 2015 while only sending a fraction of the maximum allowed emails and both times was able to prevent repeated exceptions by changing my email password.) 48 hours after changing my email password, instead of finding my SMTP relay counter reset to 0, I found I had exceeded my 24-hour 250 SMTP relay quota while sending no email messages. I changed my email password from my Gateway PC again. 48 hours later, I once again found I had exceeded my 24-hour 250 SMTP relay quota while sending no email messages. Godaddy technical support was monitoring my relay quota, dates and times of quota violations, and dates and times of password changes during this time and based on their observations concluded there must be a keylogger installed on my Gateway PC. How do I determine if a keylogger has been installed on my PC? If a keylogger has been installed on my PC, what is the best way to remove it? I would greatly appreciate any assistance you can offer me! Sincerely, Joe Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted September 19, 2016 ID:1062594 Share Posted September 19, 2016 Hello and Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Link to post Share on other sites More sharing options...
gfr92y Posted September 19, 2016 Author ID:1062787 Share Posted September 19, 2016 16 hours ago, TwinHeadedEagle said: SNIP TwinHeadedEagle, Thank you so very much for your assistance. Attached are the two files you requested. I eagerly await your next instructions or questions. (Since this is a family computer, it may take a little time to get certains answers.) Thanks, again. Joe FRST.txt Addition.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted September 20, 2016 ID:1062827 Share Posted September 20, 2016 (edited) I do not see obvious signs of keylogger, but let's perform some maintenance. Please uninstall: - Driver Booster 3.2 - Smart Defrag 4 Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Download attached fixlist.txt file and save it to the Desktop: Both files, FRST and fixlist.txt have to be in the same location or the fix will not work! Right-click on icon and select Run as Administrator to start the tool. (XP users click run after receipt of Windows Security Warning - Open File). Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finishes FRST will generate a log on the Desktop, called Fixlog.txt. Please attach it to your reply. Scan with Malwarebytes' Anti-Malware Please download Malwarebytes Anti-Malware and save it to your desktop. Install the progam and select update. Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits. In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware. Click the Scan tab, choose Threat Scan is checked and click Start Scan. If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes. Upon completion of the scan (or after the reboot), click the History tab. Click Application Logs and double-click the Scan Log. At the bottom click Export and choose Text file. Save the file to your desktop and include its content in your next reply. fixlist.txt Edited September 20, 2016 by TwinHeadedEagle Link to post Share on other sites More sharing options...
gfr92y Posted September 21, 2016 Author ID:1062992 Share Posted September 21, 2016 17 hours ago, TwinHeadedEagle said: I do not see obvious signs of keylogger, but let's perform some maintenance. What are some of the signs you are looking for? 17 hours ago, TwinHeadedEagle said: Please uninstall: - Driver Booster 3.2 - Smart Defrag 4 Driver Booster 3.2 and Smart Defrag 4 were previously on this PC. However, I removed them a few month ago. Here is how I implemented your suggestion... First, I found Smart Defrag 4 (Not an easy task mind you since I cannot access www.iobit.com for some unknown reason.), downloaded it, installed it, and uninstalled it. Second, Since I could not find Driver Booster 3.2, although I did not look very hard, I found Driver Booster 3.5 on download.cent.com and downloaded it, installed it, and uninstalled it. I hope the steps above did no harm! 17 hours ago, TwinHeadedEagle said: Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Download attached fixlist.txt file and save it to the Desktop: Both files, FRST and fixlist.txt have to be in the same location or the fix will not work! Right-click on icon and select Run as Administrator to start the tool. (XP users click run after receipt of Windows Security Warning - Open File). Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finishes FRST will generate a log on the Desktop, called Fixlog.txt. Please attach it to your reply. fixlist.txt I will be performing the steps above and below as soon as I finish dinner. 17 hours ago, TwinHeadedEagle said: Scan with Malwarebytes' Anti-Malware Please download Malwarebytes Anti-Malware and save it to your desktop. Install the program and select update. Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits. In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware. Click the Scan tab, choose Threat Scan is checked and click Start Scan. If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes. Upon completion of the scan (or after the reboot), click the History tab. Click Application Logs and double-click the Scan Log. At the bottom click Export and choose Text file. 17 hours ago, TwinHeadedEagle said: Save the file to your desktop and include its content in your next reply. ... and that is exactly what I will do later this evening! Thanks again for everything you are doing for me!!! Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted September 21, 2016 ID:1063063 Share Posted September 21, 2016 I simply didn't see signs of keylogger on your PC. Yes, you should uninstall all Iobit products and refrain from using them. They have bad reputation and I even spotted one of them coming bundled with malware installer, it was Driver Booster. Link to post Share on other sites More sharing options...
gfr92y Posted September 22, 2016 Author ID:1063348 Share Posted September 22, 2016 Sorry. I have two teenagers and I am convinced God's plan for them is to not have 15 minutes of uninterrupted time. I am doing it now. Link to post Share on other sites More sharing options...
gfr92y Posted September 23, 2016 Author ID:1063430 Share Posted September 23, 2016 On 9/20/2016 at 2:48 AM, TwinHeadedEagle said: I do not see obvious signs of keylogger, but let's perform some maintenance. Please uninstall: - Driver Booster 3.2 - Smart Defrag 4 Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Download attached fixlist.txt file and save it to the Desktop: Both files, FRST and fixlist.txt have to be in the same location or the fix will not work! Right-click on icon and select Run as Administrator to start the tool. (XP users click run after receipt of Windows Security Warning - Open File). Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finishes FRST will generate a log on the Desktop, called Fixlog.txt. Please attach it to your reply. Scan with Malwarebytes' Anti-Malware Please download Malwarebytes Anti-Malware and save it to your desktop. Install the progam and select update. Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits. In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware. Click the Scan tab, choose Threat Scan is checked and click Start Scan. If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes. Upon completion of the scan (or after the reboot), click the History tab. Click Application Logs and double-click the Scan Log. At the bottom click Export and choose Text file. Save the file to your desktop and include its content in your next reply. fixlist.txt Done. Files are attached. Thanks, again! MBAM.txt Fixlog.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted September 23, 2016 ID:1063463 Share Posted September 23, 2016 Did you remove everything that MalwareBytes found? Link to post Share on other sites More sharing options...
gfr92y Posted September 23, 2016 Author ID:1063480 Share Posted September 23, 2016 I ran MBAM again and the only item that was listed had something to do with hosts, so I checked it and cleaned/deleted it. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted September 24, 2016 ID:1063691 Share Posted September 24, 2016 Good. Is everything okay now? Link to post Share on other sites More sharing options...
Recommended Posts