Jump to content
msbhvn-1

Crazy Roommate, Keyloggers, and other fun

Recommended Posts

Hello there .... I am helping my friend with his laptop as he knows even less than I do! He is getting out of a living situation where a household member has a very disturbed mind and is now causing trouble for him in his everyday job and with his church.  He believes that the now ex roommate has key loggers, possible location tracking and a whole slew of other things installed on his machine.  I'm not sure how you want to do this but I will not let his machine online here at my place for fear that the crazy bastard will come after us here at our new location.  I'm sending this off my desktop but the attached files are from his computer.  We are also needing to have proof of any keyloggers or other types of malware so that this may be turned in to law enforcement for slander and defamation.  You guys have rocked for me before, hope we can do it again.  I just ran FRBR and they are attached below. Thanks again!

FRST.txt

Addition.txt

Share this post


Link to post
Share on other sites

Hello @msbhvn-1 and :welcome:

I'm Android 8888 and I'll be helping you with your malware issues. Please ask questions if anything is unclear.

I will need some time to analyze your logs and I will get back to you as soon as possible.

Thank you.

Android8888

Share this post


Link to post
Share on other sites

Hello @msbhvn-1

Thank you for your time and patience.

Please DO NOT run any tools on your own unless I ask you to do so.

 

I see that you have multiple Antivirus programs installed on your system:

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AV: AVG AntiVirus Free Edition (Enabled - Out of date) {4D41356F-32AD-7C42-C820-63775EE4F413}

You should only have one Antivirus installed at all time on a computer. Reason being that having more than one installed can cause system instability and conflict due to the way these programs works and interact with the system. If you want to read more about these kind of issues, I suggest you to read the "IMPORTANT NOTE" in quietman7's post here. This being said, I'll ask you to choose the Antivirus program you want to keep, and uninstall the other(s). Usually, you would keep the program you pay for (if that is the case), and uninstall the free one(s). If you pay for multiple products, keep the one you prefer the most, and uninstall the other(s).

Windows Defender (takes very few resources and runs in the background) is a good suggestion alongside with Malwarebytes Premium version.

 


I will ask you to remove the programs listed below by using Revo Uninstaller (see instructions below).
SereneScreen Marine Aquarium Lite
WebDiscover Browser 4.28.2

If you don't use this one, remove it as well:
Coupon Printer for Windows


Please download the free version of Revo Uninstaller Portable from here and save the compressed file to your computer Desktop.

  • Double-click the compressed file RevoUninstaller_Portable and extract the files within it (it will be created a folder with the same name);
  • Within that folder, right-click the file RevoUPort and select Run as administrator to open the tool;
  • Click Yes to accept the UAC security warning that may appear;
  • Click OK to accept the License Agreement and Copyright;
  • Select 'The Program to Remove' and click Uninstall. Follow the instructions to complete the removal process; Note: If it asks for a restart/reboot, select No/Later.
  • In 'Search Mode' set it to 'Advanced' and click on the Scan button. The tool will search for leftovers;
  • Click on Select All and then on Delete and then Yes to delete the selected items;
    Note: You may have to repeat this step to delete all the leftovers (Registry items, files and folders);
  • Click the Finish button and restart the computer to complete the removal process.

Note: You will have to run Revo more than once to completely uninstall each program listed above.

 


Remove these extensions from Google Chrome browser:
Yahoo Web
Watch TV Instantly
InboxNow
Search Privacy
Easy Map Finder
SearchLock
FromDocToPDF
Recipes Homepage

To do that:
Open Google Chrome;
Type chrome://extensions in the address bar and press Enter;
Click the trash can icon by the extension.
A confirmation dialog appears, click Remove.

 


NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Note: I included a Disk Check in the fix. DO NOT interrupt it under any circumstances.

Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe is located); DO NOT open or modify that file!
  • Right-click on the FRST64 icon and select Run as Administrator;
  • Click on the Fix button;
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Please attach the Fixlog.txt in your next reply;


Next,

  • Download AdwCleaner and move it to your computer Desktop;
  • Right-click on AdwCleaner.exe and select Run as Administrator;
  • Click Yes to accept the User Account Control security warning that may appear;
  • Click on the blue button 'I AGREE';
  • Click on the Scan Now button;
  • Let the scan complete. Once it's done, make sure that every item listed is checked and click on the Clean & Repair button;
  • Click on the Clean & Restart Now button;
  • After the restart, a log will open when logging in.
  • Please attach that log in your next reply.


Next,

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both ON and leave all other settings to default.
  • Go back to Dashboard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient.
  • When the scan completes if potential threats are detected, ensure to check-mark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
  • Please attach the log in your next reply.


In your next reply please let me know:
What Antivirus program you decide to keep.
If you were able to uninstall the programs listed by running Revo.
If you were able to remove the Chrome extensions listed.


And attach the following logs:
Fixlog.txt
Malwarebytes log (after quarantine the threats).
AdwCleaner clean log. The log can be found in C:\AdwCleaner\AdwCleaner[CXX].txt (where XX is a number, the highest number is the most recent and the one I need to see).


Also, let me know how is the computer running now.

Android8888

fixlist.txt

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.