elveez Posted October 15, 2008 ID:30969 Share Posted October 15, 2008 I just found this file in my Malwarebytes quarantine:Vendor: Trojan.AgentCategory: FileItems: C:\WINDOWS\sustem32\KerndDrv.dllReference#: 35638Does anyone knows that this is? I tried searching but found nothing. Any ideas? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 15, 2008 Root Admin ID:30978 Share Posted October 15, 2008 Hello elveez and Welcome to MalwarebytesAccording to Threat ExpertInfostealer.Gampass [symantec]A keylogger program that can capture all user keystrokes (including confidential details such username, password, credit card number, etc.) * There was application-defined hook procedure installed into the hook chain (e.g. to monitor keystrokes). The installed hook is handled by the following module: o %System%\KerndDrv.dllHighly recommend that you follow the directions below (do not bypass the online Panda scan)Please read and follow the instructions provided here: Pre- HJT Post InstructionsWhen ready please post your logs here: Malware Removal - HijackThis LogsSomeone will be happy to assist you further with cleaning your system.During this scan and cleanup process you should not install any other software unless requested to do so. Link to post Share on other sites More sharing options...
elveez Posted October 15, 2008 Author ID:30993 Share Posted October 15, 2008 Thanks a lot! I had some on of my passwords stolen and I figured it's gotta be some keylogger. I wish I could figure out how I got this one! I had Norton Realtime protection and SpyBot with TeaTimer running all the time!I just scanned my system with Norton + Malwarebytes + SpyBot + SuperAntiSpyware and it seems that I'm clean now. Malwarebytes was the only one program that reported this!! I will run it again and post the logs here. Do I just copy and paste them here or should I include them as an attachment? Link to post Share on other sites More sharing options...
elveez Posted October 15, 2008 Author ID:30996 Share Posted October 15, 2008 Here's my MBAM log from two days ago when the files were found... Link to post Share on other sites More sharing options...
elveez Posted October 15, 2008 Author ID:30998 Share Posted October 15, 2008 HijackThis Log. Today. Panda is still working, I will post the log as soon as it's done. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 15, 2008 Root Admin ID:31006 Share Posted October 15, 2008 Please don't post your logs here.Start a new thread here: http://www.malwarebytes.org/forums/index.php?showforum=7Then post current MB and HJT and PANDA logs in the new thread. Do not attach the files, post them directly please.Thank you. Link to post Share on other sites More sharing options...
elveez Posted October 15, 2008 Author ID:31014 Share Posted October 15, 2008 Thanks! Will do! Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now