Keylogger im System aber nicht auffindbar

#16 er is weg!!! DANKE raman!!! DANKE!!!!

#17 "Herr Kaspersky" meint folgendes:

Zitat

This is TrojanSpy.Win32.ControlRandom. Added to next update.
Best regards, Sergey.

ControlRandom.... Interessante Namensgebung, wenn ich mir den Rest des Threads durchlese.
auch andere Scanner, wie z.B RAV (Onlinescan) konnten in den beiden Dateien keinen schadhaften Code entdecken
Auf jeden Fall....egal welcher Scanner, es ist eben nichts 100%-ig ! Dieser Fall ist ein schönes Beispiel, dass auch ein sonst wirklich sehr gutes Programm seine kleinen Lücken haben kann.
__________
Durchsuchen --> Aussuchen --> Untersuchen

#18 Heute kamen 2 Siganturen-Updates raus. das letztere beinhaltet den hier erwähnten TrojanSpy "ControlRandom". Alles in allem keine schlechte Realtionszeit.
Habe die Files am 18.11, abends um 20:00 an Kaspersky geschickt.
__________
Durchsuchen --> Aussuchen --> Untersuchen

#19 Edit: Falscher Thread!
__________
MfG Ralf
SEO-Spam Hunter

#20 Hast fast Recht,
habe mir auch schon überlegt, ob man für diesen Fall "was neues" aufmacht.
Will es als Randbemerkung mal stehen lassen.
__________
Durchsuchen --> Aussuchen --> Untersuchen

#21 hello,
i was searching google for controlrandom.exe and found this thread, it being the only one there is. I cannot speak german, but i tried doin the google translation (which sucks). I was wondering if anyone who speaks english could PLEASE translate what was said and done to remove this keylogger. im having a hell of a tough time trying to do it myself, but i cant seem to get rid of it.

-alex

#22 It depense on which AV-Programm you use. Kaspersky AV can identify it, Antivir (www.free-av.com) is able to identify it, too. It will also drop a DLL. You maybe have to do (cleaning) it in windows safe mode. Otherwise VanHydra should try to explain how he got rid of it!
__________
MfG Ralf
SEO-Spam Hunter

#23 i got antivir and it got rid of most of the problems. After the nitial scan there was only the archive left and a dll which windows had locked, but it deleted it upon restarting. I ran antivir again and here are the results i got:

C:\
hiberfil.sys
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
pagefile.sys
Access denied! Error during file opening!
This is a Windows swap file. This file is locked by Windows.
Error code: 0x000D
WARNING! Access error/file locked!
C:\Documents and Settings\Alex Kosovych\Local Settings\Temporary Internet Files\Content.IE5\EPCJ29I5
knightdragon[1].zip
ArchiveType: ZIP
--> knight.exe
The Trojan horse TR/SCKeyLog.20.D
--> dragon.exe
The Trojan horse TR/SCKeyLog.20.D
C:\Program Files\Macromedia\Flash MX\Players\Debug
Install Flash Player 6 OSX.hqx
ArchiveType: BinHex (Mac)
NOTE! No files to extract.
Install Flash Player 6.hqx
ArchiveType: BinHex (Mac)
NOTE! No files to extract.
C:\Program Files\Macromedia\Flash MX\Players\Release
Install Flash Player 6 OSX.hqx
ArchiveType: BinHex (Mac)
NOTE! No files to extract.
Install Flash Player 6.hqx
ArchiveType: BinHex (Mac)
NOTE! No files to extract.


End of scan: 20.11.2003 12:54
Time taken: 25:10 min


3594 directories were scanned
60478 files were scanned
2 warning messages were issued
0 files were deleted
0 files were repaired
2 detections


I believe thats normal for hiberfil.exe and pagefil.sys being the files that they are. I still am not sure how to get rid of the archive:

C:\Documents and Settings\Alex Kosovych\Local Settings\Temporary Internet Files\Content.IE5\EPCJ29I5
knightdragon[1].zip
ArchiveType: ZIP
--> knight.exe
The Trojan horse TR/SCKeyLog.20.D
--> dragon.exe
The Trojan horse TR/SCKeyLog.20.D

im not even sure if this is necessary to delete as it is an archive, but i would still like to get rid of it completely from my system. any info on where to acces this and delete it would be helpful

-alex

#24 i wasnt even thinkin when i wrote the last post. i ended up just goin in and deleting it, ran antivir one last time and it came up with nothing.

you guys were a great help. thx alot ^_^

-alex