Keylogger im System aber nicht auffindbar |
||
---|---|---|
#0
| ||
18.11.2003, 18:49
...neu hier
Themenstarter Beiträge: 7 |
#16
er is weg!!! DANKE raman!!! DANKE!!!!
|
|
|
||
19.11.2003, 14:26
Moderator
Beiträge: 6466 |
#17
"Herr Kaspersky" meint folgendes:
Zitat This is TrojanSpy.Win32.ControlRandom. Added to next update. ControlRandom.... Interessante Namensgebung, wenn ich mir den Rest des Threads durchlese. auch andere Scanner, wie z.B RAV (Onlinescan) konnten in den beiden Dateien keinen schadhaften Code entdecken Auf jeden Fall....egal welcher Scanner, es ist eben nichts 100%-ig ! Dieser Fall ist ein schönes Beispiel, dass auch ein sonst wirklich sehr gutes Programm seine kleinen Lücken haben kann. __________ Durchsuchen --> Aussuchen --> Untersuchen |
|
|
||
19.11.2003, 19:05
Moderator
Beiträge: 6466 |
||
|
||
19.11.2003, 19:51
Moderator
Beiträge: 7805 |
#19
Edit: Falscher Thread!
__________ MfG Ralf SEO-Spam Hunter Dieser Beitrag wurde am 19.11.2003 um 21:01 Uhr von raman editiert.
|
|
|
||
20.11.2003, 09:07
Moderator
Beiträge: 6466 |
||
|
||
20.11.2003, 15:31
...neu hier
Beiträge: 3 |
#21
hello,
i was searching google for controlrandom.exe and found this thread, it being the only one there is. I cannot speak german, but i tried doin the google translation (which sucks). I was wondering if anyone who speaks english could PLEASE translate what was said and done to remove this keylogger. im having a hell of a tough time trying to do it myself, but i cant seem to get rid of it. -alex |
|
|
||
20.11.2003, 16:02
Moderator
Beiträge: 7805 |
#22
It depense on which AV-Programm you use. Kaspersky AV can identify it, Antivir (www.free-av.com) is able to identify it, too. It will also drop a DLL. You maybe have to do (cleaning) it in windows safe mode. Otherwise VanHydra should try to explain how he got rid of it!
__________ MfG Ralf SEO-Spam Hunter |
|
|
||
20.11.2003, 19:09
...neu hier
Beiträge: 3 |
#23
i got antivir and it got rid of most of the problems. After the nitial scan there was only the archive left and a dll which windows had locked, but it deleted it upon restarting. I ran antivir again and here are the results i got:
C:\ hiberfil.sys Access denied! Error during file opening! Error code: 0x000D WARNING! Access error/file locked! pagefile.sys Access denied! Error during file opening! This is a Windows swap file. This file is locked by Windows. Error code: 0x000D WARNING! Access error/file locked! C:\Documents and Settings\Alex Kosovych\Local Settings\Temporary Internet Files\Content.IE5\EPCJ29I5 knightdragon[1].zip ArchiveType: ZIP --> knight.exe The Trojan horse TR/SCKeyLog.20.D --> dragon.exe The Trojan horse TR/SCKeyLog.20.D C:\Program Files\Macromedia\Flash MX\Players\Debug Install Flash Player 6 OSX.hqx ArchiveType: BinHex (Mac) NOTE! No files to extract. Install Flash Player 6.hqx ArchiveType: BinHex (Mac) NOTE! No files to extract. C:\Program Files\Macromedia\Flash MX\Players\Release Install Flash Player 6 OSX.hqx ArchiveType: BinHex (Mac) NOTE! No files to extract. Install Flash Player 6.hqx ArchiveType: BinHex (Mac) NOTE! No files to extract. End of scan: 20.11.2003 12:54 Time taken: 25:10 min 3594 directories were scanned 60478 files were scanned 2 warning messages were issued 0 files were deleted 0 files were repaired 2 detections I believe thats normal for hiberfil.exe and pagefil.sys being the files that they are. I still am not sure how to get rid of the archive: C:\Documents and Settings\Alex Kosovych\Local Settings\Temporary Internet Files\Content.IE5\EPCJ29I5 knightdragon[1].zip ArchiveType: ZIP --> knight.exe The Trojan horse TR/SCKeyLog.20.D --> dragon.exe The Trojan horse TR/SCKeyLog.20.D im not even sure if this is necessary to delete as it is an archive, but i would still like to get rid of it completely from my system. any info on where to acces this and delete it would be helpful -alex |
|
|
||
20.11.2003, 19:25
...neu hier
Beiträge: 3 |
#24
i wasnt even thinkin when i wrote the last post. i ended up just goin in and deleting it, ran antivir one last time and it came up with nothing.
you guys were a great help. thx alot ^_^ -alex |
|
|
||