Big Help Keylogger Virus

backup
backup
in Malware talk

I htink there is a malware keylooger which send my data when I click enter.


It is possible to get this kind of malware and BitDefendre does not detect this one.


Thank for your help.


backup


Logfile of HijackThis v1.99.1


Scan saved at 06:49:13, on 18/11/2007


Platform: Windows XP SP2 (WinNT 5.01.2600)


MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:


C:\WINDOWS\System32\smss.exe


C:\WINDOWS\system32\winlogon.exe


C:\WINDOWS\system32\services.exe


C:\WINDOWS\system32\lsass.exe


C:\WINDOWS\system32\svchost.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\system32\spoolsv.exe


D:\app\buffalo\bwsvc\bwsvc.exe


C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe


C:\WINDOWS\system32\slserv.exe


C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe


C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe


D:\bitdefender\vsserv.exe


C:\WINDOWS\Explorer.EXE


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\system32\VTtrayp.exe


C:\WINDOWS\system32\VTTimer.exe


C:\WINDOWS\SOUNDMAN.EXE


D:\bitdefender\bdagent.exe


C:\WINDOWS\system32\ctfmon.exe


D:\app\buffalo\cm3_tray.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\system32\wuauclt.exe


D:\bitdefender\seccenter.exe


C:\WINDOWS\system32\DllHost.exe


D:\app\AM Browser\AM Browser.exe


E:\mesdocuments\hijackthis_199\HijackThis.exe


O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll


O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - D:\bitdefender\IEToolbar.dll


O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe


O4 - HKLM\..\Run: [VTTimer] VTTimer.exe


O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE


O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup


O4 - HKLM\..\Run: [bDAgent] "D:\bitdefender\bdagent.exe"


O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe


O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\app\OFFICE~1\Office12\EXCEL.EXE/3000


O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\app\OFFICE~1\Office12\REFIEBAR.DLL


O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)


O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)


O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O15 - Trusted Zone: gmail.google.com


O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194125375421


O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab


O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll


O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL


O23 - Service: Bwsvc - BUFFALO INC. - D:\app\buffalo\bwsvc\bwsvc.exe


O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)


O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe


O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\bitdefender\vsserv.exe" /service (file missing)


O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)

/applications/core/interface/file/attachment.php?id=1006" data-fileid="1006" rel="">bdfirewall.txt

Comments

  • Niels
    Niels

    Dear backup


    I can't find anything suspecious in your hijackthis log. Why do you think that you got a keylogger? What happens when you click on enter? I can't take a look at your attachment because I don't have the rights to download attachments in this forum section. It could be possible that a keylogger is undetected. Perform a deep scan with BitDefender and post the scan result.


    Best regards


    Niels

  • backup
    backup
    Dear backup


    I can't find anything suspecious in your hijackthis log. Why do you think that you got a keylogger? What happens when you click on enter? I can't take a look at your attachment because I don't have the rights to download attachments in this forum section. It could be possible that a keylogger is undetected. Perform a deep scan with BitDefender and post the scan result.


    Best regards


    Niels


    Thank you for your feedback.


    My PC has strange behaviour when I navigate on Internet.


    Moreover, I am suspicious about some people near to have a knowledge of personal data (pasword,...email)


    I run several times a full scan: nothing, only some htmlfiles (copy of MSDN C++ code), that I put in quarantine.


    Here, a very strange behaviour:


    1. go to google.com


    2. I type: Mariott


    3. then click on ENTER


    My PC crashes with a BitDefender message.


    RunTime Error, process .../vsserv.exe


    This application has requested to terminate the process in an unsual way...


    Here, screen copy.


    I sent several emails to Bit Defender Technical Support, and got no answer from them.


    Many Thanks for your help.

    post-6911-1195867274_thumb.png

  • backup
    backup
    Thank you for your feedback.


    My PC has strange behaviour when I navigate on Internet.


    Moreover, I am suspicious about some people near to have a knowledge of personal data (pasword,...email)


    I run several times a full scan: nothing, only some htmlfiles (copy of MSDN C++ code), that I put in quarantine.


    Here, a very strange behaviour:


    1. go to google.com


    2. I type: Mariott


    3. then click on ENTER


    My PC crashes with a BitDefender message.


    RunTime Error, process .../vsserv.exe


    This application has requested to terminate the process in an unsual way...


    Here, screen copy.


    I sent several emails to Bit Defender Technical Support, and got no answer from them.


    Many Thanks for your help.


    Some help please;


    I have bought Bit Defender but dont understand the reason of my attack:


    many thanks

  • alexcrist
    alexcrist

    Hello backup,


    Here, a very strange behaviour:


    1. go to google.com


    2. I type: Mariott


    3. then click on ENTER


    My PC crashes with a BitDefender message.


    RunTime Error, process .../vsserv.exe


    This application has requested to terminate the process in an unsual way...


    This is not the result of a keylogger (or any other malware). Unfortunately, this is the result of a nasty bug in one of BD's modules.


    For more details, please read this topic: http://forum.bitdefender.com/index.php?showtopic=2501 (you could start reading from the 5th page).


    Cris.

All Time Leaders

Categories

Defenders of the month