Possible fraud/Keylogger help plz.....

[HummuH1]

Following on from my thread: http://forums.overclockers.co.uk/showthread.php?p=20414046&posted=1#post20414046

I have downloaded Process Explorer and Autoruns from sysinternals. Could you knowledable people take a look at them and let me know if you see anything running that shouldn't be there.

Please let me know what you would like me to post from the respective applications. Many thanks.

 

[Vimes]

Just post the main event Window, or a link to a image hosting site, which shows all the processes etc running.

Why create another thread though when you are already are getting some very good advice in the one you have linked above..?

I actually managed to stop a keylogger / or whatever type thingy on my PC as it was picked up only by my firewall when something unknown tried to connect to the Internet and upload 8 pages of a text document it had generated of every username and password that I had used on my PC..!

Scary stuff for sure.

 

[HummuH1]

Just post the main event Window, or a link to a image hosting site, which shows all the processes etc running.

Cheers. Will do.

 

[HummuH1]

Process Explorer:

Autoruns to follow.

 

[Vimes]

Just to add if you look in the event Window of PE and right click on any of the processes you can then look it up (search online) on the Internet on what it is and whether it should be running.

 

[HummuH1]

Why create another thread though when you are already are getting some very good advice in the one you have linked above..?

Sorry, it was suggested in the thread that it was better posted in this forum.

 

[Vimes]

.....ah no need to be sorry

I did not notice that it was in the GD section, they are a peculiar bunch in there

 

[HummuH1]

Autoruns:

 

[Burnsy2023]

Things that look a bit suspicious to me:

Also, did you run this as administrator? I find it strange that a lot of your system processes aren't labelled as published from Microsoft.

 

[HummuH1]

Also, did you run this as administrator? I find it strange that a lot of your system processes aren't labelled as published from Microsoft.

Thanks mate, will do some checking on those.

I'm logged on as administrator but did not run the exe using "Run as administrator".

 

[Burnsy2023]

I'm logged on as administrator but did not run the exe using "Run as administrator".

Run as admin and tell me if the publisher changes.

 

[Deleted member 77746]

You certainly have a lot of crap running I know that for sure. Get your data backed up and do a format, be sure and safe.

 

[Burnsy2023]

You certainly have a lot of crap running I know that for sure. Get your data backed up and do a format, be sure and safe.

You don't need to format as long as you can account for all your processes.

 

[Deleted member 77746]

You don't need to format as long as you can account for all your processes.

Most people don't know what processes are doing what, plus little nasties can be hidden. To be on the safe side format is sometimes the only way. That system looks a mess with the amount of startup items e.t.c......

 

[Burnsy2023]

Most people don't know what processes are doing what, plus little nasties can be hidden. To be on the safe side format is sometimes the only way. That system looks a mess with the amount of startup items e.t.c......

This is somewhat the orthodoxy when it comes to malware, but I disagree. If you can use the sysinternals tools properly, you can always find malware.

 

[Deleted member 77746]

This is somewhat the orthodoxy when it comes to malware, but I disagree. If you can use the sysinternals tools properly, you can always find malware.

ALWAYS?

 

[iviv]

Wouldn't a Hijackthis log be more useful?

 

[Burnsy2023]

ALWAYS?

Always.

 

[Burnsy2023]

Wouldn't a Hijackthis log be more useful?

Yes, it probably would.

 

[HummuH1]

Run as admin and tell me if the publisher changes.

Will do, should have some time to go at it tomorrow.

Thanks for all the suggestions, will do a Hijack this log also and report back.