I keep getting key loggers

[Maurice]

Hey guy's,

I have formated like 4 times, and When I use KL detector. it tells me I have some suspitious stuff. I looked where it said there was stuff, but found nothing.

Yes I un-hid files and folders.

I use avast, I just want to know if I really have one, why I keep getting one, and how to not get one, or get rid of one..

Than you.

[Tomek]

Just guessing (don't have any experience w/ that ap) but perhaps it's trying to promote

itself through false semi-positives. Can anyone confirm who solid this ap is or not?

[DrGuns4Hands]

I don't see how the Key Logger could make it through a reformat unless you downloaded something wonky every time after you reformatted before downloading the program I searched KL detector scam but nothings coming up so I'm thinking it's probably a legit program. Could still be a false positive search the file location it tells you through google along with KL detector and see what pops up might be a common error.

Also do you have multiple storage drives?

[jbmcmillan]

Avast is saying keylogger?

[DrGuns4Hands]

I think he meant avast isn't catching anything, and I don't know if it even looks for key loggers.

[lord_adrick]

Check for boot sector virus. Might be a rootkit of some sort. A full zero-out format should take care of it if you don't mind wiping the drive 100%. Also, turn off system-restore.

[Maurice]

I do have 1 storage drive, ya avast didnt catch it.

How do I do a zero out format?

Is system restore really an issue?

[pheonix991]

Quote:

Originally Posted by Maurice

I do have 1 storage drive, ya avast didnt catch it.

How do I do a zero out format?

Is system restore really an issue?

You can use Dban to zero the drive. It's part of the ultimatebootcd.

[jbmcmillan]

When you format are you doing a clean install every time?If you are I'd be more inclined to think a false positive from some software you use that KL is hitting on.I would be trying to find another scanner to agree before I went through all that trouble again.

[Josie Wales]

Maurice you should tell us the exact file name and location of the suspected keylogger. KL Detector will trigger with standard software log files, so it makes a difference which file it is detecting. Since Avast does not consider the file to be a keylogger it is likely not a security problem. I suspect it is a simple Windows dat file. Still, with a bit more effort you should be able to make the full file path and suspicious file visible. At that point you can decide if you want to securely erase the file.

[Maurice]

Ya, a clean install everytime.

I can run it again, but It did come up with a windows dat file, so idk.

Whats another program I can use to make sure?

[Josie Wales]

Then run it again. Tell us the exact file name and location of the suspected keylogger.

[Maurice]

Ran it again. Here is what it listed.

KL-Detector has found a suspicious file:
C:\Users\Maurice\AppData\LocalLow\Microsoft\Intern et Explorer\DOMStore\P7HVD2ON\faqs.ign[1].xml

Please check; someone might have installed a keylogger on your computer!


You MAY want to take a look at:
C:\Users\Maurice\
C:\Windows\Prefetch\
C:\Windows\Temp\
C:\Users\Maurice\AppData\Local\Microsoft\Windows\T emporary Internet Files\Low\Content.IE5\C2EOJ512\
C:\Users\Maurice\AppData\Local\Microsoft\Windows\T emporary Internet Files\Low\Content.IE5\EHJ92HV6\
C:\Users\Maurice\AppData\Local\Microsoft\Windows\T emporary Internet Files\Low\Content.IE5\1JZ87TJO\
C:\Users\Maurice\AppData\Local\Microsoft\Windows\T emporary Internet Files\Low\Content.IE5\BV1OZXBU\


Also I keep getting Mail System Error - Returned Mail in my windows live mail.

I called cox and reset my password and everything, but they keep coming.

Here is what one of them says. All of these have attachments.

Recipient: <kevbnaylor@gmail.com>
Reason: 5.2.1 The user you are trying to contact is receiving mail at a rate that 5.2.1 prevents additional messages from being delivered. For more 5.2.1 information, please visit 5.2.1 http://support.google.com/mail/bin/a...py?answer=6592 t2si14718879oef.53


Please reply to <Postmaster@cox.net>
if you feel this message to be in error.

All of these have attachments.

[pckid9234]

+1 to dban will delete EVERYTHING.
I used it with great results

[Josie Wales]

Do the file paths you listed really have a space in the word "Intern et" or "T emporary"? If not you do not have a key logger. Document Object Model storage is a standard log function in IE. It aids the browser when working with multiple open windows.

[Maurice]

Quote:

Originally Posted by Josie Wales

Do the file paths you listed really have a space in the word "Intern et" or "T emporary"? If not you do not have a key logger. Document Object Model storage is a standard log function in IE. It aids the browser when working with multiple open windows.

I went to C:\Users\Maurice\AppData\Local\Microsoft\Windows, and did not find any temp folders or files.

[Mindwarp]

Is the OS disk 'reputable'?

[Maurice]

If you mean 'reputable' by legit, than yes

[Josie Wales]

Quote:

Originally Posted by Maurice

I went to C:\Users\Maurice\AppData\Local\Microsoft\Windows, and did not find any temp folders or files.

With Internet Explorer open you would look to find the root file that KL Detector alerted you to. It is a legitimate Windows file. The only possible concern would be if it had the space in the word "Intern_et" as you showed us in your previous post. ONLY if that space existed would you need to be concerned that it is a spoof file. Otherwise KL Detector is alerting you to a standard operating file for IE and you can stop worrying.

C:\Users\Maurice\AppData\LocalLow\Microsoft\Intern et Explorer\DOMStore

[Maurice]

With IE open, I am not finding anything, so I am not going to worry about it.

Thanks guy's.