EXTREME Overclocking Forums
Home | Reviews | Forums | Downloads | RealTime Pricing Engine | Folding Stats Contact Us


Go Back   EXTREME Overclocking Forums > Software Discussion > Antivirus & Spyware

Closed Thread
 
Thread Tools
Old 04-16-2012, 08:08 PM   #1
Maurice
Partial to LUNAR
Senior Member
 
Maurice's Avatar
 
Join Date: Jul 2002
Location: Southern Cali
Age: 37
Posts: 6,373
iTrader: 16 / 100%
I keep getting key loggers

Hey guy's,

I have formated like 4 times, and When I use KL detector. it tells me I have some suspitious stuff. I looked where it said there was stuff, but found nothing.

Yes I un-hid files and folders.

I use avast, I just want to know if I really have one, why I keep getting one, and how to not get one, or get rid of one..

Than you.
__________________
I7 2600K
Gigabyte z68xp-ud3p
G.SKILL Sniper Series(2 x 4GB)
Evga GTX 580 1.5gb
LG 32LN5300-UB
Corsair HX620 psu
ASUS Xonar D2
Logitech Z-5500's

"When you're born you get a ticket to the freak show. When you're born in America, you get a front row seat."
Offline  
Old 04-16-2012, 09:09 PM   #2
Tomek
Just Monkeying Around
Senior Member
 
Tomek's Avatar
 
Join Date: Jan 2006
Location: Vancouver
Age: 42
Posts: 1,448
iTrader: 0 / 0%
Just guessing (don't have any experience w/ that ap) but perhaps it's trying to promote

itself through false semi-positives. Can anyone confirm who solid this ap is or not?
__________________
FX-8320 / 8GB / 2x6950 / M4 SSD / RAID0 Raptors / Bla Bla Bla
Offline  
Old 04-16-2012, 09:52 PM   #3
DrGuns4Hands
Come on Piledriver
Regular Member
 
Join Date: Dec 2011
Age: 26
Posts: 218
iTrader: 0 / 0%
I don't see how the Key Logger could make it through a reformat unless you downloaded something wonky every time after you reformatted before downloading the program I searched KL detector scam but nothings coming up so I'm thinking it's probably a legit program. Could still be a false positive search the file location it tells you through google along with KL detector and see what pops up might be a common error.

Also do you have multiple storage drives?
__________________
------------------------------------------------------
Offline  
Old 04-16-2012, 10:35 PM   #4
jbmcmillan
OLD FART
Senior Member
 
Join Date: Mar 2003
Location: Langley,B.C.
Age: 62
Posts: 3,830
iTrader: 9 / 100%
Avast is saying keylogger?
__________________
Processor-i5 2500k @ 4.4 GHZ.@1.3v
Mobo-Asus Z77 VL-K
Video-Gigabyte 7870 OC 1180/1220
Ram-8GB,GSkill 1600 DDR3
HS-Corsair H100i
PSU-OCZ 1000 Watt Z series
Offline  
Old 04-16-2012, 10:39 PM   #5
DrGuns4Hands
Come on Piledriver
Regular Member
 
Join Date: Dec 2011
Age: 26
Posts: 218
iTrader: 0 / 0%
I think he meant avast isn't catching anything, and I don't know if it even looks for key loggers.
__________________
------------------------------------------------------
Offline  
Old 04-16-2012, 10:47 PM   #6
lord_adrick
I am the LlamaGod!
Senior Member
 
lord_adrick's Avatar
 
Join Date: Oct 2003
Location: Northern VA
Age: 35
Posts: 159
iTrader: 1 / 100%
Check for boot sector virus. Might be a rootkit of some sort. A full zero-out format should take care of it if you don't mind wiping the drive 100%. Also, turn off system-restore.
__________________

Offline  
Old 04-17-2012, 12:43 AM   #7
Maurice
Partial to LUNAR
Senior Member
 
Maurice's Avatar
 
Join Date: Jul 2002
Location: Southern Cali
Age: 37
Posts: 6,373
iTrader: 16 / 100%
I do have 1 storage drive, ya avast didnt catch it.

How do I do a zero out format?

Is system restore really an issue?
__________________
I7 2600K
Gigabyte z68xp-ud3p
G.SKILL Sniper Series(2 x 4GB)
Evga GTX 580 1.5gb
LG 32LN5300-UB
Corsair HX620 psu
ASUS Xonar D2
Logitech Z-5500's

"When you're born you get a ticket to the freak show. When you're born in America, you get a front row seat."
Offline  
Old 04-17-2012, 04:10 AM   #8
pheonix991
Hehe
Senior Member
 
pheonix991's Avatar
 
Join Date: Apr 2005
Location: Northwest, AR
Age: 26
Posts: 3,597
iTrader: 6 / 100%
Quote:
Originally Posted by Maurice View Post
I do have 1 storage drive, ya avast didnt catch it.

How do I do a zero out format?

Is system restore really an issue?
You can use Dban to zero the drive. It's part of the ultimatebootcd.
__________________
RMA Count:3 Video card, 6 Mobos, 1 Cpu, 2 Psu... My luck sucks...
Resurrected 2 Video Cards, 1 XBOX 360
"I live my life a quarter mile at a time, and for 19 seconds, I'm free."
-Nagoshi
"They don't get the whole date a chick to just bang and occasionally watch crappy TV shows with and keep the bed warm because natural gas is really expensive this year."
-@dmin
"
On a more serious note, I actually love Pheonix."
-Clone of 501
"That girl hasn't been touched because I get to play with lots of others and even get paid to play with some."-ZJChaser
Offline  
Old 04-17-2012, 05:50 AM   #9
jbmcmillan
OLD FART
Senior Member
 
Join Date: Mar 2003
Location: Langley,B.C.
Age: 62
Posts: 3,830
iTrader: 9 / 100%
When you format are you doing a clean install every time?If you are I'd be more inclined to think a false positive from some software you use that KL is hitting on.I would be trying to find another scanner to agree before I went through all that trouble again.
__________________
Processor-i5 2500k @ 4.4 GHZ.@1.3v
Mobo-Asus Z77 VL-K
Video-Gigabyte 7870 OC 1180/1220
Ram-8GB,GSkill 1600 DDR3
HS-Corsair H100i
PSU-OCZ 1000 Watt Z series
Offline  
Old 04-17-2012, 09:15 AM   #10
Josie Wales
Extreme Overclocker
Senior Member
 
Josie Wales's Avatar
 
Join Date: Jan 2005
Location: St Paul
Posts: 2,384
iTrader: 4 / 100%
Maurice you should tell us the exact file name and location of the suspected keylogger. KL Detector will trigger with standard software log files, so it makes a difference which file it is detecting. Since Avast does not consider the file to be a keylogger it is likely not a security problem. I suspect it is a simple Windows dat file. Still, with a bit more effort you should be able to make the full file path and suspicious file visible. At that point you can decide if you want to securely erase the file.
__________________
.
BAKE IT 'TIL YOU BREAK IT!!!!!
.

.
"The PSU cowboy strikes again!!!" - AruisDante
.
Offline  
Old 04-17-2012, 02:05 PM   #11
Maurice
Partial to LUNAR
Senior Member
 
Maurice's Avatar
 
Join Date: Jul 2002
Location: Southern Cali
Age: 37
Posts: 6,373
iTrader: 16 / 100%
Ya, a clean install everytime.

I can run it again, but It did come up with a windows dat file, so idk.

Whats another program I can use to make sure?
__________________
I7 2600K
Gigabyte z68xp-ud3p
G.SKILL Sniper Series(2 x 4GB)
Evga GTX 580 1.5gb
LG 32LN5300-UB
Corsair HX620 psu
ASUS Xonar D2
Logitech Z-5500's

"When you're born you get a ticket to the freak show. When you're born in America, you get a front row seat."
Offline  
Old 04-17-2012, 05:13 PM   #12
Josie Wales
Extreme Overclocker
Senior Member
 
Josie Wales's Avatar
 
Join Date: Jan 2005
Location: St Paul
Posts: 2,384
iTrader: 4 / 100%
Then run it again. Tell us the exact file name and location of the suspected keylogger.
__________________
.
BAKE IT 'TIL YOU BREAK IT!!!!!
.

.
"The PSU cowboy strikes again!!!" - AruisDante
.
Offline  
Old 04-17-2012, 07:35 PM   #13
Maurice
Partial to LUNAR
Senior Member
 
Maurice's Avatar
 
Join Date: Jul 2002
Location: Southern Cali
Age: 37
Posts: 6,373
iTrader: 16 / 100%
Ran it again. Here is what it listed.

KL-Detector has found a suspicious file:
C:\Users\Maurice\AppData\LocalLow\Microsoft\Intern et Explorer\DOMStore\P7HVD2ON\faqs.ign[1].xml

Please check; someone might have installed a keylogger on your computer!


You MAY want to take a look at:
C:\Users\Maurice\
C:\Windows\Prefetch\
C:\Windows\Temp\
C:\Users\Maurice\AppData\Local\Microsoft\Windows\T emporary Internet Files\Low\Content.IE5\C2EOJ512\
C:\Users\Maurice\AppData\Local\Microsoft\Windows\T emporary Internet Files\Low\Content.IE5\EHJ92HV6\
C:\Users\Maurice\AppData\Local\Microsoft\Windows\T emporary Internet Files\Low\Content.IE5\1JZ87TJO\
C:\Users\Maurice\AppData\Local\Microsoft\Windows\T emporary Internet Files\Low\Content.IE5\BV1OZXBU\


Also I keep getting Mail System Error - Returned Mail in my windows live mail.

I called cox and reset my password and everything, but they keep coming.

Here is what one of them says. All of these have attachments.

Recipient: <kevbnaylor@gmail.com>
Reason: 5.2.1 The user you are trying to contact is receiving mail at a rate that 5.2.1 prevents additional messages from being delivered. For more 5.2.1 information, please visit 5.2.1 http://support.google.com/mail/bin/a...py?answer=6592 t2si14718879oef.53


Please reply to <Postmaster@cox.net>
if you feel this message to be in error.

All of these have attachments.
__________________
I7 2600K
Gigabyte z68xp-ud3p
G.SKILL Sniper Series(2 x 4GB)
Evga GTX 580 1.5gb
LG 32LN5300-UB
Corsair HX620 psu
ASUS Xonar D2
Logitech Z-5500's

"When you're born you get a ticket to the freak show. When you're born in America, you get a front row seat."
Offline  
Old 04-17-2012, 07:54 PM   #14
pckid9234
Extreme Overclocker
Senior Member
 
pckid9234's Avatar
 
Join Date: May 2011
Location: NJ
Posts: 845
iTrader: 2 / 100%
+1 to dban will delete EVERYTHING.
I used it with great results
Offline  
Old 04-20-2012, 09:35 AM   #15
Josie Wales
Extreme Overclocker
Senior Member
 
Josie Wales's Avatar
 
Join Date: Jan 2005
Location: St Paul
Posts: 2,384
iTrader: 4 / 100%
Do the file paths you listed really have a space in the word "Intern et" or "T emporary"? If not you do not have a key logger. Document Object Model storage is a standard log function in IE. It aids the browser when working with multiple open windows.
__________________
.
BAKE IT 'TIL YOU BREAK IT!!!!!
.

.
"The PSU cowboy strikes again!!!" - AruisDante
.
Offline  
Old 04-20-2012, 05:01 PM   #16
Maurice
Partial to LUNAR
Senior Member
 
Maurice's Avatar
 
Join Date: Jul 2002
Location: Southern Cali
Age: 37
Posts: 6,373
iTrader: 16 / 100%
Quote:
Originally Posted by Josie Wales View Post
Do the file paths you listed really have a space in the word "Intern et" or "T emporary"? If not you do not have a key logger. Document Object Model storage is a standard log function in IE. It aids the browser when working with multiple open windows.
I went to C:\Users\Maurice\AppData\Local\Microsoft\Windows, and did not find any temp folders or files.
__________________
I7 2600K
Gigabyte z68xp-ud3p
G.SKILL Sniper Series(2 x 4GB)
Evga GTX 580 1.5gb
LG 32LN5300-UB
Corsair HX620 psu
ASUS Xonar D2
Logitech Z-5500's

"When you're born you get a ticket to the freak show. When you're born in America, you get a front row seat."
Offline  
Old 04-20-2012, 05:05 PM   #17
Mindwarp
I hate bronies!
Senior Member
 
Mindwarp's Avatar
 
Join Date: Sep 2003
Location: Stantspammerbahn
Age: 49
Posts: 2,064
iTrader: 10 / 100%
Is the OS disk 'reputable'?
__________________

Hmm. Maybe drunk = me has a better english? - Nagoshi
Offline  
Old 04-20-2012, 09:04 PM   #18
Maurice
Partial to LUNAR
Senior Member
 
Maurice's Avatar
 
Join Date: Jul 2002
Location: Southern Cali
Age: 37
Posts: 6,373
iTrader: 16 / 100%
If you mean 'reputable' by legit, than yes
__________________
I7 2600K
Gigabyte z68xp-ud3p
G.SKILL Sniper Series(2 x 4GB)
Evga GTX 580 1.5gb
LG 32LN5300-UB
Corsair HX620 psu
ASUS Xonar D2
Logitech Z-5500's

"When you're born you get a ticket to the freak show. When you're born in America, you get a front row seat."
Offline  
Old 04-21-2012, 08:49 PM   #19
Josie Wales
Extreme Overclocker
Senior Member
 
Josie Wales's Avatar
 
Join Date: Jan 2005
Location: St Paul
Posts: 2,384
iTrader: 4 / 100%
Quote:
Originally Posted by Maurice View Post
I went to C:\Users\Maurice\AppData\Local\Microsoft\Windows, and did not find any temp folders or files.
With Internet Explorer open you would look to find the root file that KL Detector alerted you to. It is a legitimate Windows file. The only possible concern would be if it had the space in the word "Intern_et" as you showed us in your previous post. ONLY if that space existed would you need to be concerned that it is a spoof file. Otherwise KL Detector is alerting you to a standard operating file for IE and you can stop worrying.

C:\Users\Maurice\AppData\LocalLow\Microsoft\Intern et Explorer\DOMStore
__________________
.
BAKE IT 'TIL YOU BREAK IT!!!!!
.

.
"The PSU cowboy strikes again!!!" - AruisDante
.
Offline  
Old 04-21-2012, 11:40 PM   #20
Maurice
Partial to LUNAR
Senior Member
 
Maurice's Avatar
 
Join Date: Jul 2002
Location: Southern Cali
Age: 37
Posts: 6,373
iTrader: 16 / 100%
With IE open, I am not finding anything, so I am not going to worry about it.

Thanks guy's.
__________________
I7 2600K
Gigabyte z68xp-ud3p
G.SKILL Sniper Series(2 x 4GB)
Evga GTX 580 1.5gb
LG 32LN5300-UB
Corsair HX620 psu
ASUS Xonar D2
Logitech Z-5500's

"When you're born you get a ticket to the freak show. When you're born in America, you get a front row seat."
Offline  
Sponsored Links:
Closed Thread

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 07:05 AM.

Copyright 2000 - 2016, vBulletin Solutions, Inc.
Powered by vBulletin
Copyright 2000 - 2016, EXTREME Overclocking