EXTREME Overclocking Forums
Home | Reviews | Forums | Downloads | $ EXTREME Deals $ | RealTime Pricing | Free Magazines | Gear | Folding Stats Newsletter | Contact Us


Go Back   EXTREME Overclocking Forums > Software Discussion > Antivirus & Spyware
Register Forum Rules FAQ Search Today's Posts Mark Forums Read

Welcome Guest Visitor! Please Register, It's Free and Fun To Participate!
The EXTREME Overclocking Forums are a place for people to learn how to overclock and tweak their PC's components like the CPU, memory (RAM), or video card in order to gain the maximum performance out of their system. There are lots of discussions about new processors, graphics cards, cooling products, power supplies, cases, and so much more!

You are currently viewing our boards as a "guest" which gives you limited access to view most discussions. You need to register before you can post: click the register link to proceed. Before you register, please read the forum rules. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own pictures, and access many other special features. Registration is fast, simple, and absolutely free! To start viewing messages, select the forum that you want to visit from the selection below.

After you have registered and read the forum rules, you can check out the FAQ for more information on using the forum. We hope you enjoy your stay here!

Note To Spammers: We do not allow unsolicited advertising! Spam is usually reported & deleted within minutes of it being posted, so don't waste your time (or ours)!


Please Register to Post a Reply
 
Thread Tools
Old 04-16-2012, 08:08 PM   #1
Maurice
Partial to LUNAR
Maurice's Avatar
Senior Member
 
Posts: 6,364
Last Seen: 07-20-2014
Age: 35
From: Southern Cali
iTrader: 16 / 100%
I keep getting key loggers

Hey guy's,

I have formated like 4 times, and When I use KL detector. it tells me I have some suspitious stuff. I looked where it said there was stuff, but found nothing.

Yes I un-hid files and folders.

I use avast, I just want to know if I really have one, why I keep getting one, and how to not get one, or get rid of one..

Than you.
United States  Offline
    Register to Reply to This Post
Old 04-16-2012, 09:09 PM   #2
Tomek
Just Monkeying Around
Tomek's Avatar
Senior Member
 
Posts: 1,430
Last Seen: Yesterday
Age: 40
From: Vancouver
iTrader: 0 / 0%
Just guessing (don't have any experience w/ that ap) but perhaps it's trying to promote

itself through false semi-positives. Can anyone confirm who solid this ap is or not?
Canada  Offline
    Register to Reply to This Post
Old 04-16-2012, 09:52 PM   #3
DrGuns4Hands
Come on Piledriver
Regular Member
 
Posts: 218
Last Seen: 12-24-2012
Age: 24
iTrader: 0 / 0%
I don't see how the Key Logger could make it through a reformat unless you downloaded something wonky every time after you reformatted before downloading the program I searched KL detector scam but nothings coming up so I'm thinking it's probably a legit program. Could still be a false positive search the file location it tells you through google along with KL detector and see what pops up might be a common error.

Also do you have multiple storage drives?
United States  DrGuns4Hands Folds For EOC!  Offline
    Register to Reply to This Post
Old 04-16-2012, 10:35 PM   #4
jbmcmillan
OLD FART
Senior Member
 
Posts: 3,553
Last Seen: Today
Age: 60
From: Langley,B.C.
iTrader: 8 / 100%
Avast is saying keylogger?
Canada  Offline
    Register to Reply to This Post
Old 04-16-2012, 10:39 PM   #5
DrGuns4Hands
Come on Piledriver
Regular Member
 
Posts: 218
Last Seen: 12-24-2012
Age: 24
iTrader: 0 / 0%
I think he meant avast isn't catching anything, and I don't know if it even looks for key loggers.
United States  DrGuns4Hands Folds For EOC!  Offline
    Register to Reply to This Post
Old 04-16-2012, 10:47 PM   #6
lord_adrick
I am the LlamaGod!
lord_adrick's Avatar
Senior Member
 
Posts: 159
Last Seen: 03-09-2013
Age: 33
From: Northern VA
iTrader: 1 / 100%
Check for boot sector virus. Might be a rootkit of some sort. A full zero-out format should take care of it if you don't mind wiping the drive 100%. Also, turn off system-restore.
United States  Offline
    Register to Reply to This Post
Old 04-17-2012, 12:43 AM   #7
Maurice
Partial to LUNAR
Maurice's Avatar
Senior Member
 
Posts: 6,364
Last Seen: 07-20-2014
Age: 35
From: Southern Cali
iTrader: 16 / 100%
I do have 1 storage drive, ya avast didnt catch it.

How do I do a zero out format?

Is system restore really an issue?
United States  Offline
    Register to Reply to This Post
Old 04-17-2012, 04:10 AM   #8
pheonix991
Hehe
pheonix991's Avatar
Senior Member
 
Posts: 3,580
Last Seen: Today
Age: 24
From: The Ghetto, AR
iTrader: 6 / 100%
Quote:
Originally Posted by Maurice View Post
I do have 1 storage drive, ya avast didnt catch it.

How do I do a zero out format?

Is system restore really an issue?
You can use Dban to zero the drive. It's part of the ultimatebootcd.
United States  Offline
    Register to Reply to This Post
Old 04-17-2012, 05:50 AM   #9
jbmcmillan
OLD FART
Senior Member
 
Posts: 3,553
Last Seen: Today
Age: 60
From: Langley,B.C.
iTrader: 8 / 100%
When you format are you doing a clean install every time?If you are I'd be more inclined to think a false positive from some software you use that KL is hitting on.I would be trying to find another scanner to agree before I went through all that trouble again.
Canada  Offline
    Register to Reply to This Post
Old 04-17-2012, 09:15 AM   #10
Josie Wales
Extreme Overclocker
Josie Wales's Avatar
Senior Member
 
Posts: 2,371
Last Seen: Today
From: St Paul
iTrader: 4 / 100%
Maurice you should tell us the exact file name and location of the suspected keylogger. KL Detector will trigger with standard software log files, so it makes a difference which file it is detecting. Since Avast does not consider the file to be a keylogger it is likely not a security problem. I suspect it is a simple Windows dat file. Still, with a bit more effort you should be able to make the full file path and suspicious file visible. At that point you can decide if you want to securely erase the file.
United States  Online
    Register to Reply to This Post
Old 04-17-2012, 02:05 PM   #11
Maurice
Partial to LUNAR
Maurice's Avatar
Senior Member
 
Posts: 6,364
Last Seen: 07-20-2014
Age: 35
From: Southern Cali
iTrader: 16 / 100%
Ya, a clean install everytime.

I can run it again, but It did come up with a windows dat file, so idk.

Whats another program I can use to make sure?
United States  Offline
    Register to Reply to This Post
Old 04-17-2012, 05:13 PM   #12
Josie Wales
Extreme Overclocker
Josie Wales's Avatar
Senior Member
 
Posts: 2,371
Last Seen: Today
From: St Paul
iTrader: 4 / 100%
Then run it again. Tell us the exact file name and location of the suspected keylogger.
United States  Online
    Register to Reply to This Post
Old 04-17-2012, 07:35 PM   #13
Maurice
Partial to LUNAR
Maurice's Avatar
Senior Member
 
Posts: 6,364
Last Seen: 07-20-2014
Age: 35
From: Southern Cali
iTrader: 16 / 100%
Ran it again. Here is what it listed.

KL-Detector has found a suspicious file:
C:\Users\Maurice\AppData\LocalLow\Microsoft\Intern et Explorer\DOMStore\P7HVD2ON\faqs.ign[1].xml

Please check; someone might have installed a keylogger on your computer!


You MAY want to take a look at:
C:\Users\Maurice\
C:\Windows\Prefetch\
C:\Windows\Temp\
C:\Users\Maurice\AppData\Local\Microsoft\Windows\T emporary Internet Files\Low\Content.IE5\C2EOJ512\
C:\Users\Maurice\AppData\Local\Microsoft\Windows\T emporary Internet Files\Low\Content.IE5\EHJ92HV6\
C:\Users\Maurice\AppData\Local\Microsoft\Windows\T emporary Internet Files\Low\Content.IE5\1JZ87TJO\
C:\Users\Maurice\AppData\Local\Microsoft\Windows\T emporary Internet Files\Low\Content.IE5\BV1OZXBU\


Also I keep getting Mail System Error - Returned Mail in my windows live mail.

I called cox and reset my password and everything, but they keep coming.

Here is what one of them says. All of these have attachments.

Recipient: <kevbnaylor@gmail.com>
Reason: 5.2.1 The user you are trying to contact is receiving mail at a rate that 5.2.1 prevents additional messages from being delivered. For more 5.2.1 information, please visit 5.2.1 http://support.google.com/mail/bin/a...py?answer=6592 t2si14718879oef.53


Please reply to <Postmaster@cox.net>
if you feel this message to be in error.

All of these have attachments.
United States  Offline
    Register to Reply to This Post
Old 04-17-2012, 07:54 PM   #14
pckid9234
Extreme Overclocker
pckid9234's Avatar
Senior Member
 
Posts: 832
Last Seen: 06-02-2014
From: NJ
iTrader: 2 / 100%
+1 to dban will delete EVERYTHING.
I used it with great results
United States  Offline
    Register to Reply to This Post
Old 04-20-2012, 09:35 AM   #15
Josie Wales
Extreme Overclocker
Josie Wales's Avatar
Senior Member
 
Posts: 2,371
Last Seen: Today
From: St Paul
iTrader: 4 / 100%
Do the file paths you listed really have a space in the word "Intern et" or "T emporary"? If not you do not have a key logger. Document Object Model storage is a standard log function in IE. It aids the browser when working with multiple open windows.
United States  Online
    Register to Reply to This Post
Old 04-20-2012, 05:01 PM   #16
Maurice
Partial to LUNAR
Maurice's Avatar
Senior Member
 
Posts: 6,364
Last Seen: 07-20-2014
Age: 35
From: Southern Cali
iTrader: 16 / 100%
Quote:
Originally Posted by Josie Wales View Post
Do the file paths you listed really have a space in the word "Intern et" or "T emporary"? If not you do not have a key logger. Document Object Model storage is a standard log function in IE. It aids the browser when working with multiple open windows.
I went to C:\Users\Maurice\AppData\Local\Microsoft\Windows, and did not find any temp folders or files.
United States  Offline
    Register to Reply to This Post
Old 04-20-2012, 05:05 PM   #17
Mindwarp
I hate bronies!
Mindwarp's Avatar
Senior Member
 
Posts: 2,064
Last Seen: 06-12-2014
Age: 47
From: Stantspammerbahn
iTrader: 10 / 100%
Is the OS disk 'reputable'?
Canada  Offline
    Register to Reply to This Post
Old 04-20-2012, 09:04 PM   #18
Maurice
Partial to LUNAR
Maurice's Avatar
Senior Member
 
Posts: 6,364
Last Seen: 07-20-2014
Age: 35
From: Southern Cali
iTrader: 16 / 100%
If you mean 'reputable' by legit, than yes
United States  Offline
    Register to Reply to This Post
Old 04-21-2012, 08:49 PM   #19
Josie Wales
Extreme Overclocker
Josie Wales's Avatar
Senior Member
 
Posts: 2,371
Last Seen: Today
From: St Paul
iTrader: 4 / 100%
Quote:
Originally Posted by Maurice View Post
I went to C:\Users\Maurice\AppData\Local\Microsoft\Windows, and did not find any temp folders or files.
With Internet Explorer open you would look to find the root file that KL Detector alerted you to. It is a legitimate Windows file. The only possible concern would be if it had the space in the word "Intern_et" as you showed us in your previous post. ONLY if that space existed would you need to be concerned that it is a spoof file. Otherwise KL Detector is alerting you to a standard operating file for IE and you can stop worrying.

C:\Users\Maurice\AppData\LocalLow\Microsoft\Intern et Explorer\DOMStore
United States  Online
    Register to Reply to This Post
Old 04-21-2012, 11:40 PM   #20
Maurice
Partial to LUNAR
Maurice's Avatar
Senior Member
 
Posts: 6,364
Last Seen: 07-20-2014
Age: 35
From: Southern Cali
iTrader: 16 / 100%
With IE open, I am not finding anything, so I am not going to worry about it.

Thanks guy's.
United States  Offline
    Register to Reply to This Post
Sponsored Links:
Please Register to Post a Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

All times are GMT -6. The time now is 08:08 PM.

Copyright 2000 - 2011, Jelsoft Enterprises Ltd.
Powered by vBulletin
Copyright 2000 - 2011, EXTREME Overclocking