Keylogger help!

Discussion in 'Windows 7 Help and Support' started by DarkDream, Dec 4, 2011.

  1. DarkDream

    DarkDream New Member

    Joined:
    Dec 4, 2011
    Messages:
    2
    Likes Received:
    0
    According to Trusteer Rapport I have a keylogger on my machine. Scans with Eset, Ad-Aware and Mbam (Safe Mode) have turned up one Trojan (installmon.exe???)

    When PC was started up Saturday my pictures, music, bookmarks had all disappeared and my Recycle bin had been renamed sh*te bin. We believe whatever this was, was caught from Facebook (Elmer edit: Cos She's always bloody on there!! :D)

    After the Mbam scan all those were back in their rightful places. But I still have this keylogger.

    I've been advised by Elmer to run the SF Diagnostics tool to give as much info about My Lenovo G550 laptop as possible. I'm running Windows 7 32 bit.
     

    Attached Files:

    #1 DarkDream, Dec 4, 2011
    Last edited by a moderator: Dec 4, 2011
  2. Saltgrass

    Saltgrass Excellent Member
    Microsoft Community Contributor

    Joined:
    Oct 16, 2009
    Messages:
    15,157
    Likes Received:
    393
    How do you know you have a key logger?

    Edit: Sorry, I see how, now I just have to check what that is..

    Speaking for myself, I get a little nervous about doing Google searches for solutions for virus type situations...but if you have a key logger, there should be some anti-virus that advertises to remove it.
     
    #2 Saltgrass, Dec 5, 2011
    Last edited: Dec 5, 2011
  3. Elmer

    Elmer Extraordinary Member

    Joined:
    Mar 5, 2010
    Messages:
    3,873
    Likes Received:
    284
    Thanks for the reply Clark. I shouldn't worry, (for now!!). DarkDream is my Step-Daughter, she/we went for a restore to factory defaults today, I only said run Mbam! :D

    One thing we did find that I could only find "iffy" google reports (as you say, as usual) was fbx.exe. That was what was removed on the Saturday when all her stuff returned. Had to manually rename the bin though which means whatever it was had changed at least that registry permissions.
     
  4. Saltgrass

    Saltgrass Excellent Member
    Microsoft Community Contributor

    Joined:
    Oct 16, 2009
    Messages:
    15,157
    Likes Received:
    393
    1 person likes this.
  5. Elmer

    Elmer Extraordinary Member

    Joined:
    Mar 5, 2010
    Messages:
    3,873
    Likes Received:
    284
    The presence of the following files:

    c:\documents and settings\administrator\application data\fbx.exe
    c:\documents and settings\administrator\local settings\temp\nslf.tmp



    The presence of the following registry modifications:


    Adds value: "InstallMon"
    With data: "c:\documents and settings\administrator\application data\fbx.exe"
    To subkey: HKCU\Software\Microsoft\windows\currentversion\run

    Bang on Clark, it was the fbx.exe in msconfig that started the hunt with the installmon being mentioned in one of the scans. I'll keep a b/mark of that page. Again, Thanks.
     

Share This Page

Loading...