Keylogger help!

#1
According to Trusteer Rapport I have a keylogger on my machine. Scans with Eset, Ad-Aware and Mbam (Safe Mode) have turned up one Trojan (installmon.exe???)

When PC was started up Saturday my pictures, music, bookmarks had all disappeared and my Recycle bin had been renamed sh*te bin. We believe whatever this was, was caught from Facebook (Elmer edit: Cos She's always bloody on there!! :D)

After the Mbam scan all those were back in their rightful places. But I still have this keylogger.

I've been advised by Elmer to run the SF Diagnostics tool to give as much info about My Lenovo G550 laptop as possible. I'm running Windows 7 32 bit.
 


Attachments

Last edited by a moderator:

Saltgrass

Excellent Member
Microsoft Community Contributor
#2
How do you know you have a key logger?

Edit: Sorry, I see how, now I just have to check what that is..

Speaking for myself, I get a little nervous about doing Google searches for solutions for virus type situations...but if you have a key logger, there should be some anti-virus that advertises to remove it.
 


Last edited:

Elmer

Extraordinary Member
#3
Thanks for the reply Clark. I shouldn't worry, (for now!!). DarkDream is my Step-Daughter, she/we went for a restore to factory defaults today, I only said run Mbam! :D

One thing we did find that I could only find "iffy" google reports (as you say, as usual) was fbx.exe. That was what was removed on the Saturday when all her stuff returned. Had to manually rename the bin though which means whatever it was had changed at least that registry permissions.
 


Saltgrass

Excellent Member
Microsoft Community Contributor
#4
I did find this page, seems to be safe site :)

Encyclopedia entry: Trojan:Win32/Fbxom.A - Learn more about malware - Microsoft Malware Protection Center

I always find it interesting to see what some viruses do to a system. After watching the description of the Stuxnet infection on the SysInternals site I get a hint of what can be done by such software.
 


Elmer

Extraordinary Member
#5
The presence of the following files:

c:\documents and settings\administrator\application data\fbx.exe
c:\documents and settings\administrator\local settings\temp\nslf.tmp



The presence of the following registry modifications:


Adds value: "InstallMon"
With data: "c:\documents and settings\administrator\application data\fbx.exe"
To subkey: HKCU\Software\Microsoft\windows\currentversion\run

Bang on Clark, it was the fbx.exe in msconfig that started the hunt with the installmon being mentioned in one of the scans. I'll keep a b/mark of that page. Again, Thanks.
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.