Help please! I have a keylogger trojan.

Discussion in 'Windows Desktop Systems' started by daddyo, Dec 16, 2003.

  1. daddyo

    daddyo OSNN Addict

    Messages:
    151
    According to Norton, my system is infected with the Keylogger.trojan virus and I can't seem to find it. It seems to prevent Norton Systmworks from starting and is hiding from all the antivirus checks I've run. I've tried Spybot, The Cleaner, Norton Antivirus, two on-line virus and trojan checks, but nothing seems to detect the virus.

    I can hear the hard drive run each time I hit a key, but I can't seem to find what is causing the problem. The Symantec web site has insturctions on how to clear the virus by manually editing the registry and searching for certain files, but there are none of the files that they describe. I've also tried turning off all the startup files in msconfig and Task Manager to no avail.

    I suspect there is a different keylogger that Norton is mis-identifying as Keylogger.tronan. The big question is, what would cause Norton Systemworks 2004 not to start, including the utilities, clean sweep and antivirus. I've uninstalled and reinstalled the program twice, and all went fine until I tried to operate it. It registers properly, but still will not run. Please don't tell me it's Norton's fault (I know some don't care for the product, but I've never had a problem with it)

    I'm out of ideas. Anybody got any other things I can try? Thanks to all in this wonderful forum.
     
  2. GoNz0

    GoNz0 NTFS Stoner

    Messages:
    2,781
    Location:
    the year 2525
  3. daddyo

    daddyo OSNN Addict

    Messages:
    151
    Thanks for the response. I tried Trend microvirus last night and it didn't find anything. I know I'm still infected since I can hear the hard drive run with each key stroke. And Norton still doesn't work. I did find a few new pieces of information today that I'll try tonight. At this point though, it's looking like I might have to reformat the drive. I hope it doesn't come to that.
     
  4. Enyo

    Enyo Moderator

    Messages:
    1,338
  5. daddyo

    daddyo OSNN Addict

    Messages:
    151
    Thanks Enyo. I'll give it a go tonight. I hope to find the culprit without having to redo the entire drive. It's 9:20 in the morning here (southern California, USA) so I'll have to wait a while.
     
  6. daddyo

    daddyo OSNN Addict

    Messages:
    151
    Enyo, I scanned my system with TDS-3 and it found the keylogger. It was disguised as a .tmp file, of all things. Once I was rid of that, I was able to get Norton AV to run and it found 3 other viruses that were promptly quarantined.

    I also searched the registry for the files names and found where they were being activated. Norton Systemworks still would not start, so I uninstalled and reinstalled it and all the functions seem to work. Live Update is even working, so whatever was blocking that function is also gone. I had to do a manual cleansing of the registry, but everything looks OK as of now.

    The hard drive isn't running each time I hit a key, so I think I got the problem solved. Thanks for your help.

    By the way, the link to a2 doesn't work and the link to Startuplist gave me a weird vibrating page. Openports worked fine, although I wasn't sure what I was looking at. I'm not a port expert, but I did recognize some of my IP and network addresses listed. I'm not quite sure what to do with that information. Anyway, the laptop is working again like it used to. Thanks.
     
  7. Enyo

    Enyo Moderator

    Messages:
    1,338
    Yea it looks like the a2 links are down :rolleyes:

    Good to see it sorted :)
     
  8. o0RaidR0o

    o0RaidR0o OSNN Addict

    Messages:
    119
    Location:
    S.E. Florida
    Heads up...

    Hi daddyo, since you are a member here I'm assuming you are using XP as your OS. If that is the case and without sounding like a knowitall, you might want to consider removing system works from your system.

    Norton System Works is absolutely useless in an XP environment, say for the exception of DiskKeeper, and Antivirus.

    First System works, utilities, and the like intergrate into XP intrusively causing system performance degradation. Secondly most of the utilities like scandisk can't run under XP and/or perform poorly.

    For registry cleaning I recommend a freeware called RegSeeker, RegSeeker includes a powerful registry cleaner and can display various informations like your startup entries, several histories (even index.dat files), installed applications. You can search for any item inside your registry, export/delete the results, open them in the registry. RegSeeker also includes a tweaks panel to optimize your OS, and a file tool to search for duplicate files, bad shortcuts.

    I would also suggest you turning on your built-in XP firewall. It really does work well, you can go here for more info: http://www.microsoft.com/security/protect/ports.asp

    For popups and spyware prevention there is a host of available sites you can visit searching google, but if I may suggest IE-Spyad as an excellent alternative which you can find and read here: http://www.staff.uiuc.edu/~ehowes/main.htm.

    Like I said I'm not a knowitall, but I do troubleshoot PC's for a living and I have always found Nortons System/Utilities a poor application since the windows 95 days.

    There isn't a single product that does it all nor is 100% effective against the evils of cybespace however you can greatly reduce your vulnerability by utilizing various defenses.

    Good luck :)
     
  9. daddyo

    daddyo OSNN Addict

    Messages:
    151
    o0RaidR0o, Thanks for the information. You are correct in that I am using Win XP Pro as my OS. Norton does cause some slowdown of the system, but I've always found several of the tools to be useful. I don't install everything, just Utilities, AV and Cleansweep. You're right about scandisk, though. It's totally useless. And System Doctor is godawful.

    I'll try RegSeeker, as I'm always looking for useful apps for the toolbox. I had to manually purge the registry of all references Norton...that took close to an hour.

    I currently have several tools running to help protect my computer. I have Norton Personal Firewall, Adaware for popups, McAfee Spam Killer for e-mail spam and a hardware firewall on my Linksys router all running. I also do periodic sweeps with Spybot for spyware and The Cleaner for trojans. Unfortunately, the infected computer was my son's, and he isn't as diligent at protecting his system as he should be. I hope he learned something from this experience.

    I always appreciate advice from a pro and I certainly will try those applications you've suggested. Thanks for your input.