Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: robb on February 12, 2005, 04:21:22 PM

Title: keylogger? Trojan?
Post by: robb on February 12, 2005, 04:21:22 PM

Hi,

Ad Aware found BPK keylogger, but can't remove it.
Internet says BPK = a Trojan
Why can't Avast home don't find and delete it?

Thanks

Robb

Title: Re: keylogger? Trojan?
Post by: DavidR on February 12, 2005, 05:27:48 PM

Most likely because a keylogger is not a virus but spyware and has rightly been detected by an adware/spyware detector.

Get and run hijackthis from Eddy's Website (http://members.home.nl/edeijl/) click the "HiJackThis Section" and also the "Malware removal instructions and applications" section, and follow the directions there and get back to us if you need more help....

A keylogger has to run so will be seen by hijackthis, having identified it you can 'fix' (delete) the registry entry that runs it.

Title: Re: keylogger? Trojan?
Post by: robb on February 12, 2005, 07:35:40 PM

Thanks,

Found pkb*.* Couldn't delete it. Found pkb in the registry, deleted it, then deleted all the keylogger relevant files.
I will contact Ad Aware, because it found the keylogger, but couldn't delete it.
Spybot by the way didn't found this program.
I understand now it is not a virus.

Thanks for the help, my system is clean again after chosing an restore point.

Robb

Title: Re: keylogger? Trojan?
Post by: DavidR on February 12, 2005, 07:48:39 PM

Happy to help, although, not technically a virus, avast does pick up some trojan/malware.

I'm somewhat surprised that adaware having found it wasn't able to deal with it.

Although you didn't state the location of the pkb*.* file/s, they could have been in a folder protected by windows. Some malware tries to hide in the system folders.

Title: Re: keylogger? Trojan?
Post by: robb on February 12, 2005, 07:58:43 PM

Hi,

Jep, I found the files in the system32 folder of Winxp.
Couldn't delete them.
Ad Aware removed it, but it reinstalled itself continously.

Searched the registry and deleted the pkhb key, then removed it. Then I could remove the pkhb files.
Now my system seems to be clean, Ad Aware doesn't noitify this keylogger any more.
I hope ther are no things left, the logfile par example, were could it be.
Spybot even didn't find this keylogger. A bit disappointing.

Greetings

Robb

Title: Re: keylogger? Trojan?
Post by: DavidR on February 12, 2005, 09:15:19 PM

being in the system32 folder will have winXP protect them and if deleted will end up in a _restore point, so care should be taken doing this.

Disabling system restore clears all restore points and when files are deleted, can't be placed in the system_Volume_information _restore point. once clean than you can enable system restore.

Title: Re: keylogger? Trojan?
Post by: robb on February 12, 2005, 10:53:35 PM

Hi,

Thanks, i will destroy all the restore points.

Greetings

Robb