Author Topic: Swhelper? (Read 5558 times)

sanctuary24 · « **on:** October 24, 2007, 09:28:30 PM »

When I view bbc.co.uk for example it says SwHelper_1020023 if I deny it stops every site from loading, I researched it and it said it could be genuine or spyware so I used virus total to check it and it passed but I dont know whether that was the specific file. Can someone tell me what files/registry keys this keylogger creates so I can search my computer and check if it is the keylogger or not.

PrevX is the site that alerted me about this possible threat

ps does virus total receive a copy of your file and scans it at there end, is that right?

DavidR · « **Reply #1 on:** October 24, 2007, 10:06:25 PM »

Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections.

If this is only a prevx detection then you must get the information from there. If it were SwHelper_1020023.exe then that is what you should upload.

That should tell you exactly what the detection was on and then perhaps you will be able to upload and scan the correct file. VT scans the file 'you' upload it doesn't scan files on your system.

sanctuary24 · « **Reply #2 on:** October 24, 2007, 10:58:21 PM »

Is the file I submit a copy of the original or the original itself?

Avast has not detected a virus its just that when my Comodo firewall alerted me to it trying to connect I researched it to find that Prevx says that in some instances it is a keylogger but it didnt detail anymore info than that so I'm unable to tell if it is genuine or the keylogger.

I know that the same file is to do with shockwave player yet I cant rule out that it is posing as the shockwave player

Lisandro · « **Reply #3 on:** October 24, 2007, 11:58:09 PM »

Quote from: sanctuary24 on October 24, 2007, 09:28:30 PM

ps does virus total receive a copy of your file and scans it at there end, is that right?

VirusTotal receive a copy (transmitted or uploaded file), not the file itself, that will remain in your computer.

Quote from: sanctuary24 on October 24, 2007, 10:58:21 PM

Avast has not detected a virus its just that when my Comodo firewall alerted me to it trying to connect

Which was the file and the parental one that was trying to connect? Name and path.

sanctuary24 · « **Reply #4 on:** October 25, 2007, 01:07:36 AM »

I believe that swhelper was going through iexplore.exe but I cant be certain as my firewall has not logged it (i have an issue with it) but I have allowed it on other occassions and not seen any strange processes or anything. It could be that its genuine but I was just worried due to Prevx saying that it could be malicious (Prevx didnt do a scan it was research that I had found myself)

polonus · « **Reply #5 on:** October 25, 2007, 10:57:37 PM »

Howdy sanctuary24,

Try not to panick, and let us analyze what you have running there, matey.
http://www.runscanner.net/getmd5.aspx?MD5=0F080B4DD0AC4895C6BC8A7EB92DD444&process=postupdate.exe

Please post a hijackthis log here. If it fits in more than one posting do so. We analyze it, and then we see what we have to do next, think we have to let runscanner have a run then, but first like to see your hjt logfile.

pol

Author Topic: Swhelper? (Read 5558 times)

sanctuary24

Swhelper?

DavidR

Re: Swhelper?

sanctuary24

Re: Swhelper?

Lisandro

Re: Swhelper?

sanctuary24

Re: Swhelper?

polonus

Re: Swhelper?