Author Topic: excel key logger send to virus lab?  (Read 11096 times)

0 Members and 1 Guest are viewing this topic.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: excel key logger send to virus lab?
« Reply #15 on: December 02, 2010, 08:24:32 PM »
I did not load the key logger but did take me computer to a family member for help around that time as I could not get the avast pro to work properly he helped me out perhaps he put it on bit creepy to think about. How would he see the logs as I rarely see him...
hoping it was just a glitch I have no little kids and usually am the only one who uses this laptop so there is no need for a key logger or security of that type.

You could check when the file was created, if that coincides with a family member helping you out.

You could also check out these other tools:
If you haven't already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

Don't worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline sandy55

  • Sr. Member
  • ****
  • Posts: 213
Re: excel key logger send to virus lab?
« Reply #16 on: December 02, 2010, 10:04:33 PM »
I will change my passwords that will take some doing. 
In the mean time before I do that I ran a super antispyware check and this is the report from there



Detected Item Description and Information

Listed below is basic information about the detected application/process. This application may not be safe to have on your system.
 
Summary :   Trojan.Agent/Gen-KeySpy[FKL]
    
Company :   Unknown/Varies
     
Description :   Trojan.Agent/Gen-KeySpy[FKL].Process


is this the same thing?

no sense changing my passwords till I get rid of it as it will just copy them right?
win 8.1 (64) avast version 18.5.2342(build) 18.5.3931.0 apparently this is Premier version according to an internet search on that version number above.. tho it does not state this in about or any other place on my computer...

Offline sandy55

  • Sr. Member
  • ****
  • Posts: 213
Re: excel key logger send to virus lab?
« Reply #17 on: December 02, 2010, 10:23:06 PM »
Lots of tracking stuff and the other at the bottom.  I will let sas do the trackers next. What of the other?

here is the log it is at the bottom the log will not fit I have to send it in two messages.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/02/2010 at 12:35 PM

Application Version : 4.46.1000

Core Rules Database Version : 5942
Trace Rules Database Version: 3754

Scan type       : Quick Scan
Total Scan Time : 00:13:22

Memory items scanned      : 447
Memory threats detected   : 0
Registry items scanned    : 1472
Registry threats detected : 1
File items scanned        : 7198
File threats detected     : 158

Trojan.Agent/Gen-KeySpy[FKL]
   HKLM\Software\Microsoft\Windows\CurrentVersion\Run#Sys32V2Contoller [ C:\WINDOWS\mw2mmgr32\mw2mmgr32.exe ]

Now is this the same problem or another one????
win 8.1 (64) avast version 18.5.2342(build) 18.5.3931.0 apparently this is Premier version according to an internet search on that version number above.. tho it does not state this in about or any other place on my computer...

Offline sandy55

  • Sr. Member
  • ****
  • Posts: 213
Re: excel key logger send to virus lab?
« Reply #18 on: December 02, 2010, 10:30:28 PM »
I had sas remove everything have to reboot. 

Why did avast not see this one?  Guess it pays to have more than one program.
win 8.1 (64) avast version 18.5.2342(build) 18.5.3931.0 apparently this is Premier version according to an internet search on that version number above.. tho it does not state this in about or any other place on my computer...

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: excel key logger send to virus lab?
« Reply #19 on: December 02, 2010, 10:40:47 PM »
I had sas remove everything have to reboot. 

Why did avast not see this one?  Guess it pays to have more than one program.


It did (up to a point) in the boot-time scan, so far all three have found the keylogger (some different elements in different areas) and all will be likely to have different malware names for it as there is no standard naming convention for malware, so you can get lots of aliases.

After the reboot, run MBAM again and allow it to remove selected. Then run SAS again and finally run an avast scan.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline sandy55

  • Sr. Member
  • ****
  • Posts: 213
Re: excel key logger send to virus lab?
« Reply #20 on: December 03, 2010, 12:20:34 AM »
I am surprised sas could still find it if it was in the chest.  Does being in the chest mean it cannot run in any respect.  Malware did not see anything btw. I going do run all the programs again.  Should I delete the pup from the avast chest?
Will report back.
win 8.1 (64) avast version 18.5.2342(build) 18.5.3931.0 apparently this is Premier version according to an internet search on that version number above.. tho it does not state this in about or any other place on my computer...

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: excel key logger send to virus lab?
« Reply #21 on: December 03, 2010, 12:38:59 AM »
You didn't find it in the avast chest (a protected area) as your report doesn't show that. What has been found is another element of the keylogger as I mentioned.

Files in the chest are encrypted and from the outside the file name is not the same as the original. So they are safe in the chest if they are in there.

If you are talking about this "win32pup-C setting/documentw/Acer valued customer" there is no file name in that ?
So I can't say what it is; so I can't make any judgement.

Presumably you have an Acer computer ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline sandy55

  • Sr. Member
  • ****
  • Posts: 213
Re: excel key logger send to virus lab?
« Reply #22 on: December 03, 2010, 03:37:14 AM »
Sorry I am not explaining this very well. 
I will try again.
 
This is the first message from avast boot scan. 
C documents and settings \ValuedAcerCustomer\MyDocuments\Downloads\family-keylogger-setup.excel>$INSTDIR\mw2mmgr32.dll is infected by win32:pup-gen[pup]

this I put in the chest
then did sas scan and found this

Trojan.Agent/Gen-KeySpy[FKL]
   HKLM\Software\Microsoft\Windows\CurrentVersion\Run#Sys32V2Contoller [ C:\WINDOWS\mw2mmgr32\mw2mmgr32.exe ]

Part of the same issue I have been told but do not understand how sas can find it if it is in the chest. 

 The information I sent previously that said pup was what I got from the chest when I asked for the properties a window opened and gave me that information.
After the scan by sas I had sas deal with what it found.
I have completed another sas scan which came back with just takers no keylogger.  Malware bites came back clean every time.  Avast full system scan came back clean is this scan good enough or do I need a boot scan too?

Is it now time to change my passwords?
Thank you for you patients Sandy


win 8.1 (64) avast version 18.5.2342(build) 18.5.3931.0 apparently this is Premier version according to an internet search on that version number above.. tho it does not state this in about or any other place on my computer...

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: excel key logger send to virus lab?
« Reply #23 on: December 03, 2010, 12:16:24 PM »
The file has gone, but there was a registry item left behind, that is what SAS found, the registry item in isolation without the file is inert. What SAS found was the run command for the file, without the file it can't run anything.

Avast doesn't specifically scan the registry, if it finds spyware it does try to find any associated registry entry, in this case it wasn't found, but the most important part the file was.

So this wasn't in the chest as it is a registry entry not removed by avast.

In the file properties, avast also displays the file name, and the path on separate lines, see image. The file name is also displayed in the chest itself before you check the properties. You didn't say if you actually have an acer computer (?). All of which contribute to whether it is a legit file with a legit purpose on your acer (?) computer and is used for good not evil (the double edged intent, one you want to keep the other you don't).

After any keylogger infection it is advisable to change passwords certainly any banking ones, followed by email accounts, then any you consider confidential, etc. those with a higher degree of severity should be done soonest, and the remainder when you have time.

The one thing about keyloggers is that they gather information, but essential to that is they have to get that information out and this is where a good firewall comes into play to block unauthorised outbound connections. So what is your firewall ?
« Last Edit: December 03, 2010, 01:48:00 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security