I always run a Avast scan & spybot scan at minimum twice a week, never finds much (yup it updated regularly)
Have been tryin Webroots SpySweeper 2.6 & it found three things, the Alexia toolbar (removed it), Eacceleration (something to do with NOD, last time i removed it on win98, NOD’s IMON wouldnt start & i had to reinstall it) & the one below (info copied from Webroots site) removed it as well, it was mostly reg keys
SYSTEM MONITOR Description:
Name:
WinWhatWhere
Author:
TrueActive Software
Category:
System Monitor
Threat Assessment:
High
Description:
WinWhatWhere monitors all of your computer activity including keystrokes typed, Web sites visited, chat room conversation, and programs run.
Characteristics:
WinWhatWhere is a surveillance tool that records keystrokes, visited Web sites, both sides of chat room conversation, emails, clipboard contents, file activity and active applications. The program also captures screenshots and fields from online forms. The collected data is stored into a log file that can be secretly emailed to a remote address. WinWhatWhere runs in the background, so it is invisible to the user. In addition, the program can move and rename itself in order to hide itself from spyware detection programs.
Method of Infection:
WinWhatWhere can be installed by someone with administrative access to your computer, such as a system administrator or someone that shares your computer.
I have never ever installed anything like that & am very wary while online, this worries me cause it says it logs all info i type as well as chat room text & other stuff, does anyone here know more about it or what kind of software would install it??
IF it really was said keylogger, AND you have sensitive private data on your PC, you should think about backup, format and reinstall
because you can’t know what the keylogger transmitted and what else was installed
At least change all your passwords entered on the PC including onlinebanking and ebay etc… and secure your system more
P.S.: some (online-)Games install keylogger components for more or less legit reasons…; you have something like that installed ?
All spy sweeper found was a few reg entries, no dll oe exe files were found, im the only person that uses my pc, no one else does, i am always extra cautious & double scan any download with both Avast (my main scanner) & NOD 2.0.0.9, just done a scan with NOD & nothing found, have just updated Avast to the newer version & will be doin a boot scan & throurgh/with archives on
Im still curious how Spybot didnt pick anything up, i always check every day for newer updates, but it a;ways came up clean, last night i decided to try the newer version of SpySweeper & thats what picked it up ???
I dont use online banking or have a credit card so i safe on that front, but i do use a chat room at a led zeppelin forum & the fact that it says it logs chat bothways has me worried.I use Outpost 2.1 pro as my firewall & have noticed a lot of outgoing connections for something called System\BootPS, but according to all online firewall tests i am stealthed to the max, have also noticed a lot of portscan alerts (outpost pops up a warning) most of them are on HTTP (DCOM) & all from various IP’s
I would hate to format & reinstall, but i do have a restore image from a month or two ago
I did update Trillian to 2.011 & am wondering if the reg keys could have been for that, sure it monitors key strokes to check Ur idle status
I also use Opera as my main browser with Firefox for other sites, only use IE for windowsupdates, so opera stops most malicious crap from ie diallers & other spyware
I could zip up the quarantined files from Spysweeper & mail them to Avast at the addy U gave, will they be able to open them?
Will rteport back after bootscan & thourgh scan, thanks so much for the advice & reply
if it was only/mostly?? registry entries, what would you send ?
Spysweeper might also encrypt its quarantined files so that no other Spy/AV-Scanner stumbles over them, in that case alwil team might not be able to open/analyse them, except if they know the encryption used by spysweeper
please look in the report/log from spysweeper (or post it here) if any FILES were quarantined; if so, you might want to restore them and then mail them to avast
afterwards, run spysweeper again
if it was only regkeys, i would still thoroughly check and secure the system, but you probably don’t want to format then
Ok, i scheduled a boot time scan with the updated Avast ( ie final not beta) nothing found, also done a scan with NOD (all setting high) nothing found, also done a scan with Tauscan (all files) nothing found
Will attach the log file from SpySweeper here if i can, the first scan found it, the two scans after that are clean
I also tried the links U posted, the trend micro page opened, after that i seemed to have lost all net, othing worked just got connecting to remote host, so i then done the boot scan.
I have XP pro, all critical updates & outpost 2.1 firewall, Avast 4.1, Spybot 1.2 & Tauscan 1.65
Im still wondering if they might have been related to Trillian as i know that monitors keystrokes & text (for message history & idle status reasons) Will have to test Trillian & see if my hunch is right.
Will try Ur suggestion & post back, thanks again m8
|··· Friday, 27 February 2004 12:20 AM ···|
Updating software definitions
Your software definitions have been updated.
12:22 AM Sweeping memory for active software.
12:22 AM Memory sweep has completed.
Found: Alexa Toolbar registry trace.
Found: Eacceleration registry trace.
Found: WinWhatWhere registry trace.
12:23 AM Registry sweep completed.
12:23 AM Full sweep on all local drives initiated.
12:23 AM Now sweeping drive C:
12:27 AM Full Sweep has completed. Elapsed time 0 hours, 5 minutes, 15 seconds.
Files swept: 12,402
Software Located: 6
Spy Sweeper quarantined registry traces of: Alexa Toolbar
Spy Sweeper quarantined registry traces of: WinWhatWhere
Spy Sweeper quarantined registry traces of: WinWhatWhere
Spy Sweeper quarantined registry traces of: WinWhatWhere
Spy Sweeper quarantined registry traces of: WinWhatWhere
········· End of Session 12:29 AM ·········
|··· Friday, 27 February 2004 12:38 AM ···|
········· End of Session 12:41 AM ·········
|··· Friday, 27 February 2004 03:40 AM ···|
03:40 AM Sweeping memory for active software.
03:40 AM Memory sweep has completed.
03:41 AM Registry sweep completed.
03:41 AM Full sweep on all local drives initiated.
03:41 AM Now sweeping drive C:
03:45 AM Full Sweep has completed. Elapsed time 0 hours, 4 minutes, 45 seconds.
Files swept: 12,406
Software Located: 0
········· End of Session 04:06 AM ·········
|··· Friday, 27 February 2004 04:35 PM ···|
Updating software definitions
Your software definitions are up to date.
04:36 PM Sweeping memory for active software.
04:36 PM Memory sweep has completed.
04:37 PM Registry sweep completed.
04:37 PM Full sweep on all local drives initiated.
04:37 PM Now sweeping drive C:
04:40 PM Full Sweep has completed. Elapsed time 0 hours, 3 minutes, 43 seconds.
Files swept: 12,407
Software Located: 0
········· End of Session 04:40 PM ·········