Help! I got a keylogger that wont go away!

Hello, avast users
im in a little trouble
when i try to delete the keylogger file (the log)
it keeps coming back! does anybody know how to prevent it?

More details please. What file you trying to delete and where is it located? What is your OS?

How do you know it is a keylogger? Avast giving you block messages on it? What is the technical name given for the keylogger?

Maybe this picture will help you. And my OS is windows 7 Ultimate 64-bit AMD vision premium
http://i.imgur.com/UVwPR.png

And all i know is that avast DID NOT BLOCK IT!

It also depends what type of keylogger…the one You buy and install to see what your kids do on the net
Or the malicious type ?

The first one may be detected if you activate avast PUP scan…PUP is not a virus
The second one…try a quick scan with Malwarebytes. www.Malwarebytes.org

Open Task Manager and see if you have “keylog.exe” running. If so, terminate it. Then delete those two files in your AppData\Roaming directory. Reboot and see if that got rid of it.

If it’s still running, I personally would download the trial version of Zemana Anti-Keylogger from the Zemana web site:http://www.zemana.com/. The trial version is free for 15 days. That should nail the bad guy.

I have found MBAM to be worthless against keyloggers.

Well i just found out that i deleted the file causing it to make a log, but the log file wont go

Zenmama dosent work

The other one with random was a try-thing to prevent it through

Zenmama dosent work
Again, care to elaborate on this. We are not mind readers.

Did it install OK? Did you check it’s logs to see what it blocked and/or quarrantined?

Also try a MBAM scan and see what it finds.

Also you have to end the host process before you delete any associated keylog files. Did you do that.

Didnt download MBAM and i cant find the keylogger process nothing supicious for the processes ill go install MBAM and i just got warned -_-

Bump for help! D:

Do the contents of the file actually contain ‘keylogged information’?
If so, when you delete it, does it regenerate more ‘keylogged information’ of different kind?
If so, then there is a secondary process that’s running forcing another keylogger file to be made.
To raise more suspicion, why would they name the logged file “keylogger”?

Please download Process Explorer by Mark Russinovich to your desktop.

When you run it, make sure you see wininit.exe and explorer.exe expanded.

THEN delete the keylogger file. A new process should be ran to generate the new file, resulting in a green flash.

Remember the file that flashed. If it comes and goes too fast, then do the following:

  1. Go to OPTIONS > Difference Highlight Durations
  2. A new dialog shall appear. Change the DHD to as high as you feel necessary.
  3. Then delete the keylogger file again and try to see the process name.

If multiple processes are created upon deletion of the file, please report all processes made.

Can we have a look at your OTS log?
Keyloggers usually run from registry eg(Software/microsoft/windows/current version/run),we need to have a look at your start up folder etc.

whats OTS?

whats OTS?
The big brother to OTL ;)

Was another instance created? If so, we need what flashed green.

Well guys, I Fixed it! Just put the log file to read-only! then it cant write anything :smiley:

But the process that was generating the file remains running.

Are you sure you don’t want to know the potentially malicious process that made this “keylog” and how to remove it?

Hi !Donovan,

Seen from the extension eq in the pic the victim has forwarded, couldn’t it be a chrome installed keylogger extension: http://code.google.com/p/chromium/issues/detail?id=78783.
The other possibility is a game being flagged for acting as a keylogger (TSB Tibia).
Sysinternals has the tools for the user to establish what it is beyond any doubt,
namely Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653

polonus