I have the free version of Avast. I called customer support for a virus that I could not delete which was VBS:AutoRun-gen [Wrm]. They were able to answer my question and I was able to delete from the virus chest. They also did a courtesy check on my computer. The tech (who works for iYogi) found…
An unnamed (or blank) program running in my startup when he checked Msconfig
Error messages listed in the Event Logs program.
Registry with a lot of junk files
He said these items were evidence of a keylogger program. I asked him what the name of the keylogger program was and how he knew it was keylogger software. He said based on his eights years of experience and these were indications of a keylogger. Keyloggers were made to be invisible and hidden so he could not identify the specific keylogger file name. He recommended the following steps…
1 Remove all the Junk Files and Folders.
2 Remove the Prefetch Files.
3 Remove the Unwanted Registry Entries.
4 Remove the Unwanted Startup Items.
5 Virus and Spyware Removal. (Primary)
6 Repair the Windows OS Files.
7 Checking the Avast and Updating It.
The guy wanted me sign up for a 1 year service contract with iYogi at $169 to fix these items but I was skeptical and on a tight budget.
I unchecked the unnamed (or blank) program from Msconfig and it disappeared. I also ran Malwarebytes and Avast (again) and they both found nothing. I downloaded Spybot and Superantispyware (SAS) and the each found one virus but they didn’t appear to be a keylogger when I did and internet search on their names. I forgot the name of the viruses that were found by Spybot and SAS but there were deleted.
I ran a program called Autorun and found these unnamed (or blank) programs running…
Fax Provider File not found: C:\WINDOWS\system32\Setup\FxsOcm.dll
lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys
Is there a way to check to see if these are keyloggers? Is there another program (or method) to see if I have a keylogger on my computer? I know you can’t expect 100% protection from keylogger or malware but the iYogi tech has made me very paranoid.
Is there a way to check to see if these are keyloggers? Is there another program (or method) to see if I have a keylogger on my computer? I know you can't expect 100% protection from keylogger or malware but the iYogi tech has made me very paranoid.
upload suspicious file(s) to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the URL in the addressbar and post it here so we can see
To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( OTS log ) save OTS log as ANSI
Essexboy will look at the logs when posted…
he is usually here at 08:00pm - 11:59pm uk time
and it came out clean. The other files that I listed were not in the file location listed by Autorun. Autorun did list them as “File not found”. I will try the guide from Essexboy.
I already have Malwarebytes on my computer and will just run the scan. I assume that I don’t need to uninstall and reinstall Malwarebytes. Please let me know if I have to do a reinstall. Thanks again!!
Can you or someone confirm these are false positives the OTL download? I know I may be silly but this is my first time getting free online help and I am not familiar with OTL. Just want to make sure there no risk on this download.
OTL and OTS are safe programs. They are diagnostic tools used in all the forums that do malware removal
if you look in these forums you will see they are in use, Malwarebytes / Geeks2Go / MajorGeeks / BleepingComputer…
He said these items were evidence of a keylogger program.
In that case everyone has one ;D
I can see the remnants of a failed malware install. On completion of this can you let me know what the current problems are. Allow this to run normally and not sandboxed, otherwise it will not do it’s job
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Files/Folders - Modified Within 30 Days]
NY -> 1hu4i5i6c1wx6ngdh3brb4vh33mo74i8k66043 -> C:\Documents and Settings\All Users\Application Data\1hu4i5i6c1wx6ngdh3brb4vh33mo74i8k66043
[Files - No Company Name]
NY -> 1hu4i5i6c1wx6ngdh3brb4vh33mo74i8k66043 -> C:\Documents and Settings\All Users\Application Data\1hu4i5i6c1wx6ngdh3brb4vh33mo74i8k66043
NY -> o82Ak400MM24 -> C:\Documents and Settings\All Users\Application Data\o82Ak400MM24
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.
Yeah, I had a feeling there was some marketing involved to get me to sign up for a $169 service contract.
I can see the remnants of a failed malware install. On completion of this can you let me know what the current problems are. Allow this to run normally and not sandboxed, otherwise it will not do it's job
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
Done. My computer asked me to restart which I did. Then an OTS window popped to asking me to run OTS which I did. Then the results popped up. I attached the logs.
Since I started OTS, my MSconfig utility keeps popping up everytime I start my computer. I assume this is normal and will stop when I get rid of OTS.
Another note… when I first learned of the potential keylogger from iYogi a week ago, I disabled all of my start up items to see if any programs reinserted itself in the start-up menu. I only have avast and a dell utility running right now in start-up. I assume this step does not affect the OTS scan results or your analysis. When my computer gets a clean bill of health I will places the items back into the startup that I disabled.
[b]This is no sign of malfunction, do not panic![/b]
Thanks!! iYogi got me really worried. The iYogi tech was professional and I didn’t feel pressured (directly) to get the service contract. But there was some “indirect” pressure since he said I had keylogger on my computer based simply on the review of Event Viewer logs and MSconfig start-up.
MSConfig is popping up as you have used it to disable some startups, to stop this in the bottom left of the popup is a tick box that states do not show this again
I finished the fix and there appears to be no problem with my computer running. There were no operating issues before… just a iYogi tech telling me I have a keylogger. I understand there isn’t a 100% correct answer.
I just wanted see if the OTS logs (attached above) after essexboy’s fix look ok.
If things look ok… I guess the next step to remove OTS?
Allow me to introduce myself, my name is Siddharth Mukherjee and I am a supervisor in iYogi AVAST Support Team.
I am glad to know that your issue has been resolved. However let me inform you that for customer’s who are using AVAST Free or Trial Product calls iYogi Technical Services for resolving Virus related issues. Then the customer has to pay $169.99 (complete 1 year subscription) to get the issue fixed. Let me share the benifits that you would get if you subscribe with iYogi Technical Services :-
Virus and Spyware removal
Setup and installation of - Computer, Laptop, Antivirus software, Wireless networking, Digital Camera, MP3, Printer, Installation of softwares and Windows Operating Systems.
PC Optimization.
Along with you would get a iYogi Software by the name of Support Dock (which has features like - PC Optimization, Green PC, Push to Talk, Registry Repair).
If I can of any help for you please feel free to write me an email at - siddharth.mukherjee@iyogi.net to get your concerns fixed.
Thanks a lot for spending sometime in order to read my email.
Disclaimer :- iYogi is an independent provider of on-demand tech support and not affiliated with any third party brand unless specified. Call now to get instant access to tech experts for multiple brands of PCs, software and connected devices, all in one place
Thanks for your reply and posting this advertisement of iYogi.
However let me inform you that for customer's who are using AVAST Free or Trial Product calls iYogi Technical Services for resolving Virus related issues. Then the customer has to pay $169.99
This certainly is [b]NOT[/b] what we where told by your bosses during our meeting with them in Prague in Feb. of this year.
We where assured that as long as the person had an updated OS and his system was virus free, support for avast! regardless of the version
was Free
Has your policy now changed or, did you forget to check your answer with your boss ???
That is absolutely right. We continue to provide Free support all customers who call us with a new machine/old machine which is Virus free regardless of the type of AVAST product installed. However the only key difference is that Virus removal on Machines with Trail/Free Products in usually not supported free but exceptions are always there.
I would be more than glad if you try our services to witness the scope of support i have mentioned earlier.
Regards,
Siddharth Mukherjee
iYogi Technical Services
Disclaimer :- iYogi is an independent provider of on-demand tech support and not affiliated with any third party brand unless specified. Call now to get instant access to tech experts for multiple brands of PCs, software and connected devices, all in one place
Thanks for clarifying your original reply. I unfortunately don’t have the time to take you up on your offer since I’m on the road.
Hopefully another Evangelist will take you up on that offer.
Regards.
We have plenty of real experiences of iYogi support in these very forums and in all honesty it doesn’t look good.
Whilst these would only be a small number against the overall number of support calls, these are also the ones that have taken the time to register on the forums to get help and recount their experiences.
What many of these posts have in common is the iYogi support tech using the remote connection to look in other areas (windows event viewer) to support the case for offering the user the paid iYogi support package.
I certainly don’t intend to become a mystery shopper to test iYogi support, I prefer to spend my time more productively trying to help other avast users on these forums.