Hello Avast,
This is to inform you about the following:
A few days ago, Windows Defender caught the installation of un unknown application on our computer. The application was probably put on the computer during a Messenger session, but I cannot be sure of that. Because I cannot find any information about this application on the Internet, and because the Avast! scanner which is installed on the computer, didn’t catch it, I’m sending you this information. I’m not sure what the application does, but I suspect it is a keyboard logger. Sometimes, while on Internet, the keyboard seemed to skip key strokes. In Windows applications everything worked fine. After disabling the application, the keyboard didn’t skip anymore.
The computer runs Windows Vista Home Basic SP1
The application does not produce a User Interface, but is visible as a process.
Application registry keys found:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run"c:\users\herman\appdata\local\iieisyo.exe" iieisyo
HKEY_USERS\S-1-5-21-1567621564-2413531816-831747631-1000
\Software\Microsoft\Windows\CurrentVersion\Run"c:\users\herman\appdata\local\iieisyo.exe" iieisyo
The application was installed in the following location, and contained the following files:
c:\users[user]\appdata\local
iieisyo.exe
iieisyo.dat
iieisyo_nav.dat
iieisyo_navps.dat
pabmhya.bat
This last file is the uninstaller, and contains the following code:
@echo “Uninstalling the software…”
@“c:\users[user]\appdata\local\iieisyo.exe” -uninstall
When executing this batch file, a dialog box with the following message is produced:
“You must be connected to the Internet to uninstall this software. Please, connect your computer to the Internet and click on ‘Retry’.”
Should you need further info, please let me know.
Regards,
Herman.