Problem With A Keylogger In My Pc!
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Problem With A Keylogger In My Pc!

  1. #1
    Junior Member
    Join Date
    Dec 2002
    Posts
    2

    Exclamation Problem With A Keylogger In My Pc!

    Hi everyone and thanks for the replies in my first post, they helped me.

    I have a Keylogger that sends mails to an unknown destiny each 15 min.

    I can stop the keylogger to continue running -or sending mails- [typing CTRL+ALT+SUPR, and finishing a process called "PFCX.EXE"] which is not a good solution, because I have to do this each time I change the user or Restart my computer, also my family don't know how to do this and teach them will be a waste of time.....

    Also I disabled the same file in the start up from msconfig.exe (it showed its location: C:\Windows\system32) but the file continue openning in the start up .....

    Then I searched for the file but it doesn't exists..... also I tried whith norton but I found nothing

    Please I need help on this.

    Thanks Pablo

    SORRY, I forgot to say, I have Windows XP

  2. #2
    Member
    Join Date
    Sep 2002
    Posts
    98
    trojan horses and keyloggers sometimes use the same methods for auto startup i suggest
    reading the file i have attached to this message it covers some of the methods used for auto starting trojans...

  3. #3
    Senior Member
    Join Date
    Aug 2001
    Posts
    259
    try grabbing the cleaner

    http://www.moosoft.com/thecleaner/
    Alternate realities celebrate reality. If you cant handle the reality your in, then you wont be able to handle the one your attempting to escape to.

  4. #4
    Senior Member
    Join Date
    Dec 2002
    Posts
    107
    hey Pablo I've got a question for you. How'd you know that it was a keylogger?
    [pong][blur]Victory to Success[/blur][/pong]is only half won through the[pong][blur]Habit of Hard Work...[/blur][/pong]
    -Jagfire19

  5. #5
    Senior Member
    Join Date
    Jul 2001
    Posts
    420
    Originally posted here by black_death
    trojan horses and keyloggers sometimes use the same methods for auto startup i suggest
    reading the file i have attached to this message it covers some of the methods used for auto starting trojans...
    Use the above and if the problem presists shearch the registry for PFCX.EXE and delete the entries. You should also check the startup folder.

    On the HD the folder the offending file is in might give you more info w/r/t where it came from. When I search google I only get 2 hits for PFCX.EXE. Both are tied to the same geocities page for VGA Planets.

    Cheers,
    -D
    If you spend more on coffee than on IT security, you will be hacked. What\'s more, you deserve to be hacked.
    -- former White House cybersecurity adviser Richard Clarke

  6. #6
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429
    Heya,

    I've been playing with that Hellhackz-thing myself for a while after you posted that link. As stated by Mahakaal, it's the Soft-Central Keylogger.

    Once you execute the hellhackz.exe file, it tries to contact mx1.hotmail.com to mx4.hotmail.com.
    Deleting PFCX.EXE indeed is the solution. Just deleting it in Windows won't work. Deleting it in DOS won't work either (even if you remove the +r and +h attributes), so I found something else.

    Just do a search for pfcx.exe (Start --> search). In Windows 2k, it is in C:\winnt\system32.
    Once you found the file, ctrl-alt-del to taskmanager and kill the pfcx.exe process.
    Then right-click it in the search-window, and select delete. Weird, but it works...

    And of course make sure to get rid of the original hellhackz.exe

    Hope this helped.

  7. #7
    Senior Member
    Join Date
    Oct 2002
    Posts
    112
    Then I searched for the file but it doesn't exists
    Make sure that you are configured to show hidden files and folders. If the program is loading but you are unable to find it you may be set up to not show any hidden files.
    If you receive something that says \'Send this to everyone you know,\' pretend you don\'t know me.

  8. #8
    Banned
    Join Date
    Jan 2003
    Posts
    163
    would "msconfig" help. when i run that i can control what starts up on my box [xp].
    i know this won't slove prob but could make runnin ur pc better untill u get rid of this.
    i type... run > msconfig

    just a thought.

  9. #9
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    I've seen some of these programs also start themselves as services, so there is another place to look if you don't find anything in the usual startup places.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  10. #10
    Member
    Join Date
    Dec 2002
    Posts
    72
    well while trying to find a sollution to your problem,i would suggest you to install a firewall.then you can control the whole network trafic and prevent the program to connect to its server.then try to solve the problem.
    www.rootforge.com


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •