here is the hijackthis log... i checked the taskmanager, and it doesn't show any process named that... i also searched the registry...
Printable View
here is the hijackthis log... i checked the taskmanager, and it doesn't show any process named that... i also searched the registry...
AHHHHHHH.....
I've found a troll, and my super trusty (blunted and rusty) reds AREN'T working.
AP window just freezez?
Please dont nuke him until I get to balance my account............
[I am (of course) refering to the marco10 post...........................]
[edit] Too late, the troll thread is CLOSED. Me goes HOME to an advert the size of me monitor, sigh...........[/edit]
Thank you djscribble for explaining the now closed and deleted thread to me. While I was jumping back and forth, one of our mods was being super efficient and got rid of it.
Thank you to the mod that deleted it also, we don't need that kind of guff on the front page.
Ok you will need to do another scann in HJT and tick the following:
C:\WINDOWS\System32\EXPLOER.exe
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\System32\EXPLOE~2.DLL ===This looks like a part of the keylogger
O4 - HKLM\..\Run: [EXPLOER] C:\WINDOWS\System32\EXPLOER.exe
that is at first glance..
do the scann for that file in SAFE MODE.. MAKE SURE THAT YOU DISABLE SYSTEM RESTORE..
When we have this little F/tard out then the system restore can be returned..
cheers
there was a total of 5 files, one was in the prefetch, then there were 2 exe's exploer and exploerr, and then 2 dll's which i used a tool that was posted earlier to remove :)
i also submitted the files to symantec so that they will eventually get into the antivirus databases
i don't believe that my box got owned..... at least i didn't do anything critical like bank account/social security stuff :)
no funnies being detected by Zonealarm?
It should now be safe to turn System Restore back on..
ur lucky.. some keyloggers time stamp the activity.. We would have had some idea as to how fast you type as well ..
Good move submitting the files to Symantec.. i've decided to submitt the zip file to them as well..
Certainly would recommend changing your Password for AO.. don't need that ***** useing your account..do we?
cheers
any chance posteing the exploer.exe and the .dll here for us to have a look at..
here is the zip file that i sent to symantec... all files were in system32 except the .pf file (that was in prefetch) and then there was the registry entry that is in my hijackthis log
Trust No One ;)
well, i just got a response back from symantec -- they say it is an "extended" threat, classified it as spyware and in essance said sucks to be you... furthermore, i brought the zip file over to a computer that has mcaffee 8 beta, and it caught it as a virus right away....
hmmm..... i used to hate mcaffee..... now i figure they are both on the same level -- if anyone knows anything better just let me know
the case of the mysterious e-mails is now closed :)