BlueMak

A friend got this probably trojan/keylogger installed and can't find a way to remove it. Any suggestions for this specific one?

__________________

The people who are regarded as moral luminaries are those who forego ordinary pleasures themselves and find compensation in interfering with the pleasures of others(Bertrand Russell)"You go into Afghanistan, you got guys who slap women around for five years because they didn't wear a veil,You know, guys like that ain't got no manhood left anyway. So it's a hell of a lot of fun to shoot them." - Lt. Gen. James N. Mattis
This is slavery, not to speak one's thought. [Euripides-The Phoenician Women (c.411-409 B.C.)] http://www.macedonia.info/FALLACIESANDFACTS.htm Sic semper tyrannis.

Tipstaff

I've never heard of that one before. Sure it's not just a file that is infected with a trojan? Or maybe there is a trojan/virus that tried to infect that file, and the AV software picked up on the attempt?

__________________

BlueMak

With a little search, "Via Intergrated setup wizard" is not made by the Via Technologies (mainboards etc). It is some type of a keylogger/trojan. But as to how to remove...nothing.

__________________

The people who are regarded as moral luminaries are those who forego ordinary pleasures themselves and find compensation in interfering with the pleasures of others(Bertrand Russell)"You go into Afghanistan, you got guys who slap women around for five years because they didn't wear a veil,You know, guys like that ain't got no manhood left anyway. So it's a hell of a lot of fun to shoot them." - Lt. Gen. James N. Mattis
This is slavery, not to speak one's thought. [Euripides-The Phoenician Women (c.411-409 B.C.)] http://www.macedonia.info/FALLACIESANDFACTS.htm Sic semper tyrannis.

Tipstaff

How is it that your friend knows he's infected with it? Is it popping up on a virus scan, is it popping up as an error during bootup, or is the file listed somewhere, such as in the startup list?

__________________

BlueMak

It wasn't the only one. She had several more. Long story short, but someone who used to know installed them to spy on her. She would find her passwords changed, facebook changed, emails, etc.

__________________

The people who are regarded as moral luminaries are those who forego ordinary pleasures themselves and find compensation in interfering with the pleasures of others(Bertrand Russell)"You go into Afghanistan, you got guys who slap women around for five years because they didn't wear a veil,You know, guys like that ain't got no manhood left anyway. So it's a hell of a lot of fun to shoot them." - Lt. Gen. James N. Mattis
This is slavery, not to speak one's thought. [Euripides-The Phoenician Women (c.411-409 B.C.)] http://www.macedonia.info/FALLACIESANDFACTS.htm Sic semper tyrannis.

Matth

Malwarebytes seems to have an excellent reputation for cleanup - Malwarebytes.org

Other than that, it's manual digging using Hijackthis

__________________
Mary had a little lamb,
Her father shot it dead
Now Mary takes her lamb to school,
Between two crusts of bread

Tipstaff

Good suggestion.

The reason I ask these questions is to figure out a more solid process of removal. However, here's what I would do:

Needed software (I'll post links to the software when I can):
SDFix (only good for XP and under.. be sure to extract this to the C drive, and that it is the main folder.. meaning C:\SDFIX\files.xxx, and not C:\SDFix\SDFix\files.xxx)
Malwarebytes Anti-Malware (definition update)
Spybot Search & Destroy (definition update)
SUPERAntiSpyware (definition update)
RatHat's Cheddar Tidbit Policy Controller (aka RatsCheddar, allows you to reset areas that might be blocked, but that you need access to, like Task Manager, cmd line, and so fourth)
FixPolicies by Bill Castner (this is a policy resetter)


- Always disconnect from the network (physically disconnect any Ethernet wire, or turn off wireless).
- Use Spybot Search & Destroy, switch it over to the Advanced mode, go into the new Tools section, and in there is a section called "System Startup". That startup listing, unlike MSCONFIG, shows the startup items for ALL users, and you can both disable and delete items as needed. When you do get into that section disable all non-Winlogin items. Leave those ones alone, plus take note of the list. If you can post the items in the Winlogin here, and I can tell you what can be disabled, but generally it's not a good idea to remove the bad ones just yet.
- Install whatever you can now, and reboot the system into Safe Mode. Run FixPolices and RatHats Cheddar, then reboot the machine again into Safe Mode as the next part needs to be run from there.
- Run SDFix (via the RunThis.bat file) under the normal user account, and once it's finished part 1 reboot into normal Windows under the same account so it can finish part 2 of the process. Then reboot the system again.
- Run both SUPERAntiSpyware and Malwarebytes Anti-Malware in succession. When either of them ask you to reboot, don't. After you've run both, run them again, and this time reboot after the second run.
- As a precaution, uninstall/reinstall any network cards she might have. Among other things, the idea here is to remove any extra things that might have been installed.
- If she doesn't have an anti-virus software, or has some POS like McAfee or Norton, get her to uninstall it, and install Avast. Do this after you've scanned the system though. One of the options with Avast is to do a startup scan after you reboot (which is right after you install it), so it's worth giving this a run. You can also do this after the fact by going into Avasts control panel, but you need to have it registered to do so (but you don't if you pick to do so during the install process). If you choose not to reboot the machine after it's finished installing you can also install the definitions update, and then reboot so that you are up to date before it runs the boot scan.

That's a good start for now, but be sure to post back the results.

__________________

BlueMak

She had Avast which detected shit. There were at least 3 different keyloggers in it.
Thankfully (my personal favourite) AntiVir came to the rescue.
I will probably go to her place next weekend and make sure everything is fine. We did everything over the phone and there are some things that are too complicated to do llike that, plus I have a feeling with PCs that can't transmit over the phone lines.

I wish she would let me deal with this person. I have enough shit in my life that I would make this guy pay for everything. But she doesn't want me to. She just wants to move on.

Anyway, thank you all for your suggestions.

__________________

The people who are regarded as moral luminaries are those who forego ordinary pleasures themselves and find compensation in interfering with the pleasures of others(Bertrand Russell)"You go into Afghanistan, you got guys who slap women around for five years because they didn't wear a veil,You know, guys like that ain't got no manhood left anyway. So it's a hell of a lot of fun to shoot them." - Lt. Gen. James N. Mattis
This is slavery, not to speak one's thought. [Euripides-The Phoenician Women (c.411-409 B.C.)] http://www.macedonia.info/FALLACIESANDFACTS.htm Sic semper tyrannis.

Tipstaff

I hear ya. If you can prove that a specific person did it, you can have charges brought against them as this type of thing is against the law. At the very least you can have the cops give the person a nice little warning. I know that in the states, depending on the state itself, computer tampering is considered to be like shoplifting, which is a Class E felony (you can get as much as 3 years in prison for it), but most times people will get off with warnings/fines. Mind you, they will get a criminal record. Not sure what the law is where you are though. However, depending on how volatile the situation is between these 2 people, or how the offending person would react, it could ignite into something much larger. I've seen it happen, and my God, it ain't pretty.

A few pieces of advice.
1) Backup what you can, and wipe the computer. No matter how clean you get the machine you can never be sure you got it all. In cases like this a fresh start really is what you need. If there is a risk that the other person might get access to her computer again you might want to do a system password (via the bios). While easier to bypass on a desktop, on a laptop it can be a lot of work, if not impossible to bypass, so much so that they might just walk away from trying.
2) Depending on how much harm this person has done, or what type of information you think this person has collected, be sure to use a different computer, and have her change passwords and information. Also, contact the different parties involved, such as Facebook, and let them know of the situation. Get it on THEIR books that this is happening just in case things get worse, or she needs to use that information for some reason (think of it as a body of evidence that supports what you are saying is happening in case it goes further).
3) I'm not sure how it's handled over there, but be sure to contact other agencies about a possible identity breach. That means credit card companies, phone company, Internet, banks... anything that deals with her personal information. The last thing you want to have happen is to have her credit or her name being tarnished. Even if she doesn't want to handle this person, convince her to at least handle herself, to protect herself, her identity and information.

Sorry if it sounds like I'm prying, but I've seen how bad things like this can get, and I'd rather not see it get worse for her either. Good luck with this, and I hope everything works out for her.

__________________

BlueMak

If the guy lived in the same city I would have taken care of him for good, but he is far and I can't find him nor do I know the city well enough or have any worthwhile connections there. If he was here things would be different.
She doesn't use her computer for anything other than emails, facebook, some news and the occasional media download. No personal info. Although she says she believes her phone line might be tapped. The guy works for Hellas-Sat I think.

Due to the reasons I mentioned, I asked her to at least contact the police (the police has special units for anything regarding "electronic crime" and they are good at it. She still refuses and wants to diffuse it. I know the reason, because then other things would come out and, it's a long story.


Anyway, she gave me her details and I changed them from my PC, then I sent them to her over sms, and see if the guy still manages to get them, either through the mobile connection or her PC. Her PC will be cleaned for good (yes format and search of the boot sector), but I am afraid that he had access to her router at a "previous" time. IF she told me everything and not half truths I could have helped better...

I just wish that one day I will, by accident, meet this guy.

__________________

The people who are regarded as moral luminaries are those who forego ordinary pleasures themselves and find compensation in interfering with the pleasures of others(Bertrand Russell)"You go into Afghanistan, you got guys who slap women around for five years because they didn't wear a veil,You know, guys like that ain't got no manhood left anyway. So it's a hell of a lot of fun to shoot them." - Lt. Gen. James N. Mattis
This is slavery, not to speak one's thought. [Euripides-The Phoenician Women (c.411-409 B.C.)] http://www.macedonia.info/FALLACIESANDFACTS.htm Sic semper tyrannis.

DJ BIG T

try panda it might help you get that key logger...

__________________

SeraphicSorcerer

Kaspersky for me usually locks down on that stuff, Sorry to hear she has such a shatastic X, However Let her deal with it man. Maybe you can be her awesome dude :P lol

(Unless of course you're pre-taken!)

__________________

BlueMak

I wish I was that kind of person, but I am not. I am doing this to help her and because it is the right thing to do.

__________________

The people who are regarded as moral luminaries are those who forego ordinary pleasures themselves and find compensation in interfering with the pleasures of others(Bertrand Russell)"You go into Afghanistan, you got guys who slap women around for five years because they didn't wear a veil,You know, guys like that ain't got no manhood left anyway. So it's a hell of a lot of fun to shoot them." - Lt. Gen. James N. Mattis
This is slavery, not to speak one's thought. [Euripides-The Phoenician Women (c.411-409 B.C.)] http://www.macedonia.info/FALLACIESANDFACTS.htm Sic semper tyrannis.