Показано с 1 по 16 из 16.

I think i have a keylogger in a .dll file

  1. #1
    Junior Member Репутация
    Регистрация
    11.08.2010
    Сообщений
    11
    Вес репутации
    27

    I think i have a keylogger in a .dll file

    Hello, i was away for 20 days and my brother downloaded hacks for an online game ... i got a friend that knows some programming stuff and he told me to debugg the .dll files and find if theres any keylogger packet in it, i really dont know how to do that and i dont think this virus is famous, the site that he used is really known for having expert hackers and keyloggers, i'd like to know if i have a keylogger in this file, he injected the .dll files into the game.exe i heard when you inject it into the .exe file it injects keyloggers into the system idk if its true, however heres the scan and the files.
    My brother said he got blue screen sometimes while excecution the programs, its maybe because it overloaded the comp and my comp is overclocked at 3.42 Ghz.

    The dangerous file names are:
    FATrainer88_1.ll
    FATrainer88_21.ll
    LaunchAMS(update 25th july).exe
    MSHSCRCBypassv88.dll
    NzMaple.exe
    packet sender.dll
    winject.exe
    XPlorer w8Trainer v88.5 NoCRC.dll

    This is the download to the possibly infected files.
    Possibly infected files shoud be upoladed in ZIP-Archiv with Password-Protection (Password virus) over this link: http://virusinfo.info/upload_virus_eng.php?tid=85140
    The files were downloaded from www.w8bаbу.cоm <~ Hacking related forums
    Последний раз редактировалось Rene-gad; 11.08.2010 в 10:38. Причина: link disabled

  2. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    Hello,
    - Execute following script in Manual disinfection
    Код:
    begin
     QuarantineFile('C:\Windows\System32\cdd.dll','');
     QuarantineFile('C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys','');
     QuarantineFile('E:\MSHSCRCBypassv88.dll','');
    end.
    Than execute following script in Manual disinfection
    Код:
    begin
    CreateQurantineArchive('C:\quarantine.zip');
    end.
    and upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.

  3. #3
    Junior Member Репутация
    Регистрация
    11.08.2010
    Сообщений
    11
    Вес репутации
    27
    Ok, i uploaded the suspisious files to quarantine, i suggest you guys to check this file packets manually because this website has really expert hackers and they make keylogs that can avoid the antivirus, they're not using public keyloggers they're making them so yea i'd apreciate alot if someone check the file :/
    and about the Manual disinfection, do i do the manual disinfection with the kaspersky virus tool removal? or where do i execute the script?
    Dont forget that MSHSCRCBypass.dll isnt the only possibly infected file.
    im doing banking stuff in my computer so please help =/
    Edit: I tried to do manual disinfection with kaspersky virus tool and it didnt make any .zip file, i executed your script and nothing, i have hard disk C D and E
    C: windows XP D: Windows 7 E: Files theres no such quarantine.zip made after manual disinfection and im using windows 7 by the way.

    Добавлено через 11 часов 55 минут

    huh no1 can help me or you guys are working at it? o.o
    Последний раз редактировалось Rene-gad; 12.08.2010 в 09:13. Причина: overquoting removed

  4. #4
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    pls. write some less and read some more: you had to upload file C:\quarantine.zip, avz4 is clean. If C:\quarantine.zip wasn't been generated, pls. upload your suspicious files as given (s. corrections with red in the 1st post).

    Цитата Сообщение от iPunket Посмотреть сообщение
    I tried to do manual disinfection with kaspersky virus tool and it didnt make any .zip file, i executed your script and nothing
    What system did you boot from?
    I cannot say if any file is definitely malicious, we have to analyze each one.
    Последний раз редактировалось Rene-gad; 12.08.2010 в 09:28. Причина: Добавлено

  5. #5
    Junior Member Репутация
    Регистрация
    11.08.2010
    Сообщений
    11
    Вес репутации
    27
    I uploaded the suspicious files to quarentine, i set the password "virus" in the .zip
    and about AVZ it found a suspicious file, but it only scanned the disk C, it didn't scan D or E, once again C is XP D is windows 7 and E is for my stuff.
    I'd apreciate if you guys check the files i uploaded to quarantine, and can you explain me about the Bypass.dll? why did u only give me only 1 file to manual disinfect out of 6 i uploaded?
    Edit: Im uploading the suspicious files to quarantine again
    Ok uploaded, this is what i got if you need it.

    File saved as 100813_104421_Virus help_4c64e9c5bad93.zip
    File size 5479084
    MD5 3a9e49d3f388235f0b6f2f5b991e2415

    Please check the packets or coding in the file :/
    Последний раз редактировалось iPunket; 13.08.2010 в 09:46.

  6. #6
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    Цитата Сообщение от iPunket Посмотреть сообщение
    I uploaded the suspicious files to quarentine, i set the password "virus" in the .zip
    No, you didn't
    1. you had uploaded the file avz4.zip, it's our main tool (s. the picture)
    2. you should not make a quarantine yourself, it should be made automatically after execution of my script.
    HERE is the link for uploading of quaranine: http://virusinfo.info/upload_virus_eng.php?tid=85140
    i cant find any manual disinfection in AVZ, and AVZ only scans disk C.
    There is not any disinfection @AVZ, it's antirootkit, not antivirus.
    Make a log of Malwarebytes Antimalware.

  7. #7
    Junior Member Репутация
    Регистрация
    11.08.2010
    Сообщений
    11
    Вес репутации
    27
    either ur english is weird or my english is bad and i cant understand
    There is not any disinfection @AVZ, it's antirootkit, not antivirus.
    Make a log of Malwarebytes Antimalware.
    Do i download Malwarebytes Antimalware?
    Im executing your script with Kaspersky Virus Removal tool and it isn't making any quarantine file in C:\quarantine.zip, theres a Quarantine.zip but its empty theres nothing inside and its 22 bytes is that what you need?

    I did the scan with AVZ and it found a suspicious trojan downloader in the disk C, as i said before the Disk C is windows XP, im always using windows 7, I have the suspicious files in windows 7's desktop and on a folder in my disk E, so i have the files in disk D and E, after AVZ finished it closed and i couldn't find the suspicious trojan downloader in system32.

  8. #8
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    Цитата Сообщение от iPunket Посмотреть сообщение
    Do i download Malwarebytes Antimalware?
    I don't know if you just DID it, but pls. DO it and MAKE a log file (all drives).

  9. #9
    Junior Member Репутация
    Регистрация
    11.08.2010
    Сообщений
    11
    Вес репутации
    27
    Цитата Сообщение от Rene-gad Посмотреть сообщение
    I don't know if you just DID it, but pls. DO it and MAKE a log file (all drives).

    Okay all drives should take around 3 days of scanning i dont know why but when i scanned with AVZ my disk C, kaspersky usually scan 2.000.000 files on disk C D E but AVZ Scanned around 38.000.000 files only in disk C, it took 27 hours to scan the disk C, i guess i'll come back here in 4 days or so when the scan finish.

    Btw i found the avz4.zip but its only my disk C i hope it helps i uploaded already
    Edit: hold on i cant upload yet
    Последний раз редактировалось iPunket; 13.08.2010 в 13:13.

  10. #10
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    What a bullsh...t did you do??? Why did you upload OUR TOOL AVZ 4 for the 2nd time???

    If you mean, scanning with MBAM take too long - reinstall your system, it will be shorter.

  11. #11
    Junior Member Репутация
    Регистрация
    11.08.2010
    Сообщений
    11
    Вес репутации
    27
    Цитата Сообщение от Rene-gad Посмотреть сообщение
    What a bullsh...t did you do??? Why did you upload OUR TOOL AVZ 4 for the 2nd time???

    If you mean, scanning with MBAM take too long - reinstall your system, it will be shorter.
    =/ Can't you just analyze each file i uploaded in the virus help.zip? I uploaded avz4.zip once not twice o_O when i uploaded it for first time i cancelled it so i uploaded it again. thanks for all the attention you're giving me by the way im just afraid that this .dlls have strong keyloggers since they're from a website with good programmers they make keylogs and test in with different antivirus untill none of em can detect the keylog.
    Thanks again for all the help sorry if im making a mess here i just have too much stuff in my computer.

  12. #12
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    Цитата Сообщение от iPunket Посмотреть сообщение
    =/ Can't you just analyze each file i uploaded in the virus help.zip?
    We have done it, no malware found.

  13. #13
    Junior Member Репутация
    Регистрация
    11.08.2010
    Сообщений
    11
    Вес репутации
    27
    Цитата Сообщение от Rene-gad Посмотреть сообщение
    We have done it, no malware found.

    Okay thanks alot for the help, if theres nothing left to do, mind deleting this thread please? or change my user ID to something different or else i will have some problems :x
    Thanks alot for all the support given this forum is awesome i hope the suspicious files i uploaded are really clean Thanks ~

  14. #14
    Junior Member Репутация
    Регистрация
    11.08.2010
    Сообщений
    11
    Вес репутации
    27
    Can this thread get deleted please???

  15. #15
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    No topics here will be deleted if they are conducted according to the rules.

  16. #16
    Cybernetic Helper Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    29.12.2008
    Сообщений
    48,318
    Вес репутации
    953

    Итог лечения

    Статистика проведенного лечения:
    • Получено карантинов: 4
    • Обработано файлов: 172
    • В ходе лечения вредоносные программы в карантинах не обнаружены


Похожие темы

  1. PDM.Keylogger
    От oleg4er в разделе Помогите!
    Ответов: 2
    Последнее сообщение: 03.07.2011, 16:20
  2. Keylogger
    От traktorec в разделе Помогите!
    Ответов: 3
    Последнее сообщение: 16.03.2010, 11:27
  3. Pdm Keylogger
    От Seregan в разделе Помогите!
    Ответов: 17
    Последнее сообщение: 14.11.2009, 00:42
  4. Keylogger
    От Ambi в разделе Помогите!
    Ответов: 5
    Последнее сообщение: 13.06.2009, 16:58
  5. keylogger
    От assa001 в разделе Помогите!
    Ответов: 6
    Последнее сообщение: 03.07.2007, 16:25

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.00205 seconds with 16 queries