I Need Major Help Wth Deleting This Keylogger Type Thing

vbimport

#1

My step-dad clicked a friggin pop-up and it dl’ed this crazy file on to my computer. It does that stupid thing that says Deleting C Drive, gives me alotta pron pop ups and logs all my passwords, cc numbers and everything… It also has a TAC rating of 7, so that’s bad. The file is called: C:\WINDOWS\system32
compat.tlb
It will not delete, and when I go in manually to delete it, the file is not found. Ad-aware will not delete it either. I am trying Easycleaner 2.0 to see if it’ll delete it right now. But, do you have any suggestions as to what to do? Thank you all!


#2

try using ewido from Here

or

A Squared from HERE

or

The Cleaner from HERE

update them and scan your PC


#3

Thank you alot! I’ll check em out


#4

You need to get hold of some antivirus software (most will stop this file)

BUT to start with take a read of this Hijack This fix. It is long and goes into fixing the problems you have with someone else so should help. http://forums.techguy.org/security/427064-hj-logfile.html

Best advice I can give though is to change browser from IE to Mozilla as it has slightly less chance of falling for these tricks but its a bit late now.


#5

ewido anti-malware - Scan report

  • Created on: 5:27:10 PM, 1/6/2006

  • Report-Checksum: 39D04028

  • Scan result:

    HKLM\SOFTWARE\Classes\CLSID{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID{3646C2BD-3554-49CA-8125-44DEEFB881DE} -> Spyware.Altnet : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID{3f4d4f88-0198-4921-b630-957f3eb814e0} -> Spyware.Altnet : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID{630D6140-04C5-4db0-B27A-020D766FF09B} -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin\CLSID -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin\CurVer -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin.1 -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin\CLSID -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin\CurVer -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin.1 -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Need2FindBar Uninstall -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup
    HKU\S-1-5-21-1409082233-343818398-725345543-500\Software\Need2Find -> Spyware.Need2Find : Cleaned with backup
    HKU\S-1-5-21-1409082233-343818398-725345543-500\Software\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
    HKU\S-1-5-21-1409082233-343818398-725345543-500\Software\RX Toolbar -> Spyware.RXToolbar : Cleaned with backup
    HKU\S-1-5-21-1409082233-343818398-725345543-500\Software\Classes\CLSID{A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} -> Downloader.SpyAxe : Cleaned with backup
    HKU\S-1-5-21-1409082233-343818398-725345543-500_Classes\CLSID{A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} -> Downloader.SpyAxe : Cleaned with backup
    [2292] C:\WINDOWS\System32\wbeconm.dll -> Downloader.SpyAxe : Error during cleaning
    C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Administrator\Desktop\ZangoInstaller.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
    C:\Documents and Settings\Administrator\Desktop\ZangoInstaller.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
    C:\Program Files\Need2Find -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\1.bin -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\1.bin\N2FFXTBR.JAR -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\1.bin\N2NTSTBR.JAR -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\1.bin\N2PLUGIN.DLL -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\1.bin\NPND2FN.DLL -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\1.bin\PARTNER.DAT -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\Cache -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\Cache\00068F52 -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\Cache\00069954 -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\Cache\00070712 -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\Cache\00070A6D -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\Cache\00070C33 -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\Cache\files.ini -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\History -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\History\search -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\Settings -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\Settings\prevcfg.htm -> Spyware.Need2Find : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP21\A0000867.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP21\A0000887.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP24\A0000994.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP36\A0001617.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP36\A0002541.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP36\A0003541.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP36\A0003551.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP36\A0003576.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP38\A0003607.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP38\A0004604.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP40\A0005604.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP41\A0005616.DLL -> Spyware.MySearch : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP42\A0006604.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP43\A0006614.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP43\A0006630.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP43\A0006631.DLL -> Spyware.P2PNetworking : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP43\A0006633.exe -> Spyware.P2PNetworking : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP44\A0007601.dll -> Spyware.RXBar : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP45\A0010658.exe -> Downloader.Small.ayl : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP47\A0011646.exe -> Adware.Spyaxe : Cleaned with backup
    C:\WINDOWS\system32__delete_on_reboot__wbeconm.dll -> Downloader.SpyAxe : Cleaned with backup

::Report End

Wow, Easycleaner 2.0 is minor league compared to this! Thanks Bjproc!


#6

Also, download the others, and run them.


#7

Did that do an auto clean once it located the bad files? Just curious how it compares to SPYBOT! I guess I need to try it too!

Also do any of these load spys on your computer? Just curious!


#8

These programs are clean, AFAIK.

it cleans them but you have to go to the Quarantine tab to remove them permanently. (Ewido)

There all Maleware scanners.


#9

Thanks man! I love this forum!