Home > General > Trojan-Spy.Win32.Keylogger.aa


Most of the files were dropped or created themselves in the c:\system32 drive on when the joke(haha) showed up and though I could see them ... The system clock is unsynchronized.Event Record #/Type2412 / ErrorEvent Submitted/Written: 07/29/2008 07:13:30 AM / 07/29/2008 07:14:00 AMEvent ID/Source: 18 / Ma730PtEvent Description:Event Record #/Type2408 / ErrorEvent Submitted/Written: 07/29/2008 07:12:59 AM 0 For fresh articles and recent computer threats, please visit the home page. Register now to gain access to all of our features, it's FREE and only takes one minute. http://agileweb.org/general/win32-trojan-agent.php

What do I do? It still pops up. 7 September 2008 at 4:17 pm 4 } Rufus said: Trojan-Spy.Win32.Keylogger.aa" have same problem and found that the last two letters keep changing they may be ab,bq,bb i just opened their file location….i had to edit the folder pref's to allow me to delete them…they where in the program data files on vista….don't know if it's all clear Register now! http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=TrojanSpy%3AWin32%2FKeylogger.AA&ThreatID=-2147464382

iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! or read our Welcome Guide to learn how to use this site. Music Jukebox\ymetray.exe [2/5/2008 3:29:20 PM][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme"DisableRegistryTools"=0 (0x0)"HideLegacyLogonScripts"=0 (0x0)"HideLogoffScripts"=0 (0x0)"RunLogonScriptSync"=1 (0x1)"RunStartupScriptSync"=0 (0x0)"HideStartupScripts"=0 (0x0)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"HideLegacyLogonScripts"=0 (0x0)"HideLogoffScripts"=0 (0x0)"RunLogonScriptSync"=1 (0x1)"RunStartupScriptSync"=0 (0x0)"HideStartupScripts"=0 (0x0)[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]"wininfogen"= {43DC8C13-3F24-C47E-0AB4-08F89ACC0673} - C:\Program Files\dprtotf\wininfogen.dll [07/27/2008 08:21 AM 110592][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 08/18/2007 02:38 PM 294912 This means that it is fixed now.NEXTPlease download the OTMoveIt2 by OldTimer.Save it to your desktop.Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run

Michael M. After downloading, double-click on mbam-setup.exe to install the application. 3. Most major antivirus programs, such as Norton, work as well and come in d...(more) Q:How to Remove Malware and Antiviruses A: Check for uninstall tools under the programs menu directory. Edited by Pat34, 28 August 2008 - 11:31 AM.

You already have Avast! The threat may not be really present on computer. TrojanSpy.Win32.KeyLogger.aa may even add new shortcuts to your PC desktop.Annoying popups keep appearing on your PCTrojanSpy.Win32.KeyLogger.aa may swamp your computer with pestering popup ads, even when you're not connected to the recommended you read I then ran combofix.

I couldn't have done it without you. If you are asked to reboot the machine choose Yes.Please post the following logs in your next reply..1. By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! This may require plug-ins, add-on or Activex object, please install if you want to proceed with scan. 6.

Glad we could help. https://www.bleepingcomputer.com/forums/t/165324/windows-security-alert-trojan-spywin32keyloggeraa/ CClick OKThe System will do some calculation and the display a dialogue box with TABS Select the More Options Tab.At the bottom will be a system restore box with a CLEANUP BleepingComputer is being sued by the creators of SpyHunter. Signs and Symptoms of Trojan-Spy.Win32.Keylogger.aa Infection: Trojan-Spy.Win32.Keylogger.aa will disable your antivirus program Once a Trojan infects a computer, it has a tendency to lower security settings and disable firewall and antivirus

Several functions may not work. this content Music Jukebox --> MsiExec.exe /X{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}-- Application Event Log -------------------------------------------------------Event Record #/Type999 / ErrorEvent Submitted/Written: 07/30/2008 05:04:58 PMEvent ID/Source: 11 / crypt32Event Description:Failed extract of third-party root list from auto update cab Post the MBAM log in your next reply. Then reboot to apply the changes.

Music Jukebox\ymetray.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - For information about running scans and removing malware files, see the Exterminate It! It looks for certain keystrokes and the emails them to its originator. weblink I then ran sdfix (which finally grabbed the identified .exe for joke.blushod and deleted.

Remove or delete all detected items. 9. Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - The windows XP automatic update is failing due to requesting MicroSoft Professional location for FrontPage even though this is Windows XP Home Edition.

There are cases that infected computer crashes due to insufficient resources.

There is a warning at the top of your post in big bright blue letters:When posting your problem, do not run and post a ComboFix logs. Here is my scanner log that I just received after running SUPER:SUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 09/06/2008 at 02:48 PMApplication Version : 4.21.1004Core Rules Database Version : 3558Trace Rules Database Version: 1546Scan type Music Jukebox""C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour""C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes""C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"-- Environment Variables -------------------------------------------------------ALLUSERSPROFILE=C:\Documents and Settings\All UsersAPPDATA=C:\Documents and Settings\Greg\Application DataCLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zipCLIENTNAME=ConsoleCommonProgramFiles=C:\Program Files\Common FilesCOMPUTERNAME=GREG_DTComSpec=C:\WINDOWS\system32\cmd.exeFP_NO_HOST_CHECK=NOHOMEDRIVE=C:HOMEPATH=\Documents and Settings\GregLOGONSERVER=\\GREG_DTNUMBER_OF_PROCESSORS=2OS=Windows_NTPath=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystemPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSHPROCESSOR_ARCHITECTURE=x86PROCESSOR_IDENTIFIER=x86 Family 6 Then press EnterClick on the Scan button.Select everything it is displaying thereClick the Fix button.Then rescan with DAFT again - it should say now that "All associations are OK"Close DAFT if

C:\DOCUME~1\Greg\LOCALS~1\Temp\~DFD030.tmp scheduled to be deleted on reboot.File delete failed. since none of these antispywares does it all ... In addition, Trojan-Spy.Win32.Keylogger.aa also interfere with your connection to security-related web sites making sure that no updates will be downloaded onto the infected computer. check over here Update: I think I have determined with all the files that were hidden that there is sometype of rootkit involded.

I have run my system in safe mode and run ATF-Cleaner and SUPERAntiSpyware but I just got another pop-up. or read our Welcome Guide to learn how to use this site.