Sign In
Create Account
0
I just found this file in my Malwarebytes quarantine:
Vendor: Trojan.Agent
Category: File
Items: C:\WINDOWS\sustem32\KerndDrv.dll
Reference#: 35638
Does anyone knows that this is? I tried searching but found nothing. Any ideas?
Back to top
#2
Posted 15 October 2008 - 06:06 PM
-
- Administrators
-
- 22,574 posts
Forum Deity
- Gender:Male
- Location:US
Hello elveez and Welcome to Malwarebytes
According to Threat Expert
Highly recommend that you follow the directions below (do not bypass the online Panda scan)
Please read and follow the instructions provided here: Pre- HJT Post Instructions
When ready please post your logs here: Malware Removal - HijackThis Logs
Someone will be happy to assist you further with cleaning your system.
During this scan and cleanup process you should not install any other software unless requested to do so.
According to Threat Expert
Quote
Infostealer.Gampass [Symantec]
A keylogger program that can capture all user keystrokes (including confidential details such username, password, credit card number, etc.)
* There was application-defined hook procedure installed into the hook chain (e.g. to monitor keystrokes). The installed hook is handled by the following module:
o %System%\KerndDrv.dll
A keylogger program that can capture all user keystrokes (including confidential details such username, password, credit card number, etc.)
* There was application-defined hook procedure installed into the hook chain (e.g. to monitor keystrokes). The installed hook is handled by the following module:
o %System%\KerndDrv.dll
Highly recommend that you follow the directions below (do not bypass the online Panda scan)
Please read and follow the instructions provided here: Pre- HJT Post Instructions
When ready please post your logs here: Malware Removal - HijackThis Logs
Someone will be happy to assist you further with cleaning your system.
During this scan and cleanup process you should not install any other software unless requested to do so.
#3
Posted 15 October 2008 - 07:49 PM
-
- Members
-
- 6 posts
New Member
Thanks a lot! I had some on of my passwords stolen and I figured it's gotta be some keylogger. I wish I could figure out how I got this one! I had Norton Realtime protection and SpyBot with TeaTimer running all the time!
I just scanned my system with Norton + Malwarebytes + SpyBot + SuperAntiSpyware and it seems that I'm clean now. Malwarebytes was the only one program that reported this!!
I will run it again and post the logs here. Do I just copy and paste them here or should I include them as an attachment?
I just scanned my system with Norton + Malwarebytes + SpyBot + SuperAntiSpyware and it seems that I'm clean now. Malwarebytes was the only one program that reported this!!
I will run it again and post the logs here. Do I just copy and paste them here or should I include them as an attachment?
#4
Posted 15 October 2008 - 08:03 PM
-
- Members
-
- 6 posts
New Member
Here's my MBAM log from two days ago when the files were found...
#5
Posted 15 October 2008 - 08:15 PM
-
- Members
-
- 6 posts
New Member
HijackThis Log. Today. Panda is still working, I will post the log as soon as it's done.
#6
Posted 15 October 2008 - 08:46 PM
-
- Administrators
-
- 22,574 posts
Forum Deity
- Gender:Male
- Location:US
Please don't post your logs here.
Start a new thread here: http://www.malwareby...php?showforum=7
Then post current MB and HJT and PANDA logs in the new thread. Do not attach the files, post them directly please.
Thank you.
Start a new thread here: http://www.malwareby...php?showforum=7
Then post current MB and HJT and PANDA logs in the new thread. Do not attach the files, post them directly please.
Thank you.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
