Some of you may remember my post a while ago about programs specifically designed to hunt keyloggers because I'm so paranoid about them. Well, today I sat down on my computer and lo and behold, Spyweeper had detected a commercial keylogger. I quarantined and deleted it, I am ran another sweep with Spysweeper and also with AVG Anti-rootkit (Free version).

Both AVG and Spysweeper gave me a good bill of health, but am I safe? What are some other precautions I should take? I dont want to change my bank passwords until I know I'm 100% safe.

Norton, of course, didnt detect anything. I'm going to buy an AV subscription from webroot as soon as I need to renew my contract with them.

Hi Cataclysm!

Read this first: http://icrontic.com/forum/showthread.php?t=43902

Post back at least kaspersky log and a new HijackThis, please.

Here you go

Well, I figured Norton AV wouldn't detect spyware after I wrote that. But the free Kaspersky scan showed a virus that Norton missed. Does anyone have any experience with Webroot's AV program? I like to keep things consolidated.

Please download Deckard's System Scanner (http://www.techsupportforum.com/sectools/Deckard/dss.exe) to your Desktop

Close all applications and windows.
Double-click on Dss.exe to run it, and follow the prompts.
The scan may take a minute. When the scan is complete, a text file will open Main.txt and extra.txt
Please post Main.txt and Extra.txt.

Here you are

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe


Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.

Here are the results

Bump