Keylogger Trojan

Discussion in 'Computer Support' started by deleted item, May 18, 2004.

  1. deleted item

    deleted item Guest

    I have a "PSW.Keylog.J" trojan identified by AVG to be residing in the
    "C:\_RESTORE\TEMP\A000236.CPY" folder. AVG, however was unable to
    delete/quarantine it. Being worried about having my passwords etc. mailed
    out, I tried to restore to an earlier date but the trojan was still there.
    How can I find exactly where the file is saved in order to delete manually.
    Tried a google search, but no joy...

    TIA

    Mick
     
    deleted item, May 18, 2004
    #1
    1. Advertising

  2. deleted item

    Ionizer Guest

    "deleted item" <> wrote in message
    news:c8cgif$a6o$...
    > I have a "PSW.Keylog.J" trojan identified by AVG to be residing in the
    > "C:\_RESTORE\TEMP\A000236.CPY" folder. AVG, however was unable to
    > delete/quarantine it. Being worried about having my passwords etc. mailed
    > out, I tried to restore to an earlier date but the trojan was still there.
    > How can I find exactly where the file is saved in order to delete

    manually.
    > Tried a google search, but no joy...


    Turn off System Restore and run the scan again. Then reboot and restart
    System Restore:
    http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

    Regards,
    Ian.
     
    Ionizer, May 18, 2004
    #2
    1. Advertising

  3. deleted item

    deleted item Guest

    Thanks for the reply, Ian. Did what you suggested and now curiously upon
    the next scan AVG didn't find the virus at all and reported all clear.
    Would have thought it would highlight the trojan and give the option to
    vault/delete. All's well that ends well however! Cheers!

    Mick

    "Ionizer" <> wrote in message
    news:...
    > "deleted item" <> wrote in message
    > news:c8cgif$a6o$...
    > > I have a "PSW.Keylog.J" trojan identified by AVG to be residing in the
    > > "C:\_RESTORE\TEMP\A000236.CPY" folder. AVG, however was unable to
    > > delete/quarantine it. Being worried about having my passwords etc.

    mailed
    > > out, I tried to restore to an earlier date but the trojan was still

    there.
    > > How can I find exactly where the file is saved in order to delete

    > manually.
    > > Tried a google search, but no joy...

    >
    > Turn off System Restore and run the scan again. Then reboot and restart
    > System Restore:
    >

    http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam
    >
    > Regards,
    > Ian.
    >
    >
     
    deleted item, May 18, 2004
    #3
  4. deleted item

    Ionizer Guest

    "deleted item" <> wrote in message
    news:c8cj56$76f$...
    > Thanks for the reply, Ian. Did what you suggested and now curiously upon
    > the next scan AVG didn't find the virus at all and reported all clear.
    > Would have thought it would highlight the trojan and give the option to
    > vault/delete. All's well that ends well however! Cheers!


    You had already removed the trojan previously, then- the only trace of it
    remained in your System Restore files. Don't forget to restart System
    Restore now that you've got things cleaned up.

    Regards,
    Ian.
     
    Ionizer, May 18, 2004
    #4
  5. deleted item

    deleted item Guest

    All done, Ian, and a new restore point created today, minus Keylogger!
    Thanks...
    "Ionizer" <> wrote in message
    news:...
    > "deleted item" <> wrote in message
    > news:c8cj56$76f$...
    > > Thanks for the reply, Ian. Did what you suggested and now curiously

    upon
    > > the next scan AVG didn't find the virus at all and reported all clear.
    > > Would have thought it would highlight the trojan and give the option to
    > > vault/delete. All's well that ends well however! Cheers!

    >
    > You had already removed the trojan previously, then- the only trace of it
    > remained in your System Restore files. Don't forget to restart System
    > Restore now that you've got things cleaned up.
    >
    > Regards,
    > Ian.
    >
    >
     
    deleted item, May 18, 2004
    #5
  6. deleted item wrote:

    > I have a "PSW.Keylog.J" trojan identified by AVG to be residing in the
    > "C:\_RESTORE\TEMP\A000236.CPY" folder. AVG, however was unable to
    > delete/quarantine it. Being worried about having my passwords etc. mailed
    > out, I tried to restore to an earlier date but the trojan was still there.
    > How can I find exactly where the file is saved in order to delete manually.
    > Tried a google search, but no joy...
    >
    > TIA
    >
    > Mick
    >
    >


    I would also suggest getting your system scanned and cleaned.
    You can find tools @ http://www.safercomputing.com

    --

    http://www.safercomputing.com <-- keep your computer safe and secure
    the easy way!
     
    Tom - safercomputing.com, May 18, 2004
    #6
  7. deleted item

    Plato Guest

    deleted item wrote:
    >
    > I have a "PSW.Keylog.J" trojan identified by AVG to be residing in the
    > "C:\_RESTORE\TEMP\A000236.CPY" folder. AVG, however was unable to
    > delete/quarantine it. Being worried about having my passwords etc. mailed
    > out, I tried to restore to an earlier date but the trojan was still there.
    > How can I find exactly where the file is saved in order to delete manually.
    > Tried a google search, but no joy...


    Offhand you may be OK. Delete the _restore folder, reboot, and run the
    anti-virus again. Most anti-virus programs cant deal with the
    proprietary _restore files, and certainly, you dont want them back if
    they're infected anyway. Turning off system restore "should" and is
    suppossed to delete old restore points, but it doesn't always.


    --
    http://www.bootdisk.com/
     
    Plato, May 18, 2004
    #7
  8. deleted item

    reid decker Guest

    Try a still earlier Restore Point. Set it back 2 months or so. But
    some say the virus embeds itself in System Restore, so that might not work.
    I have had good results several times.
    "Tom - safercomputing.com" <> wrote in message
    news:c8d1tp$30me$...
    > deleted item wrote:
    >
    > > I have a "PSW.Keylog.J" trojan identified by AVG to be residing in the
    > > "C:\_RESTORE\TEMP\A000236.CPY" folder. AVG, however was unable to
    > > delete/quarantine it. Being worried about having my passwords etc.

    mailed
    > > out, I tried to restore to an earlier date but the trojan was still

    there.
    > > How can I find exactly where the file is saved in order to delete

    manually.
    > > Tried a google search, but no joy...
    > >
    > > TIA
    > >
    > > Mick
    > >
    > >

    >
    > I would also suggest getting your system scanned and cleaned.
    > You can find tools @ http://www.safercomputing.com
    >
    > --
    >
    > http://www.safercomputing.com <-- keep your computer safe and secure
    > the easy way!
     
    reid decker, May 21, 2004
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. mannia

    keylogger question

    mannia, Aug 1, 2003, in forum: Computer Support
    Replies:
    4
    Views:
    1,432
    Paul - xxx
    Aug 1, 2003
  2. Tin-Char D'un

    Re: keylogger question

    Tin-Char D'un, Aug 2, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    543
    Melissa J Crabbe
    Aug 2, 2003
  3. Joel Rubin
    Replies:
    2
    Views:
    717
  4. D@Z
    Replies:
    5
    Views:
    974
    Liza Smorgaborgsson
    Jan 30, 2006
  5. jamesa01
    Replies:
    2
    Views:
    513
    Steve
    Feb 27, 2006
Loading...

Share This Page