[jay325]

I think my ex-gf may have installed some kind of spyware on my pc. I gave her my apartment key one day while I was at work. She claims she never used it and was never there that day but when I got home and used my pc the DOS screen came up and asked "would you like to save system configuration changes" or something to that affect. When I went to the start button word pad was on the list which is something I've never used. When I opened wordpad the name of one of my encrypted files was on the recently saved list. Anyone have any idea what might have happened or what I can do to find out what if anything has been installed on my pc???

[dcook12]

{Note by Moderator: Please see TSG Rules: and also what I posted to valis about replying to threads and the effect that has on how we respond

Log Analysis/Malware Removal - In order to ensure that advice given to users is consistent and of the highest quality, those who wish to assist with security related matters must first graduate from one of the malware boot camp training universities or be approved by the administration as already being qualified. Those authorized to help with malware issues have a gold shield next to their name and authorized malware removal trainees have a blue shield next to their names. Anyone wishing to participate in a training program should contact a Moderator for more information.


You are not presently qualified to offer advice for removing malware.
Though what you offered may be considered helpful, you did not post links to, directions for use, of any of the programs-
*We do appreciate your trying to help out! There are many reasons why we ask that no one respond to threads that clearly are dealing with spyware/adware/malware removal or detection.
*keyloggers mostly run secretly, and may not have entries in Add/Remove for example...and, they need some special tools quite often to detect-
*commercial ones are bypassed by some common scanners as they have registered with antispyware companies to have their keyloggers not detected at all.
* We always also like to see what is running, as far as any malware, and the antivirus or antispyware apps they have already....thank you!


1. Get your key back and change your password!!
2. If she installed a keylogger you should see new program installed when you got to start>programs.
3. Anyone correct me if I am wrong, but keyloggers are considered spyware, so run the usual scanners (hopefully you have spybot S&D, A squared etc..)all good scanners listed in the sticky thread. One of them should catch that. Also I would go to the control panel look at add/remove programs and see if there are any programs in there that you do not recognize and google it (or just uninstall it if you know it is something you did not add). Good luck!!

[valis]

CLICK HERE to download the HijackThis Installer:

1. Save HJTInstall.exe to your desktop.
2. Double-click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
8. Come back here to this thread and paste the log in your next reply, along with the smitfraudfix log.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


then let a security expert (gold badge next to their name) take a gander at it.

v

[Byteman]

Hi jay325

You should download Hijackthis and post the log in a Reply in this thread please!

it will be looked at as soon as we can. There may be some waiting time involved!

This below is not for you.....

Quote:

Originally Posted by valis

CLICK HERE to download the HijackThis Installer:

1. Save HJTInstall.exe to your desktop.
2. Double-click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
8. Come back here to this thread and paste the log in your next reply, along with the smitfraudfix log.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


then let a security expert (gold badge next to their name) take a gander at it.

v

{Edited by Byteman: I will let the above stay- though valis my friend, I think it would be nice if you and others..... let threads like this, which are clearly right off the bat, dealing with malware removal or detection with no replies----without any replies. What happens is they may be skipped over and not read by helpers who are looking for ZERO REPLIES in older threads back several pages who are the ones who have been waiting longest Having them bumped to the front here, with some not so good replies...further draws the attention of MORE NON QUALIFIED responders such as we see here....and we get a whole bunch of posts to deal with, not just one.....

Yes, we can delete posts...but then the posters are PMing and emailing and raising heck and that further slows things down!

As you see, (or saw since it will not be visible to you now), I deleted one post here, I left the other's material as I want others to be able to see what was wrong that I am writing about....thank you valis! ..... Byteman}

[valis]

no worries byteman.....I will do that in the future....what I generally do is scan for malware, and if it's there, report it and ask for it to be moved to the security forum.

You know I actually do security work on another site, right?

again, no worries; in the future I'll leave them be.

thanks,

v

[Byteman]

Yes valis I know you are a very qualifed person and a friend to all here, as are quite a few others who reply to this type of thread.


There was nothing wrong with asking for an HJT log...my point is what it causes! I don't see the point of having a policy or rule if we allow some people to break it.

The temptation is just too great for someone to come along, see items in a log, and start offering further advice.

You included this in your post as you always do, which is one reason I left it, plus the fact that you included correct links and directions...and a log would be asked for anyhow....

Quote:

Originally Posted by valis

then let a security expert (gold badge next to their name) take a gander at it.

Except for it being the FIRST REPLY TO A THREAD THAT HAD ZERO REPLIES.... it was fine.

I'm trying to get this noticed by others as well as explain to you, just exactly why I am taking some time to post it


It's just as I posted> Security helper goes through thread lists> sees posts with replies...opens it....((But>>> also might not even bother....}} HJT log asked for, but no log posted yet......bye bye, on to the next, thread is NOT subscribed to....security helper goes to Subscribed threads list of ones they have been working......starts in again with thread THAT HAS some new info come back....skipping the thread entirely that you asked for the log in. We like to REPLY with the HJT REQUEST which means>>>>>>>>>>>>WE ARE SUBSCRIBED to it, and then we have an easy way to just look at that list to see which thread we have started working has new replies....

The whole bunch of reasons we have this policy now....would take several replies to thoroughly explain

[dcook12]

Quote:

Originally Posted by darrenkook

{Note by Moderator: Please see TSG Rules: and also what I posted to valis about replying to threads and the effect that has on how we respond

Log Analysis/Malware Removal - In order to ensure that advice given to users is consistent and of the highest quality, those who wish to assist with security related matters must first graduate from one of the malware boot camp training universities or be approved by the administration as already being qualified. Those authorized to help with malware issues have a gold shield next to their name and authorized malware removal trainees have a blue shield next to their names. Anyone wishing to participate in a training program should contact a Moderator for more information.


You are not presently qualified to offer advice for removing malware.
Though what you offered may be considered helpful, you did not post links to, directions for use, of any of the programs-
*We do appreciate your trying to help out! There are many reasons why we ask that no one respond to threads that clearly are dealing with spyware/adware/malware removal or detection.
*keyloggers mostly run secretly, and may not have entries in Add/Remove for example...and, they need some special tools quite often to detect-
*commercial ones are bypassed by some common scanners as they have registered with antispyware companies to have their keyloggers not detected at all.
* We always also like to see what is running, as far as any malware, and the antivirus or antispyware apps they have already....thank you!


1. Get your key back and change your password!!
2. If she installed a keylogger you should see new program installed when you got to start>programs.
3. Anyone correct me if I am wrong, but keyloggers are considered spyware, so run the usual scanners (hopefully you have spybot S&D, A squared etc..)all good scanners listed in the sticky thread. One of them should catch that. Also I would go to the control panel look at add/remove programs and see if there are any programs in there that you do not recognize and google it (or just uninstall it if you know it is something you did not add). Good luck!!

Sorry about that. My intention was just to have them do some safe scans while waiting for an expert. But I definitely understand and will re-read the forum rules and make sure I am clear on the rules. Thank you. I really like this forum would like to be helpful if I can. I apologize.

[valis]

Quote:

Originally Posted by Byteman

Except for it being the FIRST REPLY TO A THREAD THAT HAD ZERO REPLIES.... it was fine.

Again, no worries, byteman.....I'll steer clear. Just two points:

1. In the hjt forum, only badges can post there, and

2. I wasn't the first to reply.

take care, and I'll talk to you soon.

tim

[jay325]

I have the hijack this log on notepad but cant figure out how to copy it to the forum.

[Byteman]

Hi jay325

Here's directions

Let's have you post a log from Hijackthis and maybe we can spot anything out of place:
go to Click here to download HJTsetup.exe

• On that page, select one of the servers in the list under the Free Downloads heading
• Save HJTsetup.exe to your desktop.
• Double click on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Hijack This.
• Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
• Put a check by Create a desktop icon then click Next again.
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch Hijack This.
• Click on the Do a system scan and save a log file button. It will scan and then save the log and then the log will open in Notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Paste the log in your next reply.
• Don't use the Analyse This button, its findings are dangerous if misinterpreted.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Also, please do this:

• Open Hijack This and click on the "Open the Misc Tools section" button.
• Click on the "Open Uninstall Manager" button.
• Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file.
• Pick a place to save it then the list should open in notepad.
• Copy and paste that list in a reply.

[Byteman]

Hi valis, I apologize for that miss- you were the 2nd to reply.

I can see why you asked for the HJT log here.