Ghost keylogger

dreaming<>demon · 03-01-2006, 10:10 AM

I just did a scan with a nifty program called

Advanced System Optimizer (trial)

and it came up with a keylogger called "Ghost Keylogger" .
it was in my windows > prefetch folder .

it was created yesterday, so i guess that it hasn't recorded too much info yet

..
the program mentioned above had no probs removing it, but what to do from here? change all my passwords?

also please anyone with extensive knowledge of keyloggers please tell me how they get on your PC, and how the user's interface is ( like what the attacker sees as he 'hacks' my pw's etc ).

MicroBell · 03-02-2006, 02:14 AM

I would double check and run another scan with a better known antispyware program. I can find no legit reviews for Advanced System Optimizer. Many unknown and less known antispyware utilitys will detect things (falsely) to make you think your infected even though your not.......then offer to remove it if you pay the $$$$$$$.

A keylogger in the Prefetch folder is uncommon and if it is indeed the GhostKeylogger it will have more files and entrys then just the one found in Prefetch.

Ghost Keylogger is an invisible easy-to-use surveillance tool that records every keystroke to an encrypted log file. The log file can be sent secretly with email to a specified receiver.

Ghost Keylogger also monitors the Internet activity by logging the addresses of visited homepages. It monitors time and title of the active application; even text in edit boxes and message boxes is captured.

Once the data is written to a file...the file is useally sent via email, IRC chat...etc to the bad guy. You get these keyloggers by downloading "questionable" programs, installed by a hacker that compromised your PC and turned it into a BOT or via some other malware infection.

dreaming<>demon · 03-03-2006, 04:10 AM

You were right - thanks micro - im nearly certain now that that program is a rogue coz now - I cannot install my service pack updates or even download them.

jeremy · 03-06-2006, 11:07 AM

while the how you get infected as explained by microbell is true,there is one more way which is called "inside job" your parents/spouse/roommates can install it on your pc while your away

as for the cant update issue , its a host file thing for sure some spyware modified it run a scan on these sites
http://www.kaspersky.com/virusscanner
http://www.ewido.net/en/onlinescan/
http://www.webroot.com/consumer/prod.../freescan.html
when done goto start-->run-->notepad c:\windows\system32\drivers\etc\hosts
delete all entries and put this entry and save
127.0.0.1 localhost

also use hijackthis http://www.majorgeeks.com/download3155.html
click "do a system scan and save a logfile" and open a thread in this section http://www.tech-forums.net/forumdisp...forumid=126&s= and copy & paste it also get rootkitrevealer http://fileforum.betanews.com/detail...r/1109180009/1 do a scan and when done do file-->save open the log and copy & paste that too

dreaming<>demon · 03-07-2006, 08:40 AM

Thanks jeremy, all is ok now

Member Login