Hi Chris
I'd suggest running F-Secure Blanklight which you will find a link to in my
first reply. It really depends on who else has access to your pc and where
AOL is finding the Keylogger files to determine if its a real threat, They
can be easily hidden if another user installs them so you will not find any
of the files unless you know the hot key combination to bring it out of
hidden mode, Its a commercial keylogger so Id assume it has to be manually
installed so again this depends on who has access to your pc, The hotkey
combination can be configured so its difficult to know what it will be, on
some you can just type a word anywhere on the desktop to make it show itself
but again that can be changed by whoever put it on. Run F-Secure Blacklight
and post back the log it produces (fsbl-date/time.log) and we can take it
from there and also see if you can get a log from AOL to show what its
detecting if not then make a note of the file.
Regards
Andy
:
KNow anything about Advanced Keylogger????? I am on aol. Their spyware keeps
picking up advanced keylogger and quarantining. But it comes back evry day
often several times EVEN WHEN I AM NOT SIGNED IN. What should I do.
Second ran search microsoft information and complex article on HIDDEN files
says Keyloggers can be in hidden files so cannot see them Mindblowing
explanation of new method of removal. Please help.
--
hampshire chris
:
Hi Rick
For the first Protocol Filter problem open notepad and copy this next part
into it making REGEDIT4 the top line in notepad:
REGEDIT4
[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
Goto file on the top bar and choose Save As, name it fix.reg and on the save
as type area change it to All Files then save it to your desktop. Double
click fix.reg and allow it to be merged into the registry,
For the ANTIAK.SYS file this is maybe connected to a commercial
Anti-keylogging program which installed as a trial version and left some
files behind (possibly from h**p://
www.anti-keyloggers.com/ but the version
they have now doesnt create that file so I cannot be sure) Its unlikely to be
a Virus/Trojan file as there would be some record of it on security sites,
The fix tool you post a link to seems clean when scanned at AV sites but it
does make a registry change in this area:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RemoteAccess\Parameters
I cannot say how well it works as I don't have the ANTIAK.SYS file to test
with but noticed it was used over at SpywareInfo without any obvious
negative results so will leave that for you to decide
.
I think you may be able to remove this using F-Secures beta blacklight by
renaming 2 files if they are found then reboot and delete the files as they
will then appear because they have been renamed to a .ren extention.
Download Blacklight beta
http://www.f-secure.com/blacklight/try.shtml
Run the program, accept statement > click next then scan
If these files are detected have blacklite rename them
C:\Windows\DFSLKI5A.O9U
C:\Windows\SYSTEM32\ANTIAK.SYS
Do not rename "wbemtest.exe" as its a windows file. If there are any other
files you THINK may be valid don't rename them for now as Blacklight will
create a log that can be post back if needed called fsbl-<date/time>.log
.The tool will ask you to reboot, choose yes.
When the system reboot's check for these files and delete them:
C:\Windows\DFSLKI5A.O9U.ren
C:\Windows\SYSTEM32\ANTIAK.SYS.ren
If you cannot delete them reboot into safe mode then remove the files
(Reboot and keep tapping F8 then choose safe mode from the list)
Let us know if you have any problems
Regards
Andy
