Jump to content

SUBIECTE NOI
« 1 / 5 »
RSS
De unde cumparați legume si fructe?

Samsung S21 ultra

Site-uri matrimoniale serioase

Plasa de umbrire peste gard de pl...
 O smecherie pe care nu o inteleg

Balcon parter fara acte

unde gasesc un speed bag in bucur...

Programe TV cu altfel de sporturi
 Laptop "bun la toate" max...

navigatie noua vw tiguan

ctfmon.exe - System Error (in Saf...

Ați prins vremurile cand 120 Volț...
 Whatsapp nu afișeaza numele ...

Medii admitere Politehnica Bucure...

Se extinde Baza de la Kogalniceanu

Politist mutilat de caine in curt...
 

Cum scap de un keylogger?

- - - - -
  • This topic is locked This topic is locked
6 replies to this topic

#1
Rhastalord

Rhastalord

    Junior Member

  • Grup: Members
  • Posts: 163
  • Înscris: 19.01.2015
Salut!

De cateva zile ( 3-4 zile ) cineva cu IP din Los Angeles - America mi-a accesat contul de Steam cu username / parola insa nu a reusit sa intre pe cont din cauza mobile authenticator-ului .Nu am bagat de seama, stiind ca nu are cum sa imi acceseze contul, si peste o zi altul din Bangalore, India a incercat sa acceseze contul cu username / parola dar n-a putut sa continue din cauza codului pe care eu il primesc pe telefon.Am schimbat parola preventiv si iarasi am primit mail ca cineva mi-a ghicit username / parola la Yahoo tot din Statele Unite insa n-a reusit sa intre complet datorita telefonului. Am schimbat parola dar tot am impresia ca le ghiceste si voiam sa va intreb cam ce soft recomandati de depistare keyloggere?Acum descarc Malware Bytes - Rootkit dar voiam sa-mi impartasesc cu voi aceasta experienta. Credeti ca imi pot hackui contul chiar daca nu au acces la telefon?E posibil sa dea bypass la pasul unde cere codul pe care eu-l primesc pe telefon?Nu ma deranjeaza ca imi stiu username / parola, ma deranjeaza sa nu imi acceseze contul atata timp cat este protejat de telefon.

Va multumesc

#2
eiffel

eiffel

    BusyWorm

  • Grup: Moderators
  • Posts: 68,303
  • Înscris: 15.06.2004
Urmeaza intai pasii de aici - http://forum.softped...hide-topic-nou/

In mod normal un antivirus ar detecta un keylogger. Tu ai vreunul ?

#3
Rhastalord

Rhastalord

    Junior Member

  • Grup: Members
  • Posts: 163
  • Înscris: 19.01.2015
Folosesc doar Windows Defender de la Windows 10.

Multumesc de link, acum il citesc!

EDIT: Mi-a gasit cu Rootkit vreo 7 virusi ( 2 trojan si multe hijack ) si acum cu Adwcleaner inca 26 threats.

Edited by Rhastalord, 25 October 2016 - 17:01.


#4
eiffel

eiffel

    BusyWorm

  • Grup: Moderators
  • Posts: 68,303
  • Înscris: 15.06.2004
Urmeaza exact pasii de-acolo, in ordinea data - inclusiv scanarea cu cei 2 anitivirusi.

Sa pastrezi logurile - de la Malwarebites in special sa-l pui dupa ce termini tot.

#5
aazz

aazz

    Active Member

  • Grup: Members
  • Posts: 1,679
  • Înscris: 13.02.2012
Net prin Kairos  https://kairosplanet...a 1577 $ an ...

poti incerca!

Afirma ca e impenetrabil!

Edited by aazz, 25 October 2016 - 17:21.


#6
Rhastalord

Rhastalord

    Junior Member

  • Grup: Members
  • Posts: 163
  • Înscris: 19.01.2015
:)) Mersi de sfat @aazz,

Mersi mult @eiffel pentru ajutor, sa speram ca s-au rezolvat problemele.


Malware Bytes Anti-Rootkit Beta Logs :

Quote

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01
Windows 10 x64 NTFS
Internet Explorer 11.321.14393.0
Laur :: DESKTOP-ILPALBC [administrator]
10/25/2016 5:31:09 PM
mbar-log-2016-10-25 (17-31-09).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 365550
Time elapsed: 15 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 6
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe (Trojan.Agent) -> Delete on reboot. [83badd60bfbd3df9ac21b34150b3b050]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [8eaf2419621a5bdb6f77975dd1326b95]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe (Security.Hijack) -> Delete on reboot. [d76673ca4834c175d13540b71ee5a15f]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe (Trojan.Agent) -> Delete on reboot. [c87592abf389f64002cbd81c768d6898]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [46f7f449d5a7a88e24c24da7729102fe]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe (Security.Hijack) -> Delete on reboot. [122bdb62ee8e201622e43cbbf80b1de3]
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)

ADWCleaner Logs:

Quote

# Adwcleaner v6.030 - Logfile created 25/10/2016 at 18:00:58
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-23.2 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Laur - DESKTOP-ILPALBC
# Running from : C:\Users\Laur\Downloads\adwcleaner_6.030.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****
No malicious services found.

***** [ Folders ] *****
Folder Found:  C:\Users\Laur\AppData\Local\Babylon
Folder Found:  C:\Users\Laur\AppData\Roaming\Babylon
Folder Found:  C:\Users\Laur\AppData\Roaming\Hola
Folder Found:  C:\Program Files\Hola
Folder Found:  C:\ProgramData\Babylon
Folder Found:  C:\ProgramData\Application Data\Babylon

***** [ Files ] *****
File Found:  C:\END

***** [ DLL ] *****
No malicious DLLs found.

***** [ WMI ] *****
No malicious keys found.

***** [ Shortcuts ] *****
No infected shortcut found.

***** [ Scheduled Tasks ] *****
No malicious task found.

***** [ Registry ] *****
Key Found:  HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
Key Found:  HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
Key Found:  HKLM\SOFTWARE\Classes\Prod.cap
Key Found:  [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
Key Found:  [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\Prod.cap
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Key Found:  HKU\.DEFAULT\Software\Hola
Key Found:  HKU\S-1-5-18\Software\Hola
Key Found:  [x64] HKLM\SOFTWARE\Hola
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Value Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [hola]

***** [ Web browsers ] *****
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [2483 Bytes] - [25/10/2016 18:00:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2556 Bytes] ##########


Junkware Removal Tools Logs:

Quote

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Pro x64
Ran by Laur (Administrator) on Tue 10/25/2016 at 18:04:38.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 5
Successfully deleted: C:\ProgramData\esellerate (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\update-S-1-5-21-1881795633-2101093997-3383294303-1001 (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\update-sys (Task)
Successfully deleted: C:\WINDOWS\Tasks\update-S-1-5-21-1881795633-2101093997-3383294303-1001.job (Task)
Successfully deleted: C:\WINDOWS\Tasks\update-sys.job (Task)
Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/25/2016 at 18:06:38.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Malwarebytes Anti-Malware Home Logs:

Quote

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 10/25/2016
Scan Time: 6:14 PM
Logfile: log.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.10.25.10
Rootkit Database: v2016.09.26.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 10
CPU: x64
File System: NTFS
User: Laur
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 342011
Time Elapsed: 9 min, 57 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 3
HackTool.GameHack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Cheat Engine 6.5.1_is1, , [c7a7504d2674e650f6a4b45755b06a96],
HackTool.AutoKMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SppExtComObj.exe, , [1f4f3d60d1c99e980f5d965a9d645da3],
HackTool.AutoKMS, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SppExtComObj.exe, , [1f4f3d60d1c99e980f5d965a9d645da3],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 5
HackTool.GameHack, C:\Program Files (x86)\Cheat Engine 6.5.1\unins000.exe, , [c7a7504d2674e650f6a4b45755b06a96],
HackTool.AutoKMS, C:\Windows\System32\SppExtComObjPatcher.exe, , [1f4f3d60d1c99e980f5d965a9d645da3],
PUP.Optional.Babylon, C:\Users\Laur\Downloads\Unlocker1.9.2.exe, , [de902776bedc999dac20cb5e0af72ed2],
PUP.Optional.OpenCandy, C:\Users\Laur\Downloads\CheatEngine651.exe, , [88e6a8f59307a39312dd24682bd607f9],
PUP.Optional.Amonetize, C:\Users\Laur\Downloads\TEAMSPEAK3FLOODER2016__7934_il42979.exe, , [d79798051288b97d69d9ac36ab56ef11],
Physical Sectors: 0
(No malicious items detected)

(end)


In tot acest timp, Windows Defender spunea ca am PC-ul protejat dupa n scan-uri. Se pare ca va trebui sa folosesc un antivirus "adevarat" de acum.

Mersi inca o data!

#7
eiffel

eiffel

    BusyWorm

  • Grup: Moderators
  • Posts: 68,303
  • Înscris: 15.06.2004
Malwarebytes nu l-ai rulat corect - nu ai dat sa caute dupa rootkit.
Cred ca nu ai rulat nici cei 2 antivirusi recomandati - te-ai miscat prea rapid.

Windows Defender e ok dar depinde si de utilizator.
Daca instaleaza din start crack-uri e problema lui ca isi baga probleme in PC.


Si din pacate vad ca e cazul tau. AutoKMS ? Topic inchis ptr nerespectarea regulamentului.

Anunturi

Bun venit pe Forumul Softpedia!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Forumul Softpedia foloseste "cookies" pentru a imbunatati experienta utilizatorilor Accept
Pentru detalii si optiuni legate de cookies si datele personale, consultati Politica de utilizare cookies si Politica de confidentialitate