Cum scap de un keylogger?
Last Updated: Oct 25 2016 17:32, Started by
Rhastalord
, Oct 25 2016 16:53
·
0
#1
Posted 25 October 2016 - 16:53
Salut!
De cateva zile ( 3-4 zile ) cineva cu IP din Los Angeles - America mi-a accesat contul de Steam cu username / parola insa nu a reusit sa intre pe cont din cauza mobile authenticator-ului .Nu am bagat de seama, stiind ca nu are cum sa imi acceseze contul, si peste o zi altul din Bangalore, India a incercat sa acceseze contul cu username / parola dar n-a putut sa continue din cauza codului pe care eu il primesc pe telefon.Am schimbat parola preventiv si iarasi am primit mail ca cineva mi-a ghicit username / parola la Yahoo tot din Statele Unite insa n-a reusit sa intre complet datorita telefonului. Am schimbat parola dar tot am impresia ca le ghiceste si voiam sa va intreb cam ce soft recomandati de depistare keyloggere?Acum descarc Malware Bytes - Rootkit dar voiam sa-mi impartasesc cu voi aceasta experienta. Credeti ca imi pot hackui contul chiar daca nu au acces la telefon?E posibil sa dea bypass la pasul unde cere codul pe care eu-l primesc pe telefon?Nu ma deranjeaza ca imi stiu username / parola, ma deranjeaza sa nu imi acceseze contul atata timp cat este protejat de telefon. Va multumesc |
#2
Posted 25 October 2016 - 16:57
Urmeaza intai pasii de aici - http://forum.softped...hide-topic-nou/
In mod normal un antivirus ar detecta un keylogger. Tu ai vreunul ? |
#3
Posted 25 October 2016 - 16:57
Folosesc doar Windows Defender de la Windows 10.
Multumesc de link, acum il citesc! EDIT: Mi-a gasit cu Rootkit vreo 7 virusi ( 2 trojan si multe hijack ) si acum cu Adwcleaner inca 26 threats. Edited by Rhastalord, 25 October 2016 - 17:01. |
#4
Posted 25 October 2016 - 17:05
Urmeaza exact pasii de-acolo, in ordinea data - inclusiv scanarea cu cei 2 anitivirusi.
Sa pastrezi logurile - de la Malwarebites in special sa-l pui dupa ce termini tot. |
#5
Posted 25 October 2016 - 17:20
Net prin Kairos https://kairosplanet...a 1577 $ an ...
poti incerca! Afirma ca e impenetrabil! Edited by aazz, 25 October 2016 - 17:21. |
#6
Posted 25 October 2016 - 17:26
) Mersi de sfat @aazz,
Mersi mult @eiffel pentru ajutor, sa speram ca s-au rezolvat problemele. Malware Bytes Anti-Rootkit Beta Logs : Quote
Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2014.11.18.05 rootkit: v2014.11.12.01 Windows 10 x64 NTFS Internet Explorer 11.321.14393.0 Laur :: DESKTOP-ILPALBC [administrator] 10/25/2016 5:31:09 PM mbar-log-2016-10-25 (17-31-09).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 365550 Time elapsed: 15 minute(s), 36 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 6 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe (Trojan.Agent) -> Delete on reboot. [83badd60bfbd3df9ac21b34150b3b050] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [8eaf2419621a5bdb6f77975dd1326b95] HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe (Security.Hijack) -> Delete on reboot. [d76673ca4834c175d13540b71ee5a15f] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe (Trojan.Agent) -> Delete on reboot. [c87592abf389f64002cbd81c768d6898] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [46f7f449d5a7a88e24c24da7729102fe] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe (Security.Hijack) -> Delete on reboot. [122bdb62ee8e201622e43cbbf80b1de3] Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) ADWCleaner Logs: Quote
# Adwcleaner v6.030 - Logfile created 25/10/2016 at 18:00:58 # Updated on 19/10/2016 by Malwarebytes # Database : 2016-10-23.2 [Server] # Operating System : Windows 10 Pro (X64) # Username : Laur - DESKTOP-ILPALBC # Running from : C:\Users\Laur\Downloads\adwcleaner_6.030.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** Folder Found: C:\Users\Laur\AppData\Local\Babylon Folder Found: C:\Users\Laur\AppData\Roaming\Babylon Folder Found: C:\Users\Laur\AppData\Roaming\Hola Folder Found: C:\Program Files\Hola Folder Found: C:\ProgramData\Babylon Folder Found: C:\ProgramData\Application Data\Babylon ***** [ Files ] ***** File Found: C:\END ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** No malicious task found. ***** [ Registry ] ***** Key Found: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK Key Found: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1 Key Found: HKLM\SOFTWARE\Classes\Prod.cap Key Found: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK Key Found: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1 Key Found: [x64] HKLM\SOFTWARE\Classes\Prod.cap Key Found: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146} Key Found: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} Key Found: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270} Key Found: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} Key Found: HKU\.DEFAULT\Software\Hola Key Found: HKU\S-1-5-18\Software\Hola Key Found: [x64] HKLM\SOFTWARE\Hola Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com Key Found: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com Value Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [hola] ***** [ Web browsers ] ***** No malicious Firefox based browser items found. No malicious Chromium based browser items found. ************************* C:\AdwCleaner\AdwCleaner[S0].txt - [2483 Bytes] - [25/10/2016 18:00:58] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2556 Bytes] ########## Junkware Removal Tools Logs: Quote
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.9 (09.30.2016) Operating System: Windows 10 Pro x64 Ran by Laur (Administrator) on Tue 10/25/2016 at 18:04:38.70 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 5 Successfully deleted: C:\ProgramData\esellerate (Folder) Successfully deleted: C:\WINDOWS\system32\Tasks\update-S-1-5-21-1881795633-2101093997-3383294303-1001 (Task) Successfully deleted: C:\WINDOWS\system32\Tasks\update-sys (Task) Successfully deleted: C:\WINDOWS\Tasks\update-S-1-5-21-1881795633-2101093997-3383294303-1001.job (Task) Successfully deleted: C:\WINDOWS\Tasks\update-sys.job (Task) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 10/25/2016 at 18:06:38.27 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malwarebytes Anti-Malware Home Logs: Quote
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/25/2016 Scan Time: 6:14 PM Logfile: log.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.10.25.10 Rootkit Database: v2016.09.26.02 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: Laur Scan Type: Threat Scan Result: Completed Objects Scanned: 342011 Time Elapsed: 9 min, 57 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 3 HackTool.GameHack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Cheat Engine 6.5.1_is1, , [c7a7504d2674e650f6a4b45755b06a96], HackTool.AutoKMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SppExtComObj.exe, , [1f4f3d60d1c99e980f5d965a9d645da3], HackTool.AutoKMS, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SppExtComObj.exe, , [1f4f3d60d1c99e980f5d965a9d645da3], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 5 HackTool.GameHack, C:\Program Files (x86)\Cheat Engine 6.5.1\unins000.exe, , [c7a7504d2674e650f6a4b45755b06a96], HackTool.AutoKMS, C:\Windows\System32\SppExtComObjPatcher.exe, , [1f4f3d60d1c99e980f5d965a9d645da3], PUP.Optional.Babylon, C:\Users\Laur\Downloads\Unlocker1.9.2.exe, , [de902776bedc999dac20cb5e0af72ed2], PUP.Optional.OpenCandy, C:\Users\Laur\Downloads\CheatEngine651.exe, , [88e6a8f59307a39312dd24682bd607f9], PUP.Optional.Amonetize, C:\Users\Laur\Downloads\TEAMSPEAK3FLOODER2016__7934_il42979.exe, , [d79798051288b97d69d9ac36ab56ef11], Physical Sectors: 0 (No malicious items detected) (end) In tot acest timp, Windows Defender spunea ca am PC-ul protejat dupa n scan-uri. Se pare ca va trebui sa folosesc un antivirus "adevarat" de acum. Mersi inca o data! |
#7
Posted 25 October 2016 - 17:32
Malwarebytes nu l-ai rulat corect - nu ai dat sa caute dupa rootkit.
Cred ca nu ai rulat nici cei 2 antivirusi recomandati - te-ai miscat prea rapid. Windows Defender e ok dar depinde si de utilizator. Daca instaleaza din start crack-uri e problema lui ca isi baga probleme in PC. Si din pacate vad ca e cazul tau. AutoKMS ? Topic inchis ptr nerespectarea regulamentului. |
Anunturi
Bun venit pe Forumul Softpedia!
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users