Author Topic: First post, need help with removing red marked root.keylogger in antirootkit  (Read 6078 times)

0 Members and 1 Guest are viewing this topic.

December 04, 2014, 04:18:14 AM

kjm1755

  • Newbie

  • Offline
  • *

  • 5
  • Reputation:
    0
    • View Profile
root.Keyloger Name: \Driver\Kbdclass@\Device\KeyboardClass0

Not sure how to go about removing entry as RogueKiller says "Critical. The item is malware and should be removed."
Delete sure didn't work. (such a rookie). So I am thinking this has a manual removal process. Didn't want to guess as I really do not understand how it works. Assistance would be most appreciated.

RogueKiller V10.0.8.0 (x64) [Nov 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Studio User [Administrator]
Mode : Delete -- Date : 12/03/2014  13:35:17

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass0 : \Driver\SynTP @ \Device\00000073 (\SystemRoot\system32\DRIVERS\blbdrive.sys)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HM501II ATA Device +++++
--- User ---
[MBR] ad163aea0e1f43fad9b4cad3168c2826
[BSP] 400e3873cce2b5d6c385994e5db5e6ba : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 15000 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 30801920 | Size: 461899 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_11242014_072630.log - RKreport_DEL_11242014_072638.log - RKreport_SCN_11242014_070214.log - RKreport_SCN_11242014_173042.log
RKreport_SCN_12032014_083232.log - RKreport_DEL_12032014_111310.log - RKreport_DEL_12032014_111603.log - RKreport_DEL_12032014_112110.log
RKreport_DEL_12032014_112113.log - RKreport_SCN_12032014_112828.log

Reply #1December 04, 2014, 10:36:20 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 954
  • Reputation:
    90
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Hello
Could you scan that file on Virus Total?
C:\Windows\system32\DRIVERS\blbdrive.sys

Reply #2December 04, 2014, 04:05:12 PM

kjm1755

  • Newbie

  • Offline
  • *

  • 5
  • Reputation:
    0
    • View Profile
Scanned with Virus Total :  "Probably harmless! There are strong indicators suggesting that this file is safe to use. "

Reply #3December 04, 2014, 04:06:59 PM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 954
  • Reputation:
    90
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Ok thanks, it'll be added to the whitelist.

Reply #4December 04, 2014, 04:18:37 PM

kjm1755

  • Newbie

  • Offline
  • *

  • 5
  • Reputation:
    0
    • View Profile
Thanks for assistance. Had me going there for a moment or two ..... 8)