Author Topic: Root Keylogger  (Read 4650 times)

0 Members and 1 Guest are viewing this topic.

December 30, 2014, 06:41:14 pm

BillParker

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Root Keylogger
« on: December 30, 2014, 06:41:14 pm »
Have ran RogueKiller three times.  Just ran it for the third time and Under "Registry" it found 6 items all type PUM.Dns.  Under "AntiRootkit" it found several items that it highlighted green and two items it highlighted red.  The two red items are listed under Detection as Filter: (Root.Keylogger).  I have no idea how to proceed - what to do.  Please help.

Can I simply "Restore" the computer to an earlier time to get rid of any malware/virus/key.logger/etc.?
« Last Edit: December 30, 2014, 06:45:26 pm by BillParker »

Reply #1December 30, 2014, 06:47:24 pm

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 911
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Root Keylogger
« Reply #1 on: December 30, 2014, 06:47:24 pm »
Hello
Can you please post the report?

Reply #2December 30, 2014, 06:49:30 pm

BillParker

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: Root Keylogger
« Reply #2 on: December 30, 2014, 06:49:30 pm »
How do I post it?

Reply #3December 30, 2014, 06:50:44 pm

BillParker

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: Root Keylogger
« Reply #3 on: December 30, 2014, 06:50:44 pm »
RogueKiller V10.1.1.0 (x64) [Dec 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Relax [Administrator]
Mode : Scan -- Date : 12/30/2014  11:17:01

Processes : 0

Registry : 6
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.128.128.128  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.128.128.128  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.128.128.128  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0AAB602D-30F1-4657-931A-FD8197C3902F} | DhcpNameServer : 10.128.128.128  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0AAB602D-30F1-4657-931A-FD8197C3902F} | DhcpNameServer : 10.128.128.128  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0AAB602D-30F1-4657-931A-FD8197C3902F} | DhcpNameServer : 10.128.128.128  -> Found

Tasks : 0

Files : 0

Hosts File : 0

Antirootkit : 2 (Driver: Loaded)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass2 : \Driver\SynTP @ \Device\00000082 (\SystemRoot\system32\DRIVERS\FwLnk.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass0 : \Driver\SynTP @ \Device\00000070 (\SystemRoot\system32\DRIVERS\FwLnk.sys)

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] 29d01b0b9268ccf78551fec292f699cf
[BSP] c3795601d96ffaea385bdd3005be7ae0 : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 464879 MB
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 955146240 | Size: 10560 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_12272014_212034.log - RKreport_DEL_12302014_103749.log - RKreport_SCN_12272014_205329.log - RKreport_SCN_12302014_101920.log

Reply #4December 31, 2014, 01:14:54 pm

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 911
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Root Keylogger
« Reply #4 on: December 31, 2014, 01:14:54 pm »
Looks like FwLnk.sys is related to Toshiba, it will be whitelisted.
http://www.runscanner.net/lib/FwLnk.sys.html