Got a Keylogger Virus today

[easysurfer]

I was replacing my antivirus software today. Instead of AVG, I decided to use Panda Cloud as AVG was taking too much time to scan.

Now I use a combo of Panda Cloud and Malewarebytes. So, after testing, installing Panda, I do a run of Malewarebyes just to be sure. An additional scan.

Malewarebyes comes up flagging a trojan virus called "trojan.zbot". I look it up and it's a keylogger that could be harmful.

Now I wonder, how long have I had that on? Could someone had recorded my keystrokes? Looks like neither the scan of AVG from lastnight nor Panda caught this

So, I just ended up for the past hours changing passwords to my accounts that would be a target (such as Vanguard, credit cards, my bank, paypal etc).

Usually, the challenge questions for logins are a nusiance. But now I'm glad they have them.

Still I wonder..could someone have my keylogs in their possession?

If there's a post from me like.."Hey..Im' Brett Favre..I got this text message..." my explaination is my computer got hijacked!

 

[MasterBlaster]

These things are a reality of the internet today. Firewalls and anti-virus software will help but will not prevent every virus infection. none of the anti-virus software routines catch every infection.

Could you have had this for a long time ?... The answer is yes it is possible.

could someone have my keylogs in their possession?... The answer is yes it is possible.

 

[Sarah in SC]

That is scary! I changed to Avast recently after having a very pesky time with browser hijacks when I was using AVG. I also use malwarebytes. Hope you don't have any trouble!

 

[walkinwood]

I use Microsoft's free Security Essentials, but after reading your message, I've downloaded the free malwarebytes and am scanning my computer now. Thanks for posting.

I also use NoScript, a plug-in for Firefox that prevents scripts from running unless you allow them. It is a pain when you start using it, but as you add your trusted sites to its list, it gets easier.

 

[MasterBlaster]

Those virus scanners will help.

However just google "trojan.zbot" to see how sophisticated these viruses have become.

It's a losers battle. You can't win every time.

Instead perhaps we should consider (and reconsider) what we do on the Internet.

 

[easysurfer]

I was looking at the log from Malewarebytes. It doesn't say when I got the virus, but it was in a temporary internet folder (IE5), and referred to a .gif image.

 

[obgyn65]

Hello - I use Norton antivirus. Should I download malwarebytes ? What is the difference between the two ? Sorry I am not an IT expert.

I use Microsoft's free Security Essentials, but after reading your message, I've downloaded the free malwarebytes and am scanning my computer now.

 

[target2019]

Where was the keylogger located? Did it ever run?

 

[BigNick]

I run no anti-virus software at all, because (to a first approximation) it doesn't work. If I suspect a problem, I use ComboFix, which I have seen catch malware which no other A/V software knew about.

 

[FIRE'd@51]

Hello - I use Norton antivirus. Should I download malwarebytes ? What is the difference between the two ? Sorry I am not an IT expert.

From this, I would guess Norton would find it.

 

[easysurfer]

Just got a call this morning from Discover Card security. There was a fruadulant charge of $1 on it to a place in CA.

Hmmm..very supicious.

My card got cancelled and they are going to rush me a new one tomorrow. What a pain as I have lots of recurring bills set on my card..and will have to re-notifiy all of them.

When I run Malewarebytes, it says the zbot virus is removed. So I restart and run again then it shows as flagged again. I tried a program supposedly to kill the zbot virus but that didn't work either.

Next, I may have to restore from a clean image instead of trying to fix. Also, I'm going to use an uninfected laptop as for now, who knows, anything I type might be compromised unitil I get this fixed....

What fun...---NOT!

 

[Onward]

If you have or had a keylogger virus, then everything you've typed has almost certainly been transmitted to someone else. That includes URLs you've entered manually, usernames, passwords, answers to security questions, and credit card numbers.

When I run Malewarebytes, it says the zbot virus is removed. So I restart and run again then it shows as flagged again

Wipe the drive. Anything less is too high a risk IMO.

 

[Janet H]

Hello - I use Norton antivirus. Should I download malwarebytes ? What is the difference between the two ? Sorry I am not an IT expert.

You need both. malwarebytes is a great tool to scan your system and remove garbage but does not really do real time monitoring. For that you need norton or some other virus protection. I have used a number of antivirus schemes over the years - none are perfect. All you can do is practice 'save internet' and hope for the best.

I have had a couple of nasty rootkits in the past year that norton didn't even detect and could not remove. Malwarebytes did. But Norton has filtered a lot of daily garbage.

 

[GregLee]

I've run Linux since the early 90s on systems where I work and my computers at home. Never ran any anti-virus software, never had a virus. I did run a rootkit hunter on a system at work, but it never found anything -- just irritated me with daily emails.

 

[MasterBlaster]

And how would you know you never had a virus ?

A virus like a keylogger is hard to detect.

 

[Texas Proud]

I run no anti-virus software at all, because (to a first approximation) it doesn't work. If I suspect a problem, I use ComboFix, which I have seen catch malware which no other A/V software knew about.

From your link.... sound like it is not for the untrained...


You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

 

[BigNick]

From your link.... sound like it is not for the untrained...

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

I read that too, but when I ran it, it just churned away for 15 minutes, rebooted once, produced a report saying what it had done, and my keylogging rootkit was gone. I suspect that they just put that on there to reduce the number of support calls which they get. If your PC is doing weird things and other stuff doesn't help, there's not much to lose.

Don't forget that 2-3% of all PCs suffer irretrievable, spontaneous loss of the entire hard disk each year, in which case, not only do you have to reinstall, but you've also got to remember how to restore those backups which you assiduously make daily. Drive failure destroys several orders of magnitude more data per year than viruses, but because there's nobody to blame (usually), it doesn't make the papers.

 

[easysurfer]

Well, I'm using my laptop at the moment. I'm pretty sure it is keylogger free but am doing a malewarebytes scan at the moment.

On my desktop, I think the keylogger has been there for awhile and by chance I decided to do a malewarebytes scan yesterday and flagged it. Yet, it is peculiar that the day after, someone tried to used my Discover card fradulently.

I have this rollback software that takes snapshots of my system and hard drive. I went back to August, then did a scan but the Zbot virus was still found. Rather go going month by month back, I went back to the very first snapshot (2008), then did I scan, and the virus was not there.

So, I restored my desktop to my pristine image from back in 2008, just did one more scan and no Zbot virus.

Time to set up my computer and recover from that point....

Still I'm gonna reset some passwords...my router, main emails, etc. and keep my fingers crossed no other info besides my Discover card got compromised.

A keylogger is one that I fear the most...never one impacted by one (that I know of ) until now.

 

[GregLee]

I'm pretty sure it is keylogger free but am doing a malewarebytes scan at the moment.

If I've followed this saga, you've found the keylogger every time after you've run Malwarebytes. If it's Malwarebytes that is infected, even if your system was keylogger free before the scan, it will be virus-full after. Well, good luck.

 

[scrabbler1]

My friend got a rather new virus called Antivirsnow which is a fake antivirus program. It prevented all antivirus and antispyware programs including symantec, spybot S&D, and Malwarebytes from opening. It also prevented MSCONFIG from running (wanted to run System Restore from there) and most other ordinary PC tasks.

What I did last night was to reboot into Safe Mode, then run System Restore from there to a point before the trouble started. This reset the registry so the 3 programs could open and start running. Malwarebytes and Symantec found some bad stuff and cleaned up the system. Took a few hours but he is fine now.

 

[Alan]

A keylogger is one that I fear the most...never one impacted by one (that I know of ) until now.

A keylogger is a big fear of mine also and these days I only ever access the sites I do transactions at via "favorites" so that I never type in a url, and if a site offers to remember my username I will do so (eg Fidelity) so that I don't have to type in my username.

A couple of sites such as TreasuryDirect and HSBC UK have password techniques to fool keyboard loggers (eg HSBC UK requires an 8 -12 digit PIN and each time you log in you are asked for a random subset of 3, such as 1st, 4th and next to last).

 

[yakers]

I hope we don't have to go to something like TreasuryDirect, its a PITA since I don't use it often. But it does seem like a very secure system.

 

[Alan]

I hope we don't have to go to something like TreasuryDirect, its a PITA since I don't use it often. But it does seem like a very secure system.

I agree about TD, but fortunately I don't log in too often. A collegue I knew at work also has an English bank account (I forget which) and a year back they sent him a card reader and a card (I think). As part of his login process he puts the card into the reader and it generates a code he has to enter.

 

[Livefree]

You should turn off system restore. This is an area that cannot be scanned by antivirus software. Then boot to Safe Mode and run a full scan and turn back on. Make sure Antivirus and Malwarebytes have the latest updates.

The best option is to wipe the disk like someone mentioned..you'll never know if you cleaned it..and all systems benefit from being wiped and reloaded about once a year..

 

[easysurfer]

Well, I got my system back up part way. Changed the password on my router, and importantly my main email. I kept on having this nightmare that some hacker would steal my main email, then reset all my accounts to that email. At least now, the virus is off my computer and my primary passwords are reset. I'm gonna change my others again as when I did that last night my computer still may have been infected!

I still have a lot of applications to reinstall. Hopefully, I'll get most of that done tonight -- buring the midnight oil.

Tommorrow, I'll access the damage to see if I get any other suspicious transactions besides just Discover card.