- Jan 6, 2002
- 22,946
- 1,138
- 126
Somebody sent my GF a SCR telling her it was a picture, she tryed to open it. And since her system has been boffed. She's running Avast!, AdAware, Spybot, all updated.
Avast identified a keylogger, she told it to delete it, it said it would reboot and clean it out. It did that and she deleted the files when Avast found them durring the start up *before windows opened* Adaware + Spybot are finding nothing/
but in Windows Avast is still coming up with the you have a virus box. Today he logged on her Yahoo Messanger and was talking to me, which tells me the keylogger was still intact. I had her change her yahoo password last night (just to be safe)
We had installed Kiero firewall last night, but she doesn't know anything about firewalls so I wasn't able to walk her threw it over the phone.
I had her unplug her Cable modem today and I reset her yahoo password *which he had changed* so he can't get on anylonger.
My question is if no processes are running *we did C+A+D & MSconfig* that are malicious, what steps can be take to get control of her system back to her.
Suggestions for a firewall program would be lovey if nothing else. I'm sure he's getting in threw one of her ports.
*update* she has winkey.dll/reginv.dll on her system, these are part of some backweb type program called Prorat, I did a google on it, but none of the info I found helped us get rid of it. she boots to safe mode but can't delete the 2 dll files, we checked the attributes and they're not read only. Any suggestions how to wipe this??
thanks
Avast identified a keylogger, she told it to delete it, it said it would reboot and clean it out. It did that and she deleted the files when Avast found them durring the start up *before windows opened* Adaware + Spybot are finding nothing/
but in Windows Avast is still coming up with the you have a virus box. Today he logged on her Yahoo Messanger and was talking to me, which tells me the keylogger was still intact. I had her change her yahoo password last night (just to be safe)
We had installed Kiero firewall last night, but she doesn't know anything about firewalls so I wasn't able to walk her threw it over the phone.
I had her unplug her Cable modem today and I reset her yahoo password *which he had changed* so he can't get on anylonger.
My question is if no processes are running *we did C+A+D & MSconfig* that are malicious, what steps can be take to get control of her system back to her.
Suggestions for a firewall program would be lovey if nothing else. I'm sure he's getting in threw one of her ports.
*update* she has winkey.dll/reginv.dll on her system, these are part of some backweb type program called Prorat, I did a google on it, but none of the info I found helped us get rid of it. she boots to safe mode but can't delete the 2 dll files, we checked the attributes and they're not read only. Any suggestions how to wipe this??
thanks
Facebook
Twitter