Everything posted by MageUK
-
[FORUM] shockwave2_0_1.exe
Did you actually run the "shockwave" file? If you only downloaded it but didn't open/run it, then the keylogger will not have installed itself.
-
[FORUM] shockwave2_0_1.exe
As soon as you sent the link to me, I already informed the Mods/Admins that I thought your account was hijacked and that it wasn't really you sending the PMs, check the second post in this topic. :wink:
-
[FORUM] shockwave2_0_1.exe
It's come to my attention that at least one forum user has become infected by this, it will have been sent in PM, and possibly even from a user you think would be trustworthy, who has most likely had their account stolen. If you downloaded "shockwave" from this link, then please follow the above instructions immediately!
-
[FORUM] shockwave2_0_1.exe
This one is so easy to remove I'm not even going to provide an application to do it. Follow these simple steps and you'll be keylogger free in no time. Open your task manager by pressing either "Ctrl + Alt + Delete", or "Ctrl + Shift + Escape" Open the tab marked "Processes", and click the "Image Name" section once to put them in alphabetical order. Scroll down until you find "update[Caution: Executable File]" (there might be a few of them). End all processes called "update[Caution: Executable File]" one by one, yes, this may exit the windows update process but that doesn't really matter as it will restart. Once you've ended them all (if there's one that keeps coming back, don't worry, that's probably the windows one which we don't need to exit from), navigate to this directory : Delete the file called "update[Caution: Executable File]", empty your recycle bin. If executed correctly, those instructions should remove this keylogger.
-
Check a topic
Yes, I received this myself earlier today. Since I am retired from RS and my Tip.It password is different to RS, I download the "Shockwave Player" that I needed. Well, good old Kaspersky picked it up straight away and had no problems deleting it. So, stay clear and don't download anything from this link. Definitely a keylogger, and a clever way to get users to download it. But also one of the most stupidly easy to remove. Edited your posts to remove the link, in future guys, please post links to the topics or PM me them if they're sent via PM to you. Don't want people/staff thinking you're the one spreading it. :) http://forum.tip.it/viewtopic.php?p=5338534#5338534
-
[FORUM] H_A_12_D_...exe
This guy posted yet another one.... The above tool STILL removes it. Pathetic. http://rapidshare.com/files/57528368/GPVPRemove.zip
-
[FORUM] Number1337Staking.exe
CONFIRMED : KEYLOGGER IF YOU ARE INFECTED Download this package - follow the readme inside it. http://rapidshare.com/files/59625666/WSADRemove.zip
-
[FORUM] H_A_12_D_...exe
This guy seems to be spamming under a lot of different names, I'll check out some of the other links tomorrow but it appears to be the same file.
-
[FORUM] H_A_12_D_...exe
It will only delete the stuff successfully if you actually ran the infected file and got keylogged, otherwise you'll notice the program will fail to delete the folder it needs to.
-
Check a topic
Are you like running these on an old machine with a process-watch or something? I'm curious to see how you find the reg values and stuff. I'd prefer not to disclose exact details of how as this could allow it to be circumvented but it involves a virtual machine and some useful tools, and just a FYI, most of these loggers don't drop any registry values in. :P
-
H_A_12_D latest and pking video- stakes of 144 santas, 4 blu
CONFIRMED : KEYLOGGER IF YOU ARE INFECTED Download this package - follow the readme inside it. http://rapidshare.com/files/57528368/GPVPRemove.zip
-
[FORUM] H_A_12_D_...exe
CONFIRMED : KEYLOGGER IF YOU ARE INFECTED Download this package - follow the readme inside it. http://rapidshare.com/files/57528368/GPVPRemove.zip
-
[FORUM] AIO - Rs Programs.exe
You need to send me either the application or a link to it. I can't check a screenshot or the name of the program for keyloggers.
-
[FORUM] AIO - Rs Programs.exe
I asked for a PM, which you didn't do, you posted in a completely unrelated topic. Not only that, the "file" you sent me was a screenshot of the application, which I can do nothing at all with.
-
[FORUM] Calcs.exe
CalcsPack.zip --> Calcs[Caution: Executable File] CONFIRMED : KEYLOGGER IF YOU ARE INFECTED Download this package - follow the readme inside it. http://rapidshare.com/files/56442907/WLDNRemove.zip
-
Check a topic
Checked and posting now, keylogger for sure.
-
hijackthis logfile
He said they need to be looked into. Plaxo is an "addon" for Outlook that they may not have agreed to install. He never went ahead and said "Remove These".
-
[FORUM] survey1.exe
No, this was posted in the General Discussion forum I believe. Any quoted posts in the Keylogger Forum have the links to the infected files removed. The ONLY live links posted by me will be links to the tools to disinfect your machine, should you have downloaded the keylogger in the first place. The idea is that people can check this forum and look for their file name in the topic titles, if they see the same post they remember downloading from, they know they are in the correct topic to get what they need to clean their machine.
-
What the programs do
You never saw this topic not stickied, it was a figment of your imagination... :roll:
-
What the programs do
So you want to know what the packages I post for download to help removal do? You're in the right place. I've posted here a simple idea of what they do, and further down, one for someone who is more familiar with programming. Both programs are coded by myself in C++. Simple The first program in the ZIP, "RUNFIRST[Caution: Executable File]", will insert what is called a "Registry Key" into your system, this will allow the second program (XXXXRemove[Caution: Executable File], where XXXX are letters), to run after reboot before anything else does. This means that right after you log on, or after you see the "Loading your profile settings..." etc, the second program will run right then. The second program then deletes the keylogger and any files associated with it, if it is successful then your PC will be clean. Technical The first program, "RUNFIRST[Caution: Executable File]" uses simple Windows API calls to do two things. The first checks that the second file exists using "GetFileAttributes()", if the file exists, the program will then put a registry key in place, telling windows to run the second file after reboot, this is done using the Reg* API functions. The second program can be changed easily by me to remove either files or directories, depending on what the specific keylogger leaves behind, usually it's a simple directory deletion, but sometimes it drops files into sensitive areas where we can't just delete that directory. It will check each file exists and if it does, delete it, if not, it will return an error of either "DOES NOT EXIST", or "FAILED". Once the files are deleted, the system should be clean. Hope this gives a little explanation on how everything works.
-
[FORUM] AIO - Rs Programs.exe
Every post will contain a quote of the original post the keylogger was located in. The quote in the first post in this topic is exactly what the user posted but with the offending link removed. It's to help users identify if they downloaded this executable or not, so they know if they are infected.
-
Admired players~~�������µ~~2k views
I admire Satenza. (and Petert)
-
[FORUM] AIO - Rs Programs.exe
CONFIRMED : KEYLOGGER IF YOU ARE INFECTED Download this package - follow the readme inside it. http://rapidshare.com/files/55210212/ICPTRemove.zip
-
[FORUM] survey1.exe
CONFIRMED : KEYLOGGER IF YOU ARE INFECTED Download this package - follow the readme inside it. http://rapidshare.com/files/55211277/EIKTRemove.zip
-
Submitting a suspicious file via e-mail
If you wish to submit a file from elsewhere that you believe may have infected your machine with something, you can e-mail it to me, and I will check it. There are a few guidelines I need to cover : 1) The e-mail must be sent to [email protected] and must have the subject "Suspicious File". 2) You must follow up the e-mail with a PM to me on the forums stating your e-mail and the name of the file you have sent me. If you do not follow these guidelines, your e-mail will be disregarded. Results of the e-mail attachment scans will be posted as a topic in this forum with the key [sUBMIT].