Commercial Keylogger in XP PRO.

  • Thread starter Thread starter Dan
  • Start date Start date
D

Dan

I just scanned with CounterSpy and it discovered a commercial KeyLogger in XP
PRO. It was called Mini -- something or other but I have never heard of it.
I will now have to change all XP PRO. passwords. Will I also have to change
all my 98SE passwords as well? 98SE is in Fat32 while XP PRO. is in NTFS.
Thanks in advance for any replies. I really appreciate everyone's help.
Have a great day!
 
Thanks I have had some problems with someone trying to steal my identity in
Tucson Arizona. First it was a problem at work, then compromised Yahoo
e-mail account, and finally an opened letter from Bank of America.
Fortunately, this letter contained only a contact person that I do not use.
I contacted all security areas involved with work place, contacted Yahoo and
Microsoft about e-mail account -- I work with Microsoft as a volunteer and I
do not want the potential security breach of my Yahoo account to affect them
and so I switched e-mails with them to another e-mail account and I may have
to set up a secure e-mail account in the future, and finally I contacted Bank
of America about the failed theft of my account information. I also
contacted the Postal Inspector so I could report it to them. I may switch my
postal box from home address to a more secure location. Finally, I received
the long census form in the mail and answered a few questions and left many
blank because how do I know that the hackers cannot hack into the census
bureau. I talked to the census bureau this past week for 15 minutes about
security and vented my frustration that the United States Government and Our
Businesses are not taking the security threat seriously enough. I read in
the google news that the Terriorists would love to hack into all our computer
networks and shut them down. To all of you hackers that may be reading
this -- why not hack the terriorists machines and places like China which I
do not trust ever since I received a 17,000-18,000 hit from China on my ZA
PRO. software firewall a while back when I was on DSL and that is why I am so
annoyed about the sell out of an IBM unit to China even though the Chinese
have made IBM computers for a few years. <rant over and I will relax --- I
hate f_cking key loggers. I hope the security of my 9x system was not
compromised as well. I think it only affected XP PRO. which is great because
I focus and like 98SE much better because imo the source code level is more
secure because it is based on MS-DOS as compared to something else. <rant
over -- bye for now and time to get a beer to relax)

: I would recommend that you also install MS Anitspyware software to make
sure
: that you have all the spyware off your computers. It works really well.
I've
: used it working as a Home PC Repair consultant with great success.
: There is a chance that the keylogger could also have recorded any credit
: card numbers you entered and any website usernames and passwords.
:
:
http://www.microsoft.com/downloads/...a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en
:
: "Dan" wrote:
:
: > I just scanned with CounterSpy and it discovered a commercial KeyLogger
in XP
: > PRO. It was called Mini -- something or other but I have never heard of
it.
: > I will now have to change all XP PRO. passwords. Will I also have to
change
: > all my 98SE passwords as well? 98SE is in Fat32 while XP PRO. is in
NTFS.
: > Thanks in advance for any replies. I really appreciate everyone's help.
: > Have a great day!
: >
: >
: >
 
Thanks for the weblinks, Robear. Time to study up, fix the vulnerabilities,
make note of damage to XPPRO and associated software, change passwords, check
for other baddies, etc. It is a good thing 98SE does not appear to have been
harmed. <smile>

: Help with Hijackware
: http://aumha.org/a/parasite.htm
: http://aumha.org/a/quickfix.htm
: http://mvps.org/winhelp2002/unwanted.htm
: http://inetexplorer.mvps.org/Darnit.htm
: http://www.mvps.org/sramesh2k/Malware_Defence.htm
: http://defendingyourmachine.blogspot.com/
:
: --
: ~Robear Dyer (PA Bear)
: MS MVP-Windows (Shell, IE/OE) & Security
:
: In memory of our dear friend, MVP Alex Nichol (1935-2005)
: http://www.microsoft.com/windowsxp/expertzone/meetexperts/nichol.mspx
:
: Dan wrote:
: > I just scanned with CounterSpy and it discovered a commercial KeyLogger
: > in XP PRO. It was called Mini -- something or other but I have never
: > heard of it. I will now have to change all XP PRO. passwords. Will I
: > also have to change all my 98SE passwords as well? 98SE is in Fat32
: > while XP PRO. is in NTFS. Thanks in advance for any replies. I really
: > appreciate everyone's help. Have a great day!
 
The Keylogger is Mini Key Log 2.5. (Commercial Key Logger) --- Only
CounterSpy is picking it up. Spysweeper, Adaware, Spybot --- Search and
Destroy are finding nothing --- CounterSpy is unable to fix it. I have
restarted in safe mode in XPPRO and no unknown programs. All programs seem
to be working. May try to download and scan with CounterSpy in 98SE as well.
I am on a free 15 day trial with CounterSpy on XPPRO and I wonder if
CounterSpy put the Keylogger there to encourage me to buy the program. This
would be really bad! If the Keylogger is indeed there why are no other
antispyware utilities picking it up and why can't CounterSpy fully remove it.
It keeps coming back. What do I do? I am at wits end. Should I scan with
HiJack This and post the log somewhere or does someone have better ideas and
what forum is best for putting the HiJack This results. Thanks in advance
for any replies.

: Help with Hijackware
: http://aumha.org/a/parasite.htm
: http://aumha.org/a/quickfix.htm
: http://mvps.org/winhelp2002/unwanted.htm
: http://inetexplorer.mvps.org/Darnit.htm
: http://www.mvps.org/sramesh2k/Malware_Defence.htm
: http://defendingyourmachine.blogspot.com/
:
: --
: ~Robear Dyer (PA Bear)
: MS MVP-Windows (Shell, IE/OE) & Security
:
: In memory of our dear friend, MVP Alex Nichol (1935-2005)
: http://www.microsoft.com/windowsxp/expertzone/meetexperts/nichol.mspx
:
: Dan wrote:
: > I just scanned with CounterSpy and it discovered a commercial KeyLogger
: > in XP PRO. It was called Mini -- something or other but I have never
: > heard of it. I will now have to change all XP PRO. passwords. Will I
: > also have to change all my 98SE passwords as well? 98SE is in Fat32
: > while XP PRO. is in NTFS. Thanks in advance for any replies. I really
: > appreciate everyone's help. Have a great day!
 
I am adding the 98 newsgroup for their replies as well. TIA.

: The Keylogger is Mini Key Log 2.5. (Commercial Key Logger) --- Only
: CounterSpy is picking it up. Spysweeper, Adaware, Spybot --- Search and
: Destroy are finding nothing --- CounterSpy is unable to fix it. I have
: restarted in safe mode in XPPRO and no unknown programs. All programs seem
: to be working. May try to download and scan with CounterSpy in 98SE as
well.
: I am on a free 15 day trial with CounterSpy on XPPRO and I wonder if
: CounterSpy put the Keylogger there to encourage me to buy the program.
This
: would be really bad! If the Keylogger is indeed there why are no other
: antispyware utilities picking it up and why can't CounterSpy fully remove
it.
: It keeps coming back. What do I do? I am at wits end. Should I scan with
: HiJack This and post the log somewhere or does someone have better ideas
and
: what forum is best for putting the HiJack This results. Thanks in advance
: for any replies.
:
: : : Help with Hijackware
: : http://aumha.org/a/parasite.htm
: : http://aumha.org/a/quickfix.htm
: : http://mvps.org/winhelp2002/unwanted.htm
: : http://inetexplorer.mvps.org/Darnit.htm
: : http://www.mvps.org/sramesh2k/Malware_Defence.htm
: : http://defendingyourmachine.blogspot.com/
: :
: : --
: : ~Robear Dyer (PA Bear)
: : MS MVP-Windows (Shell, IE/OE) & Security
: :
: : In memory of our dear friend, MVP Alex Nichol (1935-2005)
: : http://www.microsoft.com/windowsxp/expertzone/meetexperts/nichol.mspx
: :
: : Dan wrote:
: : > I just scanned with CounterSpy and it discovered a commercial KeyLogger
: : > in XP PRO. It was called Mini -- something or other but I have never
: : > heard of it. I will now have to change all XP PRO. passwords. Will I
: : > also have to change all my 98SE passwords as well? 98SE is in Fat32
: : > while XP PRO. is in NTFS. Thanks in advance for any replies. I really
: : > appreciate everyone's help. Have a great day!
:
:
 
In
Dan said:
I have had some problems with someone trying to steal my
identity in Tucson Arizona.
Click to expand...


Dan, are you in Tucson, or was the person trying to steal your
identity in Tucson (or both)?
 
I living in Tucson, Arizona. It has been 3 different individuals that have
attempted to steal my identity. I am going out for a haircut so I will post
more about it later. Thanks for any help that you can give me Ken Blake,
MVP. Please e-mail me at (e-mail address removed) -- just remove the
muggle -- mugged to fool automatic e-mail stealers -- :>

: In : Dan <[email protected]> typed:
:
: > I have had some problems with someone trying to steal my
: > identity in Tucson Arizona.
:
:
: Dan, are you in Tucson, or was the person trying to steal your
: identity in Tucson (or both)?
:
: --
: Ken Blake - Microsoft MVP Windows: Shell/User
: Please reply to the newsgroup
:
:
 
First, case at work -- co-worker at Target -- used my employee number and pin
fraudlently -- reported being investigated, 2nd case -- e-mail Yahoo address
used fraudlently reported to FTC spam site as well as Yahoo abuse e-mail
address -- someone trying to gain access to this e-mail account --- 3rd
case --- opened Bank of America mail from Tempe Arizona --- just a contact
person named Vince -- I do not even use him -- reported to Postal Inspecter
as well as Bank of America -- guy named Chris -- since been promoted to
Phoenix branch of Bank of America -- and another banking guy named Neil ---
any of you have any advice that I have not done I would appreciate it

: I living in Tucson, Arizona. It has been 3 different individuals that
have
: attempted to steal my identity. I am going out for a haircut so I will
post
: more about it later. Thanks for any help that you can give me Ken Blake,
: MVP. Please e-mail me at (e-mail address removed) -- just remove the
: muggle -- mugged to fool automatic e-mail stealers -- :>
:
: : : In : : Dan <[email protected]> typed:
: :
: : > I have had some problems with someone trying to steal my
: : > identity in Tucson Arizona.
: :
: :
: : Dan, are you in Tucson, or was the person trying to steal your
: : identity in Tucson (or both)?
: :
: : --
: : Ken Blake - Microsoft MVP Windows: Shell/User
: : Please reply to the newsgroup
: :
: :
:
:
 
Sorry, Jeff Richard, MVP -- I thought someone hear like Gary S. Terhune could
help me since he doesn't visit the XP newsgroup. I will contact Microsoft
when I return from Kansas -- I will be gone for a week on business.

: I am adding the 98 newsgroup for their replies as well. TIA.
:
: : : The Keylogger is Mini Key Log 2.5. (Commercial Key Logger) --- Only
: : CounterSpy is picking it up. Spysweeper, Adaware, Spybot --- Search and
: : Destroy are finding nothing --- CounterSpy is unable to fix it. I have
: : restarted in safe mode in XPPRO and no unknown programs. All programs
seem
: : to be working. May try to download and scan with CounterSpy in 98SE as
: well.
: : I am on a free 15 day trial with CounterSpy on XPPRO and I wonder if
: : CounterSpy put the Keylogger there to encourage me to buy the program.
: This
: : would be really bad! If the Keylogger is indeed there why are no other
: : antispyware utilities picking it up and why can't CounterSpy fully remove
: it.
: : It keeps coming back. What do I do? I am at wits end. Should I scan
with
: : HiJack This and post the log somewhere or does someone have better ideas
: and
: : what forum is best for putting the HiJack This results. Thanks in
advance
: : for any replies.
: :
: : : : : Help with Hijackware
: : : http://aumha.org/a/parasite.htm
: : : http://aumha.org/a/quickfix.htm
: : : http://mvps.org/winhelp2002/unwanted.htm
: : : http://inetexplorer.mvps.org/Darnit.htm
: : : http://www.mvps.org/sramesh2k/Malware_Defence.htm
: : : http://defendingyourmachine.blogspot.com/
: : :
: : : --
: : : ~Robear Dyer (PA Bear)
: : : MS MVP-Windows (Shell, IE/OE) & Security
: : :
: : : In memory of our dear friend, MVP Alex Nichol (1935-2005)
: : : http://www.microsoft.com/windowsxp/expertzone/meetexperts/nichol.mspx
: : :
: : : Dan wrote:
: : : > I just scanned with CounterSpy and it discovered a commercial
KeyLogger
: : : > in XP PRO. It was called Mini -- something or other but I have never
: : : > heard of it. I will now have to change all XP PRO. passwords. Will I
: : : > also have to change all my 98SE passwords as well? 98SE is in Fat32
: : : > while XP PRO. is in NTFS. Thanks in advance for any replies. I
really
: : : > appreciate everyone's help. Have a great day!
: :
: :
:
:
 
Gotcha, thanks and sorry for the intrusion.

: Please don't do this. It's not relevant to Windows 98.
: --
: Jeff Richards
: MS MVP (Windows - Shell/User)
: : >I am adding the 98 newsgroup for their replies as well. TIA.
: >
:
:
 
Dan said:
I am adding the 98 newsgroup for their replies as well. TIA.

: The Keylogger is Mini Key Log 2.5. (Commercial Key Logger) --- Only
: CounterSpy is picking it up. Spysweeper, Adaware, Spybot --- Search and
: Destroy are finding nothing --- CounterSpy is unable to fix it. I have
: restarted in safe mode in XPPRO and no unknown programs. All programs seem
: to be working. May try to download and scan with CounterSpy in 98SE as
well.
: I am on a free 15 day trial with CounterSpy on XPPRO and I wonder if
: CounterSpy put the Keylogger there to encourage me to buy the program.
This
: would be really bad! If the Keylogger is indeed there why are no other
: antispyware utilities picking it up and why can't CounterSpy fully remove
it.
: It keeps coming back. What do I do? I am at wits end. Should I scan with
: HiJack This and post the log somewhere or does someone have better ideas
and
: what forum is best for putting the HiJack This results. Thanks in advance
: for any replies.
:
: : : Help with Hijackware
: : http://aumha.org/a/parasite.htm
: : http://aumha.org/a/quickfix.htm
: : http://mvps.org/winhelp2002/unwanted.htm
: : http://inetexplorer.mvps.org/Darnit.htm
: : http://www.mvps.org/sramesh2k/Malware_Defence.htm
: : http://defendingyourmachine.blogspot.com/
: :
: : --
: : ~Robear Dyer (PA Bear)
: : MS MVP-Windows (Shell, IE/OE) & Security
: :
: : In memory of our dear friend, MVP Alex Nichol (1935-2005)
: : http://www.microsoft.com/windowsxp/expertzone/meetexperts/nichol.mspx
: :
: : Dan wrote:
: : > I just scanned with CounterSpy and it discovered a commercial KeyLogger
: : > in XP PRO. It was called Mini -- something or other but I have never
: : > heard of it. I will now have to change all XP PRO. passwords. Will I
: : > also have to change all my 98SE passwords as well? 98SE is in Fat32
: : > while XP PRO. is in NTFS. Thanks in advance for any replies. I really
: : > appreciate everyone's help. Have a great day!
:
:
Click to expand...
 
Dan

About 2 years ago, I had a similar experience with a free trial spam killer
called iHateSpam from Sunbelt Software, the same guys that make CounterSpy.
iHateSpam was also highly recommended by PC World. I downloaded a free 30
day trial version which seemed to work OK but after about a week, decided it
had slowed my machine noticeably, and was very intrusive so I uninstalled
it. Immediately, I began getting large amounts of spam, far more than I had
been getting prior to the installation of the free trial version of
iHateSpam. My suspicions were similar to what you have expressed. Took me
quite awhile to clean things up. Had to change my personal email address
and use only Hotmail for any on-line activity that required an address.
That's when I went to AdAware, SpyBot S&D, Spyware Blaster and a Host file.
Those programs, together with much tighter spam control from my ISP have
pretty much eliminated spyware and spam problems for me.

I learned an inverse corollary to the old saw about gift horses. In
today's world, ALWAYS look a gift horse in the mouth!
 
LOL, Thanks Bobster! I will fully uninstall the program and now I am tempted
to report CounterSpy to the FTC. <grin and you know I am serious>

: Dan
:
: About 2 years ago, I had a similar experience with a free trial spam killer
: called iHateSpam from Sunbelt Software, the same guys that make CounterSpy.
: iHateSpam was also highly recommended by PC World. I downloaded a free 30
: day trial version which seemed to work OK but after about a week, decided
it
: had slowed my machine noticeably, and was very intrusive so I uninstalled
: it. Immediately, I began getting large amounts of spam, far more than I
had
: been getting prior to the installation of the free trial version of
: iHateSpam. My suspicions were similar to what you have expressed. Took me
: quite awhile to clean things up. Had to change my personal email address
: and use only Hotmail for any on-line activity that required an address.
: That's when I went to AdAware, SpyBot S&D, Spyware Blaster and a Host file.
: Those programs, together with much tighter spam control from my ISP have
: pretty much eliminated spyware and spam problems for me.
:
: I learned an inverse corollary to the old saw about gift horses. In
: today's world, ALWAYS look a gift horse in the mouth!
:
: : > I am adding the 98 newsgroup for their replies as well. TIA.
: >
: > : > : The Keylogger is Mini Key Log 2.5. (Commercial Key Logger) --- Only
: > : CounterSpy is picking it up. Spysweeper, Adaware, Spybot --- Search
and
: > : Destroy are finding nothing --- CounterSpy is unable to fix it. I have
: > : restarted in safe mode in XPPRO and no unknown programs. All programs
: seem
: > : to be working. May try to download and scan with CounterSpy in 98SE as
: > well.
: > : I am on a free 15 day trial with CounterSpy on XPPRO and I wonder if
: > : CounterSpy put the Keylogger there to encourage me to buy the program.
: > This
: > : would be really bad! If the Keylogger is indeed there why are no other
: > : antispyware utilities picking it up and why can't CounterSpy fully
: remove
: > it.
: > : It keeps coming back. What do I do? I am at wits end. Should I scan
: with
: > : HiJack This and post the log somewhere or does someone have better
ideas
: > and
: > : what forum is best for putting the HiJack This results. Thanks in
: advance
: > : for any replies.
: > :
: > : : > : : Help with Hijackware
: > : : http://aumha.org/a/parasite.htm
: > : : http://aumha.org/a/quickfix.htm
: > : : http://mvps.org/winhelp2002/unwanted.htm
: > : : http://inetexplorer.mvps.org/Darnit.htm
: > : : http://www.mvps.org/sramesh2k/Malware_Defence.htm
: > : : http://defendingyourmachine.blogspot.com/
: > : :
: > : : --
: > : : ~Robear Dyer (PA Bear)
: > : : MS MVP-Windows (Shell, IE/OE) & Security
: > : :
: > : : In memory of our dear friend, MVP Alex Nichol (1935-2005)
: > : : http://www.microsoft.com/windowsxp/expertzone/meetexperts/nichol.mspx
: > : :
: > : : Dan wrote:
: > : : > I just scanned with CounterSpy and it discovered a commercial
: KeyLogger
: > : : > in XP PRO. It was called Mini -- something or other but I have
: never
: > : : > heard of it. I will now have to change all XP PRO. passwords. Will
: I
: > : : > also have to change all my 98SE passwords as well? 98SE is in
Fat32
: > : : > while XP PRO. is in NTFS. Thanks in advance for any replies. I
: really
: > : : > appreciate everyone's help. Have a great day!
: > :
: > :
: >
: >
:
:
 
Thanks Bill. I will investigate them all but I think bobster is right in
this case.

: There are a number of forums listed in the links that PA Bear
: listed.
:
: >I am adding the 98 newsgroup for their replies as well. TIA.
: >
: > : > : The Keylogger is Mini Key Log 2.5. (Commercial Key Logger)
:
: > : It keeps coming back. What do I do? I am at wits end. Should I scan
with
: > : HiJack This and post the log somewhere or does someone have better
ideas and
: > : what forum is best for putting the HiJack This results. Thanks in
advance
: > : for any replies.
: > :
: > : : > : : Help with Hijackware
: > : : http://aumha.org/a/parasite.htm
: > : : http://aumha.org/a/quickfix.htm
: > : : http://mvps.org/winhelp2002/unwanted.htm
: > : : http://inetexplorer.mvps.org/Darnit.htm
: > : : http://www.mvps.org/sramesh2k/Malware_Defence.htm
: > : : http://defendingyourmachine.blogspot.com/
: > : :
:
:
:
 
The Keylogger is Mini Key Log 2.5. (Commercial Key Logger) --- Only
CounterSpy is picking it up. Spysweeper, Adaware, Spybot --- Search and
Destroy are finding nothing --- CounterSpy is unable to fix it.
Click to expand...

One way to stop hacking tools being discovered as malware, is to
(mis-)use genuine legitimate commercial software. So malware may drop
the mIRC chat client, remote access tools such as PC Anywhere,
legitimate IDE drivers to secure low-level disk access, etc.

Malware-orientated cleaners won't detect these, but manual tools that
do less "editorializing" should. HiJackThis, Shell Extension Viewer,
ADS Spy and BHO listers all come to mind, but your magic bullet may
turn out to be TDS3, which lists *all* remote access stuff, whether
they are considered trojans or legitimate tools.

Software combat requires you to shed the top level of abstraction;
"intention". Think in terms of what is possible, ignoring the reasons
the software's creators may have had for making these things possible.

--------------- ----- ---- --- -- - - -
Click to expand...
Never turn your back on an installer program
 
Great Advice, Chris. I will keep you all informed of the progress. I am
leaving for Kansas in a few hours so full cleaning will probably have to wait
until I return. I can always start a new thread to let you know if you want
to know because a week is a lot of time in these newsgroups and this thread
will probably be forgotten by then.

message :
: >The Keylogger is Mini Key Log 2.5. (Commercial Key Logger) --- Only
: >CounterSpy is picking it up. Spysweeper, Adaware, Spybot --- Search and
: >Destroy are finding nothing --- CounterSpy is unable to fix it.
:
: One way to stop hacking tools being discovered as malware, is to
: (mis-)use genuine legitimate commercial software. So malware may drop
: the mIRC chat client, remote access tools such as PC Anywhere,
: legitimate IDE drivers to secure low-level disk access, etc.
:
: Malware-orientated cleaners won't detect these, but manual tools that
: do less "editorializing" should. HiJackThis, Shell Extension Viewer,
: ADS Spy and BHO listers all come to mind, but your magic bullet may
: turn out to be TDS3, which lists *all* remote access stuff, whether
: they are considered trojans or legitimate tools.
:
: Software combat requires you to shed the top level of abstraction;
: "intention". Think in terms of what is possible, ignoring the reasons
: the software's creators may have had for making these things possible.
:
:
: >--------------- ----- ---- --- -- - - -
: Never turn your back on an installer program
: >--------------- ----- ---- --- -- - - -
 
Back
Top