Strange Keyloggers daily detected.

[Nikos]

As i stated in other posts i have a dsl modem/router and i have only
enabled port redirection/forwardinf at router's port 80 to the internal
host of mine 10.0.0.1.

I thought it was safe because the only info that could past from my
modem/router to my local pc would be a web page request like www.nikolas.tk

By running several spyware/virus scans i noticed 3-4 different keyloggers
on my computer for example one was names Keyboard Spectator Pro, another
was names Captain Mnemo etc.

My question is how would one could manage to install all these kind of
spywares/keyloggers to my pc the minute that i have a hardware firewall and
the only port forwarding rule i have enabled is

dsl port 80 => 10.0.0.1 that my web server is running on?

Is it possible to inject some kind of spyware/keylogger through a webpage
request?

 

[David H. Lipman]

From: "Nikos" <[email protected]>

| As i stated in other posts i have a dsl modem/router and i have only
| enabled port redirection/forwardinf at router's port 80 to the internal
| host of mine 10.0.0.1.
|
| I thought it was safe because the only info that could past from my
| modem/router to my local pc would be a web page request like www.nikolas.tk
|
| By running several spyware/virus scans i noticed 3-4 different keyloggers
| on my computer for example one was names Keyboard Spectator Pro, another
| was names Captain Mnemo etc.
|
| My question is how would one could manage to install all these kind of
| spywares/keyloggers to my pc the minute that i have a hardware firewall and
| the only port forwarding rule i have enabled is
|
| dsl port 80 => 10.0.0.1 that my web server is running on?
|
| Is it possible to inject some kind of spyware/keylogger through a webpage
| request?
|
| --
| What is now proved was once only imagined!

They are not viruses, they are Trojans. They did not spread to your PC via TCP Port 80.

An action you made cause the Trojans to be installed on your computer.

You installed mischievous software, went to a malicious web site, etc and that caused the
Trojan to be installed.

 

[Nikos]

From: "Nikos" <[email protected]>

| As i stated in other posts i have a dsl modem/router and i have only
| enabled port redirection/forwardinf at router's port 80 to the internal
| host of mine 10.0.0.1.
|
| I thought it was safe because the only info that could past from my
| modem/router to my local pc would be a web page request like www.nikolas.tk
|
| By running several spyware/virus scans i noticed 3-4 different keyloggers
| on my computer for example one was names Keyboard Spectator Pro, another
| was names Captain Mnemo etc.
|
| My question is how would one could manage to install all these kind of
| spywares/keyloggers to my pc the minute that i have a hardware firewall and
| the only port forwarding rule i have enabled is
|
| dsl port 80 => 10.0.0.1 that my web server is running on?
|
| Is it possible to inject some kind of spyware/keylogger through a webpage
| request?
|
| --
| What is now proved was once only imagined!

They are not viruses, they are Trojans. They did not spread to your PC via TCP Port 80.

An action you made cause the Trojans to be installed on your computer.

You installed mischievous software, went to a malicious web site, etc and that caused the
Trojan to be installed.

Today i also got this Nod32 Alert:

http://10.0.0.138/upnp/control/wancic

probably a variant of bAT/KillFiles trojan

10.0.0.28 is dsl modem/router internal ip address.

i dont understand the rest neither how did i got infected with that.

As for the first question SpySweeper detected 4 different keyloggers.

One of that was Captain Mnemo and KGB keylogger.

How dod i got infected with those at the minute that real time monitor
scan is enabled from both Nod32 v2.5.19 and Spysweeper v4?

 

[David H. Lipman]

From: "Nikos" <[email protected]>

|>> As i stated in other posts i have a dsl modem/router and i have only
|>> enabled port redirection/forwardinf at router's port 80 to the internal
|>> host of mine 10.0.0.1.
|>>
|>> I thought it was safe because the only info that could past from my
|>> modem/router to my local pc would be a web page request like www.nikolas.tk
|>>
|>> By running several spyware/virus scans i noticed 3-4 different keyloggers
|>> on my computer for example one was names Keyboard Spectator Pro, another
|>> was names Captain Mnemo etc.
|>>
|>> My question is how would one could manage to install all these kind of
|>> spywares/keyloggers to my pc the minute that i have a hardware firewall and
|>> the only port forwarding rule i have enabled is
|>>
|>> dsl port 80 => 10.0.0.1 that my web server is running on?
|>>
|>> Is it possible to inject some kind of spyware/keylogger through a webpage
|>> request?
|>>
|>> --
|>> What is now proved was once only imagined!| Today i also got this Nod32 Alert:
|
| http://10.0.0.138/upnp/control/wancic
|
| probably a variant of bAT/KillFiles trojan
|
| 10.0.0.28 is dsl modem/router internal ip address.
|
| i dont understand the rest neither how did i got infected with that.
|
| As for the first question SpySweeper detected 4 different keyloggers.
|
| One of that was Captain Mnemo and KGB keylogger.
|
| How dod i got infected with those at the minute that real time monitor
| scan is enabled from both Nod32 v2.5.19 and Spysweeper v4?
|
| --
| What is now proved was once only imagined!

It could just be a simple uPnP Control Message communicating with a upnp compliant Router.

Do you have WinME and/or WinXP computers on the SOHO LAN ?

 

[Nikos]

From: "Nikos" <[email protected]>


|>> As i stated in other posts i have a dsl modem/router and i have only
|>> enabled port redirection/forwardinf at router's port 80 to the internal
|>> host of mine 10.0.0.1.
|>>
|>> I thought it was safe because the only info that could past from my
|>> modem/router to my local pc would be a web page request like www.nikolas.tk
|>>
|>> By running several spyware/virus scans i noticed 3-4 different keyloggers
|>> on my computer for example one was names Keyboard Spectator Pro, another
|>> was names Captain Mnemo etc.
|>>
|>> My question is how would one could manage to install all these kind of
|>> spywares/keyloggers to my pc the minute that i have a hardware firewall and
|>> the only port forwarding rule i have enabled is
|>>
|>> dsl port 80 => 10.0.0.1 that my web server is running on?
|>>
|>> Is it possible to inject some kind of spyware/keylogger through a webpage
|>> request?
|>>
|>> --
|>> What is now proved was once only imagined!


| Today i also got this Nod32 Alert:
|
| http://10.0.0.138/upnp/control/wancic
|
| probably a variant of bAT/KillFiles trojan
|
| 10.0.0.28 is dsl modem/router internal ip address.
|
| i dont understand the rest neither how did i got infected with that.
|
| As for the first question SpySweeper detected 4 different keyloggers.
|
| One of that was Captain Mnemo and KGB keylogger.
|
| How dod i got infected with those at the minute that real time monitor
| scan is enabled from both Nod32 v2.5.19 and Spysweeper v4?
|
| --
| What is now proved was once only imagined!

It could just be a simple uPnP Control Message communicating with a upnp compliant Router.

Do you have WinME and/or WinXP computers on the SOHO LAN ?

Yes iam currently running WinXP SP2.
I dont have a lan, i only have 1 pc.
What is soho btw?

 

[David H. Lipman]

From: "Nikos" <[email protected]>


| Yes iam currently running WinXP SP2.
| I dont have a lan, i only have 1 pc.
| What is soho btw?
|
| --
| What is now proved was once only imagined!

SOHO -- Small Office Home Office

You most likely have uPnP enabled on your WinXP PC.