Silkroad Online Forums

Free Forums for Silkroad Online players.
https://dev.silkroadforums.com/

Keylogger wtf

https://dev.silkroadforums.com/viewtopic.php?f=2&t=22527

Page 1 of 1

Keylogger wtf

Posted: Sun Dec 03, 2006 7:30 pm
by Axeoo7
:shock: deleted it found it at C:\WINDOWS\jun6002.exe

I was setting up my firewall norton internet security configuring each programs access to the internet. I came accross this file so i googled it and found out it is a keylogger.

Not sure what to do now i deleted it running every scan know to man on my comp.

Is there anyway of finding out where it came from or if there is a way of completly removing it from my comp.

Posted: Sun Dec 03, 2006 7:41 pm
by iGod
It's a part of a nasty piece of spyware that logs keystrokes, takes screen shots and observes program use hmmm...

Try scanning your pc again with adaware/avast/avg

heres the info

http://securityresponse.symantec.com/av ... rveil.html

heres the file locations, delete it all if u see it

# %ProgramFiles%\ODSP\banner.htm
# %ProgramFiles%\ODSP\banner.JPG
# %ProgramFiles%\ODSP\BLOWFISH.DLL
# %ProgramFiles%\ODSP\buy.htm
# %ProgramFiles%\ODSP\cximage.dll
# %ProgramFiles%\ODSP\Encrypt.dll
# %ProgramFiles%\ODSP\flash.exe
# %ProgramFiles%\ODSP\help.htm
# %ProgramFiles%\ODSP\htmluser.htm
# %ProgramFiles%\ODSP\htmlview.htm
# %ProgramFiles%\ODSP\irunin.bmp
# %ProgramFiles%\ODSP\irunin.dat
# %ProgramFiles%\ODSP\irunin.lgn
# %ProgramFiles%\ODSP\killproc.exe
# %ProgramFiles%\ODSP\MessageBox.exe
# %ProgramFiles%\ODSP\mfc42.dll
# %ProgramFiles%\ODSP\ODSP.dat
# %ProgramFiles%\ODSP\odsp.sf6
# %ProgramFiles%\ODSP\ODSPConfig.exe
# %ProgramFiles%\ODSP\ODSPHost.dll
# %ProgramFiles%\ODSP\ODSPHost_NT.exe
# %ProgramFiles%\ODSP\ODSPlay.exe
# %ProgramFiles%\ODSP\restart.bat
# %ProgramFiles%\ODSP\Utility.dll
# %ProgramFiles%\ODSP\welcome.exe
# %ProgramFiles%\ODSP\XT1931Lib.dll
# %Windir%\iun6002.exe
# %Windir%\otnsdd32.dat
# Additional log files in %ProgramFiles%\ODSP\Logs
# Additional profiles in %ProgramFiles%\ODSP\Profiles

registry keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ODSP 6.0.2
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ODSP Host
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ODSP_HOST
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ODSP Host
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_ODSP_HOST

and adds the value "ODSPConfig"="%ProgramFiles%\ODSP\ODSPConfig.exe" to the reg. key

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

so delete it all and you're spy-free, free of that piece of spyware though :P

oh and here some more info >.>

Type: Spyware
Name: Desktop Surveillance Personal
Version: 6.0.3
Publisher: Omniquad
Risk Impact: High
File Names: flash.exe; MessageBox.exe; ODSPConfig.exe; ODSPHost.dll; ODSPHost_NT.exe; ODSPlay.exe; utility.dll; welcome.exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

Posted: Sun Dec 03, 2006 7:47 pm
by Black_Mamba
They usually come from using bot programs so to prevent your account being stolen, always be sure to play the proper way.

Posted: Sun Dec 03, 2006 7:53 pm
by Axeoo7
Black_Mamba wrote:They usually come from using bot programs so to prevent your account being stolen, always be sure to play the proper way.


no ive never botted or had any bot program on my computer it might not even be sro related.

EDIT ----

Thanks Igod ive searched for those files didnt find any of them. Found one of those reg keys inside a folder called 180 search assistant which i know is a spyware i had in the past lavasoft adware detected this months ago but it seems like it didnt clean it out completely.

Posted: Sun Dec 03, 2006 8:03 pm
by iGod
oh.... and try too look for something related to that "Desktop Surveillance Personal" in your registry folder

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/Current Version/Uninstall, i don't know the exact key but there might be something related to that there, and also check out for 180 search there too, thats the reg. folder where uninstall notes are placed, u can manually uninstall programs from there... :D ok im glad i helped

Posted: Mon Dec 04, 2006 11:04 am
by Drachenklaue
You didn't use any auto-login, did you?

Posted: Mon Dec 04, 2006 11:07 am
by iGod
maybe his parent/himself installed Desktop Surveillance Personal thinking they would see where the pc is going around on the net... thats a keylogger that u intentionally install to spy on the pcs activities...

Posted: Mon Dec 04, 2006 7:58 pm
by ping_lo
It's as simple as saying this. He uses Internet Exploder. That is where it came from.

Posted: Mon Dec 04, 2006 10:18 pm
by IguanaRampage
ping_lo wrote:It's as simple as saying this. He uses Internet Exploder. That is where it came from.

lol

Posted: Tue Dec 05, 2006 12:36 am
by iGod
It's a program. A kind of program u need to install willingly.

Posted: Tue Dec 05, 2006 3:17 am
by ping_lo
iGod wrote:It's a program. A kind of program u need to install willingly.


Don't be so sure. I know people that are well known to this forum that got loggers installed on their sys and their char temporarily jacked all from just looking at some web pages in IE. No browser is perfect. Lynx though is probably the most secure. While IE is the least secure in general use. Firefox or opera are nice middle of the road browsers. I recommend either one highly over any version of IE even the latest version as of this time which is 7.

Posted: Tue Dec 05, 2006 3:40 am
by Nuklear
And here is a virus recommendation thread.

http://www.silkroadforums.com/viewtopic.php?t=22105
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited