Keylogger wtf

Axeoo7 · Post by **Axeoo7** » Sun Dec 03, 2006 7:30 pm

deleted it found it at C:\WINDOWS\jun6002.exe

I was setting up my firewall norton internet security configuring each programs access to the internet. I came accross this file so i googled it and found out it is a keylogger.

Not sure what to do now i deleted it running every scan know to man on my comp.

Is there anyway of finding out where it came from or if there is a way of completly removing it from my comp.

iGod · Post by **iGod** » Sun Dec 03, 2006 7:41 pm

It's a part of a nasty piece of spyware that logs keystrokes, takes screen shots and observes program use hmmm...

Try scanning your pc again with adaware/avast/avg

heres the info

http://securityresponse.symantec.com/av ... rveil.html

heres the file locations, delete it all if u see it

# %ProgramFiles%\ODSP\banner.htm
# %ProgramFiles%\ODSP\banner.JPG
# %ProgramFiles%\ODSP\BLOWFISH.DLL
# %ProgramFiles%\ODSP\buy.htm
# %ProgramFiles%\ODSP\cximage.dll
# %ProgramFiles%\ODSP\Encrypt.dll
# %ProgramFiles%\ODSP\flash.exe
# %ProgramFiles%\ODSP\help.htm
# %ProgramFiles%\ODSP\htmluser.htm
# %ProgramFiles%\ODSP\htmlview.htm
# %ProgramFiles%\ODSP\irunin.bmp
# %ProgramFiles%\ODSP\irunin.dat
# %ProgramFiles%\ODSP\irunin.lgn
# %ProgramFiles%\ODSP\killproc.exe
# %ProgramFiles%\ODSP\MessageBox.exe
# %ProgramFiles%\ODSP\mfc42.dll
# %ProgramFiles%\ODSP\ODSP.dat
# %ProgramFiles%\ODSP\odsp.sf6
# %ProgramFiles%\ODSP\ODSPConfig.exe
# %ProgramFiles%\ODSP\ODSPHost.dll
# %ProgramFiles%\ODSP\ODSPHost_NT.exe
# %ProgramFiles%\ODSP\ODSPlay.exe
# %ProgramFiles%\ODSP\restart.bat
# %ProgramFiles%\ODSP\Utility.dll
# %ProgramFiles%\ODSP\welcome.exe
# %ProgramFiles%\ODSP\XT1931Lib.dll
# %Windir%\iun6002.exe
# %Windir%\otnsdd32.dat
# Additional log files in %ProgramFiles%\ODSP\Logs
# Additional profiles in %ProgramFiles%\ODSP\Profiles

registry keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ODSP 6.0.2
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ODSP Host
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ODSP_HOST
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ODSP Host
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_ODSP_HOST

and adds the value "ODSPConfig"="%ProgramFiles%\ODSP\ODSPConfig.exe" to the reg. key

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

so delete it all and you're spy-free, free of that piece of spyware though

oh and here some more info >.>

Type: Spyware
Name: Desktop Surveillance Personal
Version: 6.0.3
Publisher: Omniquad
Risk Impact: High
File Names: flash.exe; MessageBox.exe; ODSPConfig.exe; ODSPHost.dll; ODSPHost_NT.exe; ODSPlay.exe; utility.dll; welcome.exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

Black_Mamba · Post by **Black_Mamba** » Sun Dec 03, 2006 7:47 pm

They usually come from using bot programs so to prevent your account being stolen, always be sure to play the proper way.

Axeoo7 · Post by **Axeoo7** » Sun Dec 03, 2006 7:53 pm

Black_Mamba wrote:They usually come from using bot programs so to prevent your account being stolen, always be sure to play the proper way.

no ive never botted or had any bot program on my computer it might not even be sro related.

EDIT ----

Thanks Igod ive searched for those files didnt find any of them. Found one of those reg keys inside a folder called 180 search assistant which i know is a spyware i had in the past lavasoft adware detected this months ago but it seems like it didnt clean it out completely.

iGod · Post by **iGod** » Sun Dec 03, 2006 8:03 pm

oh.... and try too look for something related to that "Desktop Surveillance Personal" in your registry folder

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/Current Version/Uninstall, i don't know the exact key but there might be something related to that there, and also check out for 180 search there too, thats the reg. folder where uninstall notes are placed, u can manually uninstall programs from there...

ok im glad i helped

Drachenklaue · Post by **Drachenklaue** » Mon Dec 04, 2006 11:04 am

You didn't use any auto-login, did you?

iGod · Post by **iGod** » Mon Dec 04, 2006 11:07 am

maybe his parent/himself installed Desktop Surveillance Personal thinking they would see where the pc is going around on the net... thats a keylogger that u intentionally install to spy on the pcs activities...

ping_lo · Post by **ping_lo** » Mon Dec 04, 2006 7:58 pm

It's as simple as saying this. He uses Internet Exploder. That is where it came from.

IguanaRampage · Post by **IguanaRampage** » Mon Dec 04, 2006 10:18 pm

ping_lo wrote:It's as simple as saying this. He uses Internet Exploder. That is where it came from.

lol

iGod · Post by **iGod** » Tue Dec 05, 2006 12:36 am

It's a program. A kind of program u need to install willingly.

ping_lo · Post by **ping_lo** » Tue Dec 05, 2006 3:17 am

iGod wrote:It's a program. A kind of program u need to install willingly.

Don't be so sure. I know people that are well known to this forum that got loggers installed on their sys and their char temporarily jacked all from just looking at some web pages in IE. No browser is perfect. Lynx though is probably the most secure. While IE is the least secure in general use. Firefox or opera are nice middle of the road browsers. I recommend either one highly over any version of IE even the latest version as of this time which is 7.

Nuklear · Post by **Nuklear** » Tue Dec 05, 2006 3:40 am

And here is a virus recommendation thread.

http://www.silkroadforums.com/viewtopic.php?t=22105