F’ing Keyloggers

I still don’t know how but I got a keylogger malware on my computer. Apparently I’ve had “HellzLittleSpy” on my computer for maybe 2 weeks. Grr! So I’m off to change all my passwords and crap. Maybe I’ll still have to reinstall Windows too.

I noticed that every evening around 7 or 8pm my computer got wonky. iexplore.exe would start and consume a lot of CPU (20-80%) for minutes at a time. I couldn’t “kill/end process” iexplore.exe but I could “end process tree” it. But it would restart in a few seconds.

Then my computer talked to me. A couple nights ago it said something in Japanese with an announcers voice. Last night there was a 5 second clip that sounded like a porn movie. First a few seconds of modern but cheesy “ba dum dum dum” on a Casio and then some “Oo, ahh!” noises. I went away from my computer for a few minutes last night and this website was showing in my browser: http://sms.7988.net/goto?q=qm&company=9ying&9vuid=53662

To test a theory, I uninstalled Vuze/Azureus last night and my computer flipped out. Now I can only boot in safe mode. I ran Spybot in safe mode and it found HellzLittleSpy. I had previously run Spybot but it hadn’t detected the malware.

Update: Spybot also found the following that is a keylogger. :-(

{F03BDE84-4DB2-4DAB-B350-B07E6B918021} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\Program Files\Internet Explorer\
Long name: JvtnNt64.987
Short name:
Date (created): 12/9/2008 8:54:18 AM
Date (last access): 12/9/2008 11:01:10 AM
Date (last write): 12/9/2008 8:54:18 AM
Filesize: 49789
Attributes: hidden sysfile archive
MD5: 8D596C51291946C6D0AFAB926C21F801
CRC32: 02B3C9BE

Leave a Comment

Do not write "http://" or "https://" in your comment, it will be blocked. It may take a few days for me to manually approve your first comment.