Help. KeyLogger Problem

**Thetyim** · 08-05-2006, 01:19 PM

When I run SpyWare Detective it tells me I have a Ghost Key Logger in Windows/prefetch/ntvdm.exe-1a10a423.pf

Ntvdm is the DOS 16bit emulator and should be located in system32 file.

Do I have a problem or not ?

I deleted it 2 days ago and it has reappeared today.

**dirtydog** · 08-05-2006, 01:24 PM

I think you do have a problem, it was probably binded with another program that you downloaded, you then click exe and it sets up the keylogger and the program, you then delete the keylogger but it keeps coming back every time cos it is still binded with another program, all you got to do is find the program it is binded to

**aging one** · 08-05-2006, 01:28 PM

Originally Posted by dirtydog

all you got to do is find the program it is binded to

That does not sound easy at all. Shit how many programs are on a typical computer?

**dirtydog** · 08-05-2006, 01:35 PM

easiest is to check the sizes of the latest programs downloaded and check they aint 40kb bigger or more than they should be.

**danbo** · 08-05-2006, 01:41 PM

This is a good site with loads of info and programs.

http://www.spywareinfo.com/

**Thetyim** · 08-05-2006, 01:59 PM

OK, I have found it.

If I run Ntvdm which is a microsoft application and resides in the system32 folder then it installs a keylogger in the prefetch.

So, what do I do next ?

**dirtydog** · 08-05-2006, 02:02 PM

open up the program in total commander and delete the keylogger bits.

**Thetyim** · 08-05-2006, 04:24 PM

I have downloaded and run two other anti-keyloggers and they have found nothing.

The ntvdm file is 410k.
There is also another copy of it in service pack2 at 410k

Can someone check their version and see if it is also 410k

Thanks

**dirtydog** · 08-05-2006, 05:11 PM

http://process.networktechs.com/ntvdm.exe.php

http://www.auditmypc.com/process/ntvdm.asp

http://www.auditmypc.com/free-spyware-removal.asp

last one should be able to check it

**RDN** · 08-05-2006, 09:01 PM

Originally Posted by Thetyim

I have downloaded and run two other anti-keyloggers and they have found nothing.

The ntvdm file is 410k.
There is also another copy of it in service pack2 at 410k

Can someone check their version and see if it is also 410k

Thanks

**Thetyim** · 08-05-2006, 09:14 PM

Thanks, RDN.
Mine is also 419,840 bytes

So I think my problem is solved now, thanks

**lom** · 08-05-2006, 09:36 PM

Here for reading Thetyim :

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Ad-Aware/Ad-Watch from Lavasoft is the only one I trust.

**Thetyim** · 08-05-2006, 09:52 PM

Thanks IOM.
I already have AdAware, but that doesn't spot keyloggers does it ?

**dirtydog** · 08-05-2006, 10:13 PM

it dont spot binded key loggers

**lom** · 08-05-2006, 10:59 PM

No, Thetyim but if you read the web site you'll find out that there are houndreds of spyware 'detecting' programs on the market only fooling the user.

They all find something which isn't there so you can buy their 'removal' program.
Many of them do a 'Windows security warning' that looks almost like
Microsofts own popup. Sure you really have a keylogger installed ?

**lom** · 08-05-2006, 11:17 PM

Btw, this is what Symantec thinks of Spyware Detective

http://www.symantec.com/avcenter/ven...detective.html

**lom** · 08-05-2006, 11:21 PM

Here's another linky:

http://ca.geocities.com/[email protected]

**Thetyim** · 09-05-2006, 10:07 AM

I don't think that is the same SpyWare Detective as mine.
Mine is part of Advanced System Optimizer from SysTweak Inc

I have been running ASO for about a year and it never found a key logger before.
I have replaced my ntvdm file with a fresh one and everything seems Ok now.

**RDN** · 10-05-2006, 12:08 AM

Originally Posted by Thetyim

I don't think that is the same SpyWare Detective as mine.
Mine is part of Advanced System Optimizer from SysTweak Inc

I have been running ASO for about a year and it never found a key logger before.
I have replaced my ntvdm file with a fresh one and everything seems Ok now.

Is your new NTVDM.exe file the same size as the one you had before - and that I have now?

I actually DO have a keylogger installed. I installed it. It's called "Keylogger Pro" from Panterasoft. It's quite useful for remembering the last 5 MB I've typed. The current log file goes back to October last year.

**Thetyim** · 10-05-2006, 10:04 AM

My NTVDM file is exactly the same size as yours 419840 bytes but is a slighlty smaller size on disk.

I do not know how big the old one was as I deleted quick.

**RDN** · 11-05-2006, 01:28 AM

OK, cheers.

Thread: Help. KeyLogger Problem

Thread Tools

Display

Help. KeyLogger Problem

Thread Information

Users Browsing this Thread

Posting Permissions