|
-
June 9th, 2004, 02:41 AM
#1
Systemie.exe
So I'm surfing away last night when suddenly I start getting pops from NAV.
i imediately close all IE windows and respond accordingly to the NAV pop ups.
Disconnect and do a search for all files create in the last 1 day.
Bingo some suspicious looking files in C:\Windows\System:
systemie.exe
sysie.dll
systemie.dll
systemie.dat
and another .exe file in C:\
look through the registry for systemie and sysie and find some hits at:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D1228C9-F556-4158-BC0B-D3FF4F3F3E1B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ ShellServiceObjectDelayLoad\"systemie"=
Ran Adaware and it didn't pick up anything.
Deleted registry entries, rebooted into Win98 - was in WinMe and deleted the 5 files from Win98.
Rebooted into WinMe all apears ago.
Haven't run NAV as yet but would be curious to know what I was hit by ?
Last edited by Nix; June 9th, 2004 at 02:50 AM.
-
June 9th, 2004, 02:53 AM
#2
According to Wilders Security Forums This is a Keylogger and that information could have been transmitted to someone.
More info
-
June 9th, 2004, 03:10 AM
#3
Hmm thanks.
Lucky I deleted the reg entries and the files via Win98 before rebooting WinMe again.
Will run a NAV FSS tonight to see if it pick anything up.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
