I did everything that you suggested and attached the log made by combofix.
Junior Member
I did everything that you suggested and attached the log made by combofix.
Administrator
Hi Nicolette,
Your computer has some nasties on there for sure. ComboFix did remove a a commercial spy/keylog program
These entries indicate that;
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
Here is an explanation of what this is;
Programs designed to monitor user activity. May be used with or without consent. Because it is sold commercially, many anti-virus vendors do not detect them. The most common form of a commercial monitoring tool comes in the form of a keystroke logger, which intercepts keystrokes from the keyboard and records them in a log. This can then be sent to whoever installed the software, or keylogger, onto the machine. Some Commercial Monitoring Software may take screenshots, or video and send the information to an outbound connection.
AceSpy monitors PCs by taking screenshots, keeping key logs, including chats, e-mails, web sites visited, searches performed, and more. AceSpy is completely hidden to the PC user, and the installer can have reports sent directly to their e-mail address. Keywords that specified by the installer trigger the program to send the installer instant alerts. Also the installer can set keywords to close a web browser if it encounters any of the listed words.
I am sorry to say but one would assume that somebody has pruposely installed this on your computer since it is a program which must be purchased in order to install it and use it.From their website:
"AceSpy is PC spy software for home or office use. Secretly see everything your spouse, child or employee does online. Instantly forward their emails and chats to your email address. Block web sites by keywords or site addresses. Get an hourly report email containing everything they do."
Please run the ESET NOD32 Online Scanner again and attach the ScanLog with your post for assistance.
-- You will need to use Internet Explorer to to complete this scan.
-- You will need to temporarily Disable your current Anti-virus program.
-- Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
When you have completed that scan, a scanlog ought to have been created and located at C:\\Program Files\\EsetOnlineScanner\\log.txt. Please post that log for us.
Judy
Junior Member
Hi Judy,
Thanks--I am not sure about the AceSpy. I know I didn't download and buy it. The only people using this computer are me and my husband. My husband is more computer illiterate than I am and says he didn't do that either. Some random people that have visited our home have used our pc. If someone is paying to see what is done on this computer, their money is not well spent because we do pretty boring things on the computer like use it for work.
I did the eset online scanner again and attached the results. I attached 2 results because there were 2 logs in the folder and wasn't sure which one to choose.
Thanks,
Nicolette
Administrator
Ok Nicolette, one thing you have to do concerning the AceSpy program is make sure it is gone so you need to search for it this way;
Double Click My Computer.
Then Double Click "C" Drive.
Then go to the Windows Folder, double click to open.
Then to the system32 folder, double click to open.
Then look for an Acer folder. If you find one, delete it all the way out.
Next go back to the ESET Online Scanner
and run it again, but this time Be sure the option to Remove found threats is checked. Because this time we want it to remove the Win32/Adware.Mirar that was found on the previous scan and the option to Scan unwanted applications is Checked.
When you have completed that scan, a scanlog ought to have been created and located at C:\\Program Files\\EsetOnlineScanner\\log.txt. Please post that log for us.
Also please run a new HJT scan and post that new log along with the ESET log in your next post.
Junior Member
Hi Judy,
I deleted the requested folder. It was called AceSpy and then I emptied my recycle bin.
I also did the ESET scan and attached files and another HJT scan and attached the file.
Thanks so much!
Nicolette
Administrator
Nicolette, am questioning another program here before I give you more steps...it is called GoToMyPc...do you know what this is and did you install it yourself? It IS a legitimate program which allows remote access of your computer by another OR remote access of another computer by you. I am questioning this because it has been known to have security issues and because of the fact that the AceSpy program was found to be on your computer...and you say neither you nor your husband knows how it got there, this is why I am suspicious of this other program also.
Junior Member
Hi Judy,
I personally installed gotomypc probably 3 years ago? In addition to working for directv, I also do consultant work for a company located in another state. I used to work there myself, but then had to move and they kept me on their payroll and I can access their databases and so forth thru gotomypc.
I wasn't aware of the security issues. They used to use pc anywhere and then transitioned to the gotomypc because of known security issues.
Thanks,
Nicolette
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote