The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.
Lovefly.dll and Smart.dll
Mugenmidget
Registered User regular
Registered User regular
On one of our computers somebody apparently has managed to install these keyloggers. I can't get a good idea of how but from Google searching it might look like it's caused by an older version of the Flash Player still being installed. I've since updated but I had a few questions:
1) Everything I read talks about these being keyloggers for World of Warcraft and Final Fantasy XI, but they could be capturing almost anything that heads their way. Should I be worried about the security of my other passwords? I can't speak for anyone else who has used this PC but I'm positive that I have at least logged into two different websites while those DLLs were still hooked into Winlogon.exe.
2) Is getting rid of those DLLs enough? I'm still running full scans and everything seems to be okay but I wondered if anyone had prior experience with these two DLLs.
3) I heard from my brother that there was a "blue screen of death" from earlier today, I would think that's related to the installation of these trojans. Is that typical behavior? I'm just trying to gauge when they arrived, I'm hoping it's not the "modified by" date of the DLLs (which indicates around July 2008).
Thanks for any and all help with this issue.
1) Everything I read talks about these being keyloggers for World of Warcraft and Final Fantasy XI, but they could be capturing almost anything that heads their way. Should I be worried about the security of my other passwords? I can't speak for anyone else who has used this PC but I'm positive that I have at least logged into two different websites while those DLLs were still hooked into Winlogon.exe.
2) Is getting rid of those DLLs enough? I'm still running full scans and everything seems to be okay but I wondered if anyone had prior experience with these two DLLs.
3) I heard from my brother that there was a "blue screen of death" from earlier today, I would think that's related to the installation of these trojans. Is that typical behavior? I'm just trying to gauge when they arrived, I'm hoping it's not the "modified by" date of the DLLs (which indicates around July 2008).
Thanks for any and all help with this issue.
Mugenmidget on
0
Posts
1) Yes. Change your passwords from a known-good OS, like a Live Linux CD.
2) If you only deleted them the conventional way, I'd wager they're hiding elsewhere. Orbital nuke is the best way to be sure (total format, scan it from a Live linux CD)
3) Probably related to them installing, or forcing a bluescreen so that they could capture any other passwords you'd have to reenter on boot.
Can trade TF2 items or whatever else you're interested in. PM me.