d11.exe, ldr.exe, hooks.dll (say what?)

"ldr.exe" and "dl11.exe", as well as "hooks.dll"

the ldr.exe program keeps showing up, i delete it, it comes back, we play our game. it just shows up in my C:\

i feel like it's spyware, but adaware and spybot don't seem to be bothered by it.

anything?

 

Looks like you have a Keylogger on your PC, what seems to work for me on occasions where Ad-aware & Spybot fail, is to 1) boot in safe mode or better still from a clean boot-disk (turn off System Restore first if you use XP), 2) back-up the registry (in case it all goes wrong) and then 3) delete all virus related registry keys (e.g. anything that makes reference to the offending dll or program) using Regedit. The more devious trojans need to be deleted after changing the name of the registry key folder so they can't re-install themselves, AppInit_dlls are often used in trojans as they function as 'invisible processes' and don't appear in the task or application lists.

check the following:


hooks.dll definition, relationships, removal
[size=-1]... Hooks.dll definition, relationships, removal: hooks.dll definition hooks.dll
description: File hooks.dll is related to keylogger Keycorder. ...
www.2-spyware.com/file-hooks-dll.html - 18k - Cached - Similar pages[/size]

Remove Keycorder, removal instructions
[size=-1]... Full Name: Keycorder Related files:archlib.dll, datalib.dll, hooks.dll,
keycord1.exe, keycorder.exe, reslib.dll, syslib.dll, uilib.dll Severity scale: ( ...
www.2-spyware.com/remove-keycorder.html - 21k - Cached - Similar pages
[ More results from www.2-spyware.com ][/size]

​

eTrust PestPatrol Pest Encyclopedia - Keycorder 1.0
[size=-1]... archlib.dll datalib.dll hooks.dll reslib.dll syslib.dll uilib.dll. ... archlib.dll
datalib.dll hooks.dll keycord1.exe keycorder.exe reslib.dll syslib.dll uilib.dll. ...
www.pestpatrol.com/PestInfo/k/keycorder_1_0.asp - 24k - Cached - Similar pages[/size]


Regards
ZS

 

somebody sure is spying on ya hehe

 

ran some Hijack This on it:

Logfile of HijackThis v1.97.7
Scan saved at 9:38:47 PM, on 10/18/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\ZoneAlarm\zonealarm.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Microsoft Office\Office\excel.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HGTXPEI] C:\WINDOWS\System32\FirstReboot.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\popupkiller.EXE
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - Startup: Task Manager.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\ZoneAlarm\zonealarm.exe
O9 - Extra button: Corel Network monitor worker (HKLM)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Corel Network monitor worker (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker (HKCU)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094514532500
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

Try Spycop, this program scans for keyloggers.


ZS