Has anyone heard of this?

Ouch! Last evening when running Webroot's spyware program (forgot what-it's-called) it detected a spyware "Amecisco Keylogger", and gave a description that it was a stealth spyware that records keystrokes.

So I went to run the procedure to quarantine and remove, but when I do the Webroot software says "skipping step 2", which is the important quarantine part. So the software is detecting it, but not letting me remove it!

My question is, why is this happening, and any ideas how I got it in the first place? I don't open email attachments, and my wife only knows how to open Solitaire...

Ouch!

I will look this up. Lots of malware blocks anti-virus and removal programs, so I will see if I can find something to get it.

You may want to try removing it in 'safe mode', but I don't know if that will help...it might though.

For now, delete all your MRU - Most Recently used documents - and never type in any credit card info etc. till this is gone!

I will be back.

Here you go! Pest Patrol:
http://www.pestpatrol.com/PestInfo/a/amecisco_invisible_keylogger_stealth_1_2.asp

If you need help understanding something, let us know. :O)

That is an older program, been around since 2000.
wen has compiled a great list of tools and sites here:
http://www.webproworld.com/viewtopic.php?t=22803

Including an anti-keylogger tool (http://www.styopkin.com/keylogger_hunter.html)

But you should probably start with
HijackThis (http://www.spychecker.com/download/download_hijackthis.html)
(direct download link)
I don't know if the CT tutorial is up yet (a site I know about which I cannot divulge untill it is ready) but here is one for using HijackThis on Tom Coyote's site (http://tomcoyote.org/hjt/)

Also check out the Spybot Search and Destroy and Adaware links on wen's list.

I forgot to say 'thank you'.

Better late than never?

It is 'pop', not 'soda', 'pop'.

When/if you run hjt look for: tmpdelis.bat. Spybot and/or Ad-aware should detect and remove it considering keyloggers are malware - sneaky, stealthy malware.

If you want to know more about you Amecisco Keylogger:


Invisible KeyLogger Stealth for Windows 2000/XP is a standard security auditing tool for network administrators and concerned parents.

The heart of IKS is a high-performance Win2K/XP kernel-mode driver which runs silently at the lowest level of Windows 2000/XP operating system. You will never find it's there except for the growing binary keystroke log file with your input of keystrokes. All keystrokes are recorded, including the alt-ctrl-del trusted logon and keystrokes into a DOS box or Java chat room.

In addition to a flexible and friendly keystroke log viewer, IKS is extremely configurable. We provide an easy-to-use install utility. You can rename the program file, and specify the name and the path of the log file. You only need to copy one file onto the target computer for the logging to take place.

There is almost no way for the program to be discovered once the program file and the log file are renamed by the install utility. An exhaustive hard drive search won't turn up anything. And the running process won't show up anywhere.

For companies and government agencies, we even provide a Custom Compile Edition of the program to ensure that nobody will be able to discover the IKS even thru a custom-made binary "signature" scanning program.


Good luck! If you have any problems post your hjt log in here.

P.S. The CT HJT Tutorial is currently on hold until I can get the computer it is stored on back up and running. I do so love a good challenge ;)

wen, you wrote
P.S. The CT HJT Tutorial is currently on hold until I can get the computer it is stored on back up and running. I do so love a good challenge ;)
Anyone who dedicates themselves to security like you must love a challenge ;]

I keep planning to make a back-up computer out of all the P1 and P2 around here, but probably will wait until it is to late LOL

uh oh, hope my concerned parents aren't watching my activities. Boy are they in for a shock.

And yes, it's pop.

Time to check the logs...

In hindsight I thought my recent post should have also said, "Just kidding..."

But I was serious about being grateful for the tip, both of you.