View Single Post
06 Nov 2011  

MS Windows 7 Home Premium SP1 64-bit (Family Pack Lic.) Upgrade

yes there would be the volume id, drive name (which it must be unnamed) then a long search before in your case coming up empty the file appears to not be present. I did a bit of research and i was correct that no win7 system files have that name, only that "tech tool" by sys internals which i am sure you do not have and the similarly named ssync.exe. There is however, depending on the source a keylogger type malware, as well as a spyware type of program that watches your browsing habits and sends whatever they see fit to their server for analysis/or sale. Both are harmful from a security standpoint, but the file has no virus/worm/rootkit type of behavior (and any file could have introduced it to your system from mira or any similar torrents, I recommend not using such apps, although the decision is personal, just be fully aware of the risk, and make your own judgment call, no one can stop you is basically what I'm saying, but the risks far outweight the benefits, unless your uber-rich!

I was expecting to see a keylogger since they can be poorly written and cause issues including ones like you have (I just don't get why the KB is just as flawed in BIOS setup, without a hardware issue.

Do you have the original install disc(s) or did you make system restore discs to be able to reinstall windows?

if so, that might be your best option, a full wipe and reinstall (after copying your important files to another storage medium)

I'll look it up and see what I can learn about its specifics, I know it (apparently trys unsuccessfully) to load the file a boot time, executing a process which changes a few registry keys to be sure it loads at startup again, then transmits some sort of data to a server out there! I guess windows defender does have a startup program checker/disabler as part of its mini tool suite (the gear shaped icon) You could look for the sync.exe file there and if removed/disabled the registry entry will not reload it at each boot-time.

hopefully you have the discs at least as a safety-net if nothing else. I'll see what i can dig up and get back with you tommo....well today, since it is 4:57am here. If I come up empty or unsure, I'll ask one of the security experts, probably will either way. Just be careful just incase it does log your typing not to volunteer private info, or run much in the meantime!

I wish i could do more, but we'll see tomorrow.


(oh and the name of one of the malware is "AdShooter.SearchForIt" the other potential one i don't have a name for yet)

EDIT: even a old fashion hijack this log would likely locate this type of beast
My System SpecsSystem Spec