New
#21
What exactly told you that you had a keylogger?
If you want to try the AHCI setting using the method VistaKing linked in Post #2, I'd save a Win7 backup image externally first. Backup Complete Computer - Create an Image Backup
What exactly told you that you had a keylogger?
If you want to try the AHCI setting using the method VistaKing linked in Post #2, I'd save a Win7 backup image externally first. Backup Complete Computer - Create an Image Backup
Amingst,
We need to rule out the possibility of a TDSS Rootkit that hides by infecting a system driver, like atapi.sys, or, iastor.sys.
Please download TDSSKiller.zip:
http://www.bleepingcomputer.com/download/tdsskiller/
Right-click the program and select: Extract to tdsskiller\
You will see a TDSSKiller folder found on your Desktop.
Open the folder, and double-click the TDSSKiller application.
When the TDSSKiller console opens, click on: Change Parameters
Under Additional Options, place a check in the box next to: Detect TDLFS File System
Click: OK
Press: Start Scan
If a suspicious object is detected, the default action is Skip, leave it as is, and click on: Continue
If malicious objects are found, they show in the Scan results.
Ensure Cure (the default) is selected, then click: Continue > Reboot now, to finish the cleaning process.
(Note: If Cure is not available, select Skip, >>Do not select: Delete<<)
When done, the tool outputs its log to the disk with the Windows Operating System, normally C:\
Logs have a name like:
C:\TDSSKiller.X.X.X_12.04.2013_15.31.43_log.txt
Please post the TDSSKiller log in your reply.
Also download SystemLook:
64-bit: http://jpshortstuff.247fixes.com/SystemLook_x64.exe
Right-click on SystemLook.exe, and select: Run As Administrator
Copy the content of the following quote box into the main textfield (do not copy the word 'Quote'):
Click the Look button to start the scan.:filefind
iaStor.sys
When finished, a notepad window opens with the results of the scan.
Please post the SystemLook.txt (found on the Desktop) in your reply.
Last edited by cottonball; 13 Apr 2013 at 22:57.
I called support and they said since 45k events were in event viewer and I couldn't run disk check that I had a keylogger
Amingst
You don't have a key logger what you have is more of a rootkit. If you go to your post in the System Security thread Cottonball and Jacee will be glad to get that removed from your computer .
I called support... They said that since I had 45k events in event viewer and that I could not run disk check when scheduled at startup that I had a keylogger.
At this point I really want to stop the BSOD with code 0xD1 causes by iastorA.sys
Amingst,
We understand the frustration that may be caused by the current situation the computer is in.
If there is a rootkit involved, we need to find out what kind it is, in order to use the correct tools to remove it.
To resolve your problem, you need to stay cool, have some patience, and follow the instructions
posted above.
Well sure. That's the goal.At this point I really want to stop the BSOD with code 0xD1 causes by iastorA.sys
However, if you have a TDSS Rootkit that hides by infecting iastor.sys, it's not going to happen.
Go back to Post # 12, in the System Security forum, and follow those instructions.
Otherwise...
could fragmented iaStorA.sys Driver files be the cause of my BSOD with from that. I found that those driver files were fragmented