My firewall detected a keylogger today. I deleted it along with the files it used to access this computer.
It was called Ardamax Keylogger and it accessed this
computer via C:WINDOWS\system32\Macromed\Flash\NPSWF32.dll and a similar file named C:WINDOWS\
system32\macromed\NPSWF32\Flashutil.exe
Since I deleted those files the NSS banner at the top of the page does not display at all. When I deleted the keylogger, did the
flash player that enables the banner get deleted too? Basically, I guess I'm asking if the flash player that
drives the banner also contained the keylogger.
Cavechat.org
The Official Caving Forum of the National Speleological Society
NSS Home Page |
Flickr NSS Photo Pool | Online Cavers Network
CaveChat Room |
NSS Bookstore | Find Local Caving Club
IT question
Moderators: vtdarrell, Moderators
6 posts
• Page 1 of 1
IT question
by tncaver » Feb 4, 2008 4:46 pm
- tncaver
- NSS Hall Of Fame Poster
- Posts: 2642
- Joined: May 17, 2007 7:03 pm
Re: IT question
by Phil Winkler » Feb 4, 2008 7:17 pm
Good question. It wouldn't surprise me, tho, if it did.
TANSTAAFL, after all.
Google ought to reveal something.
TANSTAAFL, after all.
Google ought to reveal something.
Phil Winkler
13627 FE
13627 FE
-
Phil Winkler - Global Moderator
- Posts: 2375
- Joined: Sep 5, 2005 8:48 am
- Location: Wilmington, DE and Dewey Beach
- NSS #: 13627FE
Re: IT question
by vtdarrell » Feb 4, 2008 10:47 pm
C:WINDOWS\system32\Macromed\Flash\NPSWF32.dll is a dynamic link library required for the Flash player to work on your machine.
Many Adobe products (version 8 and earlier) were highly susceptible to attack. Adobe released updates for almost all of their products a couple of months ago to close their security holes. Do you recall what version of Flash you were using?
I'd say, download the latest full copy of Flash from Adobe (because updating a broken installation won't help much). In fact, I think I'd do a complete uninstall of your current Flash player before installing the latest and greatest.
http://www.adobe.com/products/flashplayer/
Many Adobe products (version 8 and earlier) were highly susceptible to attack. Adobe released updates for almost all of their products a couple of months ago to close their security holes. Do you recall what version of Flash you were using?
I'd say, download the latest full copy of Flash from Adobe (because updating a broken installation won't help much). In fact, I think I'd do a complete uninstall of your current Flash player before installing the latest and greatest.
http://www.adobe.com/products/flashplayer/
Darrell Wells
NSS IT Chairman
NSS# 55359
NSS IT Chairman
NSS# 55359
-
vtdarrell - NSS IT Chair
- Posts: 27
- Joined: Nov 10, 2007 9:29 am
- Location: Blacksburg, Va
- Name: Darrell Wells
- NSS #: 55359
Re: IT question
by tncaver » Feb 6, 2008 2:07 pm
After the NSS banner disappeared, there was a link for a flash plugin in it's place. I clicked on that
and now the banner is back. So far, I have had no more spyware detections.
My Anti spyware program also suffered a malfunction and would not download updated definitions.
I downloaded a new free version of it and now it works fine too.
Hopefully there will be no more problems.
Thanks for your input.
and now the banner is back. So far, I have had no more spyware detections.
My Anti spyware program also suffered a malfunction and would not download updated definitions.
I downloaded a new free version of it and now it works fine too.
Hopefully there will be no more problems.
Thanks for your input.
- tncaver
- NSS Hall Of Fame Poster
- Posts: 2642
- Joined: May 17, 2007 7:03 pm
-
Cheryl Jones - Global Moderator
- Posts: 2469
- Joined: Sep 2, 2005 11:53 pm
- Location: Virginia
- Name: Cheryl Jones
- NSS #: 14479 FE OS
- Primary Grotto Affiliation: BATS
Re: IT question
by Steven Johnson » Feb 7, 2008 1:19 am
This sounds like a false positive to me (unless your Flash install was somehow infected with the keylogger)... I've never heard of Flash being used for a general keylogging attack nor it being flagged in this way by a malware checker.
(As it happens, I work on the Flash Player for Adobe, so I'm not unbiased... but Flash is pretty damn secure! If you're getting these reports it may be indicative of a more general issue on your computer.)
(As it happens, I work on the Flash Player for Adobe, so I'm not unbiased... but Flash is pretty damn secure! If you're getting these reports it may be indicative of a more general issue on your computer.)
-
Steven Johnson - NSS Hall Of Fame Poster
- Posts: 310
- Joined: Sep 5, 2005 8:48 pm
- Location: Oakland, CA
- NSS #: 49562
- Primary Grotto Affiliation: Diablo Grotto
6 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users
POWERED_BY
Cavechat RSS Feed
Cavechat is the official caving forum of the National Speleological Society.
The NSS is not responsible for the opinions expressed, and cannot verify the accuracy of information presented.
Cavechat RSS Feed
Cavechat is the official caving forum of the National Speleological Society.
The NSS is not responsible for the opinions expressed, and cannot verify the accuracy of information presented.