According to symantec's virus index, spyware.perfect is a keylogger. Using the site is easy and fun. He also checked the log that I posted in this thread to confirm that there was nothing else suspicious.I sent him a copy, and within 15 minutes, he'd changed the BOClean Member Login Remember Me Forgot your password? https://www.symantec.com/security_response/writeup.jsp?docid=2003-100210-1458-99

And it makes me breathe easier having kids who don't always practice safe computing. · actions · 2003-Nov-29 3:01 pm · Gavin_THjoin:2003-04-03Australia

http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.perfectspy.html

Here are the contents of the log file:Logfile of HijackThis v1.97.7Scan saved at 2:00:58 PM, on 11/29/2003Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec

Scanning for and deleting the infected files Start Norton AntiVirus and make sure that it is configured to scan all the files. When I loaded up Boclean it went off like a pinball machine! 15 in all before it quieted down. Note: Definitions prior to April 13th, 2005 may detect this risk as Spyware.Perfect.B.SymptomsThe presence of one or more files detected as Spyware.Perfect.TransmissionMust be installed on the system by executing a file.Antivirus Yes, my password is: Forgot your password?

George Del Monte wrote: > Here's my problem: Norton AntiVirus 2005 says a file, RAR.EXE, which I Log in or Sign up PC Review Home Newsgroups > Microsoft AntiSpyware > Security Signatures > NAV "finds" Spyware.Perfect Discussion in 'Security Signatures' started by George Del Monte, May 6, 2005. Any advice?

What's up with these keyloggers? · actions · 2003-Nov-30 12:58 am · anthrorulesPremium Memberjoin:2003-09-14Rollinsville, CO

I'd be interested to know how a keylogger can One of them was something called Family Keylogger. Read the document, "How to make a backup of the Windows registry," for instructions.

Back to top #4 SifuMike SifuMike malware expert Staff Emeritus 15,385 posts OFFLINE Gender:Male Location:Vancouver (not BC) WA (Not DC) USA Local time:12:18 AM Posted 17 May 2007 - 10:34 It contained spyware.perfect (according to Norton) and I am now infected. business days (Monday through Friday).

I've contacted them.

Modifies the following registry values: "LocationInformationOverride" = "3f,04,3e,04,34,04,3a,04,3b,04,4e,04,47,04,35,04,3d,04,20,00,32,04,20,00,3f,04, 3e,04,40,04,42,04,20,00,3a,04,3b,04,30,04,32,04,38,04,30,04,42,04,43,04,40,04,4b,04,00,00" "DriverDesc" = "21,04,42,04,30,04,3d,04,34,04,30,04,40,04,42,04,3d,04,30,04,4f,04,20,00,28,00,31,00,30,00,31,00,2f, 00,31,00,30,00,32,00,20,00,3a,04,3b,04,30,04,32,04,38,04,48,04,38,04,29,00,20,00,38,04,3b,04,38,04,20, 00,3a,04,3b,04,30,04,32,04,38,04,30,04,42,04,43,04,40,04,30,04,20,00,50,00,53,00,2f,00,32,00,20,00,4d, 00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,4e,00,61,00,74,00,75,00,72,00,61,00,6c,00,00,00" in the subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\0000 Modifies the value: "Keyboard Port" = "05 00 00 00 01 00 Can't Remove Malware? How to Remove Mandami.ru with Easy Solution? Remove Spyware.Perfect before it breaks your system.

George Del Monte, May 7, 2005 #5 George Del Monte Guest Thanks, Steve. To learn more and to read the lawsuit, click here. George Del Monte, May 6, 2005 #1

Records the keystrokes on the computer and logs them in a file. If you should have a new issue, please start a new topic. Run a robust, updated antivirus software scan 7. When somebody uses your email address by mistake [Security] by MacGyver241.

Spyware.Perfect!rem should be removed upon detection with a good anti-spyware program. Summary| Technical Details| Removal