Silkroad Online Forums

deleted it found it at C:\WINDOWS\jun6002.exe

I was setting up my firewall norton internet security configuring each programs access to the internet. I came accross this file so i googled it and found out it is a keylogger.

Not sure what to do now i deleted it running every scan know to man on my comp.

Is there anyway of finding out where it came from or if there is a way of completly removing it from my comp.

It's a part of a nasty piece of spyware that logs keystrokes, takes screen shots and observes program use hmmm...

Try scanning your pc again with adaware/avast/avg

heres the info

http://securityresponse.symantec.com/av ... rveil.html

heres the file locations, delete it all if u see it

# %ProgramFiles%\ODSP\banner.htm
# %ProgramFiles%\ODSP\banner.JPG
# %ProgramFiles%\ODSP\BLOWFISH.DLL
# %ProgramFiles%\ODSP\buy.htm
# %ProgramFiles%\ODSP\cximage.dll
# %ProgramFiles%\ODSP\Encrypt.dll
# %ProgramFiles%\ODSP\flash.exe
# %ProgramFiles%\ODSP\help.htm
# %ProgramFiles%\ODSP\htmluser.htm
# %ProgramFiles%\ODSP\htmlview.htm
# %ProgramFiles%\ODSP\irunin.bmp
# %ProgramFiles%\ODSP\irunin.dat
# %ProgramFiles%\ODSP\irunin.lgn
# %ProgramFiles%\ODSP\killproc.exe
# %ProgramFiles%\ODSP\MessageBox.exe
# %ProgramFiles%\ODSP\mfc42.dll
# %ProgramFiles%\ODSP\ODSP.dat
# %ProgramFiles%\ODSP\odsp.sf6
# %ProgramFiles%\ODSP\ODSPConfig.exe
# %ProgramFiles%\ODSP\ODSPHost.dll
# %ProgramFiles%\ODSP\ODSPHost_NT.exe
# %ProgramFiles%\ODSP\ODSPlay.exe
# %ProgramFiles%\ODSP\restart.bat
# %ProgramFiles%\ODSP\Utility.dll
# %ProgramFiles%\ODSP\welcome.exe
# %ProgramFiles%\ODSP\XT1931Lib.dll
# %Windir%\iun6002.exe
# %Windir%\otnsdd32.dat
# Additional log files in %ProgramFiles%\ODSP\Logs
# Additional profiles in %ProgramFiles%\ODSP\Profiles

registry keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ODSP 6.0.2
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ODSP Host
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_ODSP_HOST
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ODSP Host
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_ODSP_HOST

and adds the value "ODSPConfig"="%ProgramFiles%\ODSP\ODSPConfig.exe" to the reg. key

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

so delete it all and you're spy-free, free of that piece of spyware though

oh and here some more info >.>

Type: Spyware
Name: Desktop Surveillance Personal
Version: 6.0.3
Publisher: Omniquad
Risk Impact: High
File Names: flash.exe; MessageBox.exe; ODSPConfig.exe; ODSPHost.dll; ODSPHost_NT.exe; ODSPlay.exe; utility.dll; welcome.exe
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

They usually come from using bot programs so to prevent your account being stolen, always be sure to play the proper way.

no ive never botted or had any bot program on my computer it might not even be sro related.

EDIT ----

Thanks Igod ive searched for those files didnt find any of them. Found one of those reg keys inside a folder called 180 search assistant which i know is a spyware i had in the past lavasoft adware detected this months ago but it seems like it didnt clean it out completely.

oh.... and try too look for something related to that "Desktop Surveillance Personal" in your registry folder

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/Current Version/Uninstall, i don't know the exact key but there might be something related to that there, and also check out for 180 search there too, thats the reg. folder where uninstall notes are placed, u can manually uninstall programs from there... ok im glad i helped

You didn't use any auto-login, did you?

maybe his parent/himself installed Desktop Surveillance Personal thinking they would see where the pc is going around on the net... thats a keylogger that u intentionally install to spy on the pcs activities...

It's as simple as saying this. He uses Internet Exploder. That is where it came from.

lol

It's a program. A kind of program u need to install willingly.

Don't be so sure. I know people that are well known to this forum that got loggers installed on their sys and their char temporarily jacked all from just looking at some web pages in IE. No browser is perfect. Lynx though is probably the most secure. While IE is the least secure in general use. Firefox or opera are nice middle of the road browsers. I recommend either one highly over any version of IE even the latest version as of this time which is 7.

And here is a virus recommendation thread.

http://www.silkroadforums.com/viewtopic.php?t=22105