Virus warning + fix (keylogging.aa)

AndrewG · 08 Oct 2008, 21:44

A new virus seems to be going around on the net which has started since September I believe:
I got the virus on my computer that consisted of several parts:

1. keylogging malware (something you definitely do not want)
2. disabling easy access to the Windows Task Manager (though that did not outsmarten me in the slightest)
3. Extremely irritating pop ups mentioning different virusses ("Windows Securty Alert", keylogger.aa, greenscreen, bankfraud - bla di blah). Note these popups are NOT genuine Windows alerts, although they are made to look that way. In fact they still appeared when the rest of the virus was gone. They come onto the screen every 15 minutes with a link to a fake virus program (those ~~~~~~~s).

So what did I do to get rid of this stupid chlidish carry on?:
Ran three good malware deletion programs:

Adaware
Spy Bot Seach n Destroy
Walware Bytes Anti Malware

These seem to get rid of the actual virus (the keylogging and whatever else was going on). Think Spy Bot and Anti Walware worked this out between them.

I also use Antivir (free antivirus software) and followed some steps they explain on their forum though that did not help me.

After this I was still getting the messages coming up and found out that a program called "FSZMHUNO~~~~~" was running and causing this (strange that there are no google results for this yet). So killed that from the process tree in the taskmanager(which was easily available again - thank you free anti spy software) and renamed the executable in windows/system32 folder which prevents it from starting up. So everything seems fine and dandy again.

(other fixes online didn't help me much)

Perhaps this info is useful to anybody else having the same problem or running into it. I can't guarantee it will work for everyone of course or if in fact it has made my computer 100% virus free, but it helps I think.

I believe I got this virus via a website where I was trying to download some song chords from (those sites are often riddled with pop ups and ads and think it downloaded from there onto my computer).

R. · 08 Oct 2008, 22:25

Quote:

Originally Posted by AndrewG

... and renamed the executable in windows/system32 folder ...

Free best practise tip of the day: Do not surf the web using a user account with admin privileges. Use a restricted (a regular user account) for your daily work and only use the admin account for installation purposes. This way no application or process spawned by an exploit found on a website can write anything to sensitive system areas like registry, program files, %systemroot% or even %systemroot%\system32 and thus rendering most exploits ineffective.

If that's not an option for you, use Google and search for "DropMyRights".

AndrewG · 08 Oct 2008, 22:41

That is actually a great idea.
Will create another user for that.
I seriously do not want to reinstall XP again in the short term. It takes ages as I have a lot of music stuff installed which I can't live without.

AndrewG · 08 Oct 2008, 22:50

Cheers R. Browsing the net now with my internet surfing account. Only took 7 minutes to set up and start using.
Thanks for the tip.

08 Oct 2008, 21:44	#1
AndrewG I hope your salmon sucks! Join Date: 18.01.2004 Location: Northamptonshire Posts: 7,080	Virus warning + fix (keylogging.aa) A new virus seems to be going around on the net which has started since September I believe: I got the virus on my computer that consisted of several parts: 1. keylogging malware (something you definitely do not want) 2. disabling easy access to the Windows Task Manager (though that did not outsmarten me in the slightest) 3. Extremely irritating pop ups mentioning different virusses ("Windows Securty Alert", keylogger.aa, greenscreen, bankfraud - bla di blah). Note these popups are NOT genuine Windows alerts, although they are made to look that way. In fact they still appeared when the rest of the virus was gone. They come onto the screen every 15 minutes with a link to a fake virus program (those ~~~~~~~s). So what did I do to get rid of this stupid chlidish carry on?: Ran three good malware deletion programs: Adaware Spy Bot Seach n Destroy Walware Bytes Anti Malware These seem to get rid of the actual virus (the keylogging and whatever else was going on). Think Spy Bot and Anti Walware worked this out between them. I also use Antivir (free antivirus software) and followed some steps they explain on their forum though that did not help me. After this I was still getting the messages coming up and found out that a program called "FSZMHUNO~~~~~" was running and causing this (strange that there are no google results for this yet). So killed that from the process tree in the taskmanager(which was easily available again - thank you free anti spy software) and renamed the executable in windows/system32 folder which prevents it from starting up. So everything seems fine and dandy again. (other fixes online didn't help me much) Perhaps this info is useful to anybody else having the same problem or running into it. I can't guarantee it will work for everyone of course or if in fact it has made my computer 100% virus free, but it helps I think. I believe I got this virus via a website where I was trying to download some song chords from (those sites are often riddled with pop ups and ads and think it downloaded from there onto my computer).

08 Oct 2008, 22:41	#3
AndrewG I hope your salmon sucks! Join Date: 18.01.2004 Location: Northamptonshire Posts: 7,080	That is actually a great idea. Will create another user for that. I seriously do not want to reinstall XP again in the short term. It takes ages as I have a lot of music stuff installed which I can't live without.

08 Oct 2008, 22:50	#4
AndrewG I hope your salmon sucks! Join Date: 18.01.2004 Location: Northamptonshire Posts: 7,080	Cheers R. Browsing the net now with my internet surfing account. Only took 7 minutes to set up and start using. Thanks for the tip.