locked
Possible Virus - Keylogger during startup RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    Windows 10x64
    Possible virus, keylogger, spyware
    Symptom: Wave file created during computer startup- login, wave file is empty
         STREAM2_20160118_154031.wav
       " STREAM2_ yearmonthday_hourminuteseconds.wav "
    Have tried
     Microsoft Security Essentials
         No Viruses Detected
     Autorun
         detected the reg keys
         but I was unable to find or delete 2 of them
         Listed 13 reg keys at possible time, able to research 11 at MS
         2 were not found
    *******************************************************************************
     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects    1/18/2016 3:43 PM
    *********************************************************************
     HKLM\System\CurrentControlSet\Control\ServiceControlManagerExtension    1/18/2016 3:40 PM 
    ************************************************************************
     Windows Malicious Removal Tool
     
       Initial Scan
         detected 3 infections during scan
         but did not list them after scan was finished
         no malicious software deteced
       Secondary scan
         detected no infections
         no malicious software detected
     Malware Bytes Anti Rootkit
          found no problems

    • Edited by TexJay Tuesday, January 19, 2016 12:52 PM
    Tuesday, January 19, 2016 12:50 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi TexJay,

     

    I appreciate your observation for system security, if we can’t find a registry entry, it may be hidden.

    Check this website below to discover Hidden Registry Keys in Windows.

    http://nagareshwar.securityxploded.com/2010/01/30/discovering-hidden-registry-keys-in-windows/

    In your current scenario, I suggest to execute a full scan in the safe mode to see the result.

    For Windows 10, please forcibly shutdown two or three times, and system would enter advanced recovery interface. Click advanced options to enter WinRE. In WinRE, click troubleshoot->advance options->startup settings, click Restart, then system would boot to safe mode.

    On the other hand, about wav files, they seemed were created by the third-part software, please recall carefully what you have installed or downloaded recently, maybe something started automatically during system boot and created these wav files. Clean boot can be a suitable method, try it to test result.

    Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Hope my clarification is clear.

    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Marked as answer by TexJay Saturday, January 23, 2016 12:55 AM
    Wednesday, January 20, 2016 11:57 AM