AFAIK, this appears to have originally been developed as a logger program used by a group of advertisers, supposedly to track their "click-through" rate and thereby confirm their revenue.
Unfortunately, it appears to have been spoofed by another group registered out of Panama, who may be using the keyboard logging for more nefarious purposes.
The best prevention I've been able to find is to keep the spoofed domain blocked in every one of my browsers' "blacklists".
To me, any covert downloading of executable code, rather than of cookies, is "black-hat" hacking. I'll do whatever I can to keep my system clean.
Using OpenDNS servers on your NICs will also help prevent access to known bad sites.
Hi, simrickQUOTE = simrick; 809272]
Please do NOT, under any circumstances, download and install Spyhunter!
Here are the steps I would recommend to clear your system
Run the following programs in this order:
TDSSKiller (check all boxes and let it reboot so it can scan properly)
RKILL (again, because everything RKILL does is undone by a reboot)
ADWCleaner (scan, then clean; it will reboot as well)
Malwarebytes Antimalware full custom scan of all drives (be sure to check the box for Rootkits)
Then, run Ccleaner on your registry, and also all your browsers' cache and temp files.
That should clear your system of this infection properly.
EDIT: all these programs are free.
I found the time earlier this week to do the cleanup per your excellant instructions. As far as I can tell, the problem is gone. Everything went straightforward and almost every step found at least a few more things to remove. ADWClearner found 22 items to delete, which impressed me until I got to CCleaner - it found and removed 3.75 GB (not MB) of stuff, including 2,042 cookies (which included a “pub----.com” cookie - see last image). I've been using this computer since 2009, but I did not realize it was dragging such a burden along with it.
I have attached snips of the various logs (the numbers indicate the matching step in your instructions). My next step will be to make sure my Java is up to date.
Thank you again for your help, and thanks to the others on this site for all the support.
(UPDATE: Changed the JPEGs to PNGs for better viewing. Thanks for the tip, eLPuSHeR)
Last edited by Ron79; 17 Sep 2016 at 13:52.
A small suggestion Ron. Try using PNG as format for those screen captures. Those JPEG are really hurting my eyes.
Congrats Ron, great work on getting it cleaned up.