(see image link below as I can't attach a *.txt file to this group).

http://i13.tinypic.com/40l2t81.jpg


When I found my IE 6 browser refusing to open several browsers at a time,
I did a ctrl-alt-delete and found two SERVICES processes. I also saw that
my IEXPLORE.exe file would still be open as a memory hog (130 mg) even
after closing all open browser screens. After using Crapcleaner to clean
the temp files and cache, I ran a services.msc command and noticed this
Key*** service, which I knew I never had before. The attached image link
shows half of the places I found where it appeared in my registry.
Obviously, Crap Cleaner deleted the exe file in the temp directory.
When I was in services, I disabled it (it was set to "manual").


I've searched all over Google and can't find any references to it.

Hijackthis picked it up as an 023 item - Unknown owner - \LOCALS~1\Temp
\exe (file missing)

Before I delete all the registry references to it, would anyone here know
of any site that discusses it?

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:cbT_g.1988$rx.579@trnddc04:

> From: <betty889125@hotrmailnospam.org>
>
>| (see image link below as I can't attach a *.txt file to this group).
>|
>| http://i13.tinypic.com/40l2t81.jpg
>|
>| When I found my IE 6 browser refusing to open several browsers at a
>| time, I did a ctrl-alt-delete and found two SERVICES processes. I
>| also saw that my IEXPLORE.exe file would still be open as a memory
>| hog (130 mg) even after closing all open browser screens. After
>| using Crapcleaner to clean the temp files and cache, I ran a
>| services.msc command and noticed this Key*** service, which I knew I
>| never had before. The attached image link shows half of the places I
>| found where it appeared in my registry. Obviously, Crap Cleaner
>| deleted the exe file in the temp directory. When I was in services, I
>| disabled it (it was set to "manual").
>|
>| I've searched all over Google and can't find any references to it.
>|
>| Hijackthis picked it up as an 023 item - Unknown owner -
>| \LOCALS~1\Temp \exe (file missing)
>|
>| Before I delete all the registry references to it, would anyone here
>| know of any site that discusses it?
>|
>
>
>
> Please submit a sample of "keygodsx.exe" to Virus Total --
> http://www.virustotal.com/flash/index_en.html
> The submission will then be tested against many different AV vendor's
> scanners. That will give you an idea what it is and who recognizes it.
> In addition, unless told otherwise, Virus Total will provide the
> sample to all participating vendors.
>
> You can also submit a suspect, one at a time, via the following email
> URL... mailto:scan@virustotal.com?subject=SCAN
>
> When you get the report, please post back the exact results.
>
> It uses RootKit techniques so I suggest using Gmer.
> http://www.gmer.net/
>
>
>

I'd like to submit the file, except that I ran Crap Cleaner even before I
knew it was on the system. Crap Cleaner deleted it.
I'm going to run the above rootkit program as well as Sysinternals and a
few others.

Do you think it's time for Multi A-V? Is is safe to run these online
scanners rather than downloaded the signatures like Multi-AV does?
Don't the online scanners record every filename on your computer?
Secondly, isn't there stuff they can't find because of one's firewall?

I have McAfee's SiteAdvisor as a BHO, use IE-Spyad and have a HOSTS file,
plus use Avast and a firewall. Still, it's amazing how these things
infiltrate a computer. I was reading on one of the security sites that
Spyware problems are soaring.

I wonder if it pays to change the name of your computer, sign on name,
password, and release and renew IP addresses on a regular basis.

Someone better inform the media soon how serious a problem this is
becoming. Any guesses as to how many home computers are seriously
infected around the world?

(Please excuse my crossposting, but I'm incensed at my violation of
privacy with this spyware/malware/trojan problem and I feel that the more
individuals who read about this particular keylogger, if that's what it
is, the better.)

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:cbT_g.1988$rx.579@trnddc04:

> From: <betty889125@hotrmailnospam.org>
>
>| (see image link below as I can't attach a *.txt file to this group).
>|
>| http://i13.tinypic.com/40l2t81.jpg
>|
>| When I found my IE 6 browser refusing to open several browsers at a
>| time, I did a ctrl-alt-delete and found two SERVICES processes. I
>| also saw that my IEXPLORE.exe file would still be open as a memory
>| hog (130 mg) even after closing all open browser screens. After
>| using Crapcleaner to clean the temp files and cache, I ran a
>| services.msc command and noticed this Key*** service, which I knew I
>| never had before. The attached image link shows half of the places I
>| found where it appeared in my registry. Obviously, Crap Cleaner
>| deleted the exe file in the temp directory. When I was in services, I
>| disabled it (it was set to "manual").
>|
>| I've searched all over Google and can't find any references to it.
>|
>| Hijackthis picked it up as an 023 item - Unknown owner -
>| \LOCALS~1\Temp \exe (file missing)
>|
>| Before I delete all the registry references to it, would anyone here
>| know of any site that discusses it?
>|
>
>
>
> Please submit a sample of "keygodsx.exe" to Virus Total --
> http://www.virustotal.com/flash/index_en.html
> The submission will then be tested against many different AV vendor's
> scanners. That will give you an idea what it is and who recognizes it.
> In addition, unless told otherwise, Virus Total will provide the
> sample to all participating vendors.
>
> You can also submit a suspect, one at a time, via the following email
> URL... mailto:scan@virustotal.com?subject=SCAN
>
> When you get the report, please post back the exact results.
>
> It uses RootKit techniques so I suggest using Gmer.
> http://www.gmer.net/
>
>
>

I'd like to submit the file, except that I ran Crap Cleaner even before I
knew it was on the system. Crap Cleaner deleted it.
I'm going to run the above rootkit program as well as Sysinternals and a
few others.

Do you think it's time for Multi A-V? Is is safe to run these online
scanners rather than downloaded the signatures like Multi-AV does?
Don't the online scanners record every filename on your computer?
Secondly, isn't there stuff they can't find because of one's firewall?

I have McAfee's SiteAdvisor as a BHO, use IE-Spyad and have a HOSTS file,
plus use Avast and a firewall. Still, it's amazing how these things
infiltrate a computer. I was reading on one of the security sites that
Spyware problems are soaring.

I wonder if it pays to change the name of your computer, sign on name,
password, and release and renew IP addresses on a regular basis.

Someone better inform the media soon how serious a problem this is
becoming. Any guesses as to how many home computers are seriously
infected around the world?

(Please excuse my crossposting, but I'm incensed at my violation of
privacy with this spyware/malware/trojan problem and I feel that the more
individuals who read about this particular keylogger, if that's what it
is, the better.)