Great_Gig Posted February 27, 2009 Posted February 27, 2009 I am currently looking at a system that has files in a sub-folder of system32, called 'dt' The full path is C:\windows\system32\dt\2007-03-18_14-45-10-1959387 The format would seem to be the time and date, followed by a serial number. The files are all screenshots and each one has 2 identical shots with similar paths, but 1 file is preceeded by 'th_' the created times are identical. I have had a quick look around and it appears these may have been created by a worm or keylogger. Does anyone have any knowledge of this happening before and what the program/script maybe that creates them? Many thanks. Share this post Link to post Share on other sites More sharing options...
d3bruts1d Posted February 27, 2009 Posted February 27, 2009 From what I could gather, it appears to be a key logger... apparently one that takes a screen shot every minute or so. Look and see if C:\WINDOWS\system32\bpk.exe is running and kill it if you can. May want to try running SpyBot, MalwareBytes, or Ad-Aware and see if they will remove it. Share this post Link to post Share on other sites More sharing options...
Great_Gig Posted February 27, 2009 Posted February 27, 2009 (edited) Many thanks for the help, bpk.exe is on the system and is part of the program Perfect Keylogger - http://www.blazingtools.com/ Makes this very interesting now, as people will want to know who is watching who! Glad it's not my system . . . Edited February 27, 2009 by Great_Gig Share this post Link to post Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now