Stange Keylogges detected.

I have a dsl modem/router and i have only
enabled port redirection/forwardinf at router's port 80 to the internal
host of mine 10.0.0.1.

I thought it was safe because the only info that could past from my
modem/router to my local pc would be a web page request like
www.nikolas.tk

By running several spyware/virus scans i noticed 3-4 different keyloggers
on my computer for example one was names Keyboard Spectator Pro, another
was names Captain Mnemo etc.

My question is how would one could manage to install all these kind of
spywares/keyloggers to my pc the minute that i have a hardware firewall
and the only port forwarding rule i have enabled is

dsl port 80 => 10.0.0.1 that my web server is running on?

Is it possible to inject some kind of spyware/keylogger through a webpage
request?

Iam using SP@

Short Answer: Yes. There are plenty of known exploits using port 80 and pages served through port 80. most of them are browser related.

It is in fact possible to install and inject malware through a http webpage. one common route is microsofts activeX which is known entry point for several types of malware. improperly patched IE and windows systems are also susceptible to javascipt based attacks. it all depends on which sites you visit and how safe are your browsing practices. In general you should be very careful what activeX components you allow a website to run on your computer. Browsers are often the target route for spyware/hijackers/adaware/dialers/trjans/virii to get installed onto your system.

please see the following links for more detail on these topics:
Understanding these kind of infections
Keep your computer safe
How do i get infected

You should use your windows hosts file to block dangerous and known-to-be-bad sites. the windows hosts file is located at c:\windows\system32\drivers\etc\ for windows NT based systems (xp,nt,2000,2003). What it does is, basically, tell your browser that any requests for the sites blacklisted in the host file, should be directed bask to the computer (127.0.0.1) itself rather than to the internet, effectively protecting you. you can also add this list to your router, using whatever firmware the router provides you.

Excellent tips from another moderator concerning the use of a hosts file:



Stay away from porn and warez sites and you will in general have a trouble free surfing experiance.
Please update IE as far as possible and google around for the changes in the default setting of IE you should make to help keep your system clean.

nearly 90 % of all infections are aimed at IE, so switching to another browser like Mozilla Firefox or Opera or netscape will improve your security. Also these browsers, escpecially Firefox come out with security patches very fast, so your are better protected. I reccomend Firefox.

a good place to review information on all kinds of security issues is here:

www.cert.org

If you do have several keyloggers on your system it is likely that there are other malware programs on your system that have not been detected and continue to exist on your system. please download Hijackthis from the link provided in my signature and post a log in this thread form the experts to go through. they will let you know if you have any malware still on your system. the forum stickies are also a worthy read.

If you desire more information on a particular browser vulnerbility or attack, please dont hesitate to post and ask your questions.. knowledge is power in the long battle against malware
cheers

Thank you one MSBi for your suggestions.

Actually i ahve sP@ and iam using Firefox v1.0.4 and Apaceh v2.0.45 but i do visit warez sites and downlaod from p2p apps like eMule.

I use SpySweeper v4, i just switched today from Microsoft's Antispyware and the former found 4 more infections threats than the latter.

Whats your suggestion about AntiSpyware Software for XP use?

Also i wonder if someone can deleberately use my webpage url to injext and install keyloggers.

Also before a few days i found this:

http://10.0.0.138/upnp/control/wancic

probably a variant of bAT/KillFiles trojan

10.0.0.38 is my internal router lan ip , the rest i dont know.

can you please explain that to me and how i might be infected with that?

there are 3 issues heer which seemed to be getting merged.

First:
If you are running a website and using apache as your webserver, and you are concerned with the secuirty of your website/webserver then the best thing to do is regularily check the pache development site for secuiryt updates, and patches. keep an eye their website for vulnerability announcement. because they are open source, they usually detect and patch weaknesses quite fast. for more details, the apache forum here on devshed is a good place for your queries.
Concerning the ability of a hacker to deface your website, or compromise it in such a way so as to infect the visiters to website, well this is out of my knowledge area to be honest. for a good understanding of such an issue, you should post in the Security Policies forum.

Second:
Concerning your computers security due to threats from the surfing you do, well i would reccomend caution and prudence on your part as an internet user. I'm not a big fan of warez, so if you must use them, please be picky about the sites you use. do not allow them to install anything onto your machine while you are surfing. If you must use p2p, then i would suggest you try shareaza, but the primary danger here is that the very files traded on these networks commonly have trojans or virii embedded in them. certain software like edonkey and kazaa also come bundled with spyware and adware. use them with caution
For antivirus software you can use, well on the freely available side i reccomend AVG (see my sig for a link). this forum's stickies have a few more Antivirus software suites mentioned. AVG should sufice for most of the home users needs. Update them regularily.
For a good freely available firewall, i reccomend ZoneAlarm. its very efficient and effective. the Pro version is paid, and also comes highly reccomended. please update it as often as possible.
Spybot's search and Destroy, Ad-aware, Spyblaster, and Spygaurd are all decent freeware programs you should download and run to help you clean out your system (although they are aimed at IE users). the combination of Zonealarm-AVG-Spybot-Adaware should keep you pretty safe from most internet and browser malware. Its good to see you use firefox. that will greatly help secure your pc.

Third:
I do not anything about that file you mentioned. my googling came up with the same page you probably saw. I strongly suggest you download Hijackthis from the link provided in my signature and post a hijackthis log here, so that we can check and see if you have any more malware on your pc. I will look out for more information on the file you mentioned. maybe another user here on his forum will have more knowledge on that file
cheers

If you're running Apache, then I would recommend going back to 1.3.3 as its the most rock solid tested server out there.

For security on top of that, I compiled a complete list of everything you should have to make windows safe.

http://forums.devshed.com/attachmen...tachmentid=7710

Thank you all, actually with spysweeper i have now deleted all the security threats.

i would not rely on individual clean up tools giving you a clean bill of health , as you have experianced first hand the effects of that. (as soon as you tried something other than microsfts antispyware you found all this right ?) i still advise you to post a hijackthis log here, so that we may go over it.
If you do not intend to run hijackthis and if you have no more queries, please post back and let us know. i will then close this thread seing as you seem to have sorted out any questions you had
have a nice day.