The best way to remove it is to reformat. Yeah, it's a lot of work, but it's
the only way you'll know for sure that its gone.

Are you sure it came in via an email? Based on both the file name and
google, it looks like a spy program a suspicious spouse or parent would
install.
http://www.google.com/search?q=familykeylogger

Outlook does not load via an ini file. How that particular keylogger works
is something those who frequent security forums would know.

--
Diane Poremsky [MVP - Outlook]
Author, Teach Yourself Outlook 2003 in 24 Hours
Need Help with Common Tasks? http://www.outlook-tips.net/beginner/
Outlook 2007: http://www.slipstick.com/outlook/ol2007/

Outlook Tips by email:


Outlook Tips: http://www.outlook-tips.net/
Outlook & Exchange Solutions Center: http://www.slipstick.com
Subscribe to Exchange Messaging Outlook newsletter:



"Peter Nolan" wrote in message
...


Hi All,
more on this one...

1. No..there is nothing in the sent items for the 0 of n emails being
sent....does anyone know how to track what emails are being sent
especially these 0 of 1? Can the tcp port be logged to see what is
going over it? Or can Outlook be made to log in more detail?


2. The directory that the spyware is in is "F:\Documents and Settings
\Peter Nolan\Local Settings\Temp\AAWTMP\C658777" and it is
familykeyloggersetup.exe..

Interestingly, if I open this folder in exlporer the name of the
subfolder keeps changing. I guess this is it's attempt to hide...

3. I have a dual boot machine so I booted the other OS opened outlook
there and scanned using ad aware and ad aware + mcafee found the key
logger again, this time on the C drive....So it would seem to me that
the spyware is somehow attached to the outlook folder because the
instance of outlook was completely separate. Does anyone know how to
look for what programs are loaded when outlook starts up? Is there
a .ini file or something? I would think the spyware must be attached
to the startup of outlook via the folder that held the original bugged
email.

"If you have all windows and office updates and do not open blocked
attachments and do not visit questionable, untrusted websites and use
the
default security settings (or tighten them), you should be ok. "

I gather that I have received an email that had the bug in it.....they
have done a pretty good job since they avoided mcafee on the way
in...though mcafee finds it when scanned by ad aware....it is
interesting to note that mcafee does NOT find it if it is run by
itself....probably because of the changing folder name.......

4. I have not yet figured out how to make sure I can get rid of it so
no credit card numbers getting typed into this laptop any time
soon.....

All ideas most welcome....

I will also post to the mcafee site.

Thanks

Peter