November 25th, 2010


Tracking down the malware

This is how they found  where the malware hid itself on my laptop, which is running WINDOWS XP:

1) Open up My Computer, click on C Drive
2) Click on Documents and Settings.
3) Click on Administrator
4) In the Explorer window, Click on Tools > Folder Options
5) In the Folder Options window, click on the tab.
6) Select "Show hidden files"
7) Unselect "Hide protected operating system files"

Look for a folder marker ".jnana"  That's the bad boy.

If you go into the .jnana folder, you may see files named with an IP address and a timestamp, something like .  Those are the output from the keystroke logger.  Look through these files for passwords and other sensitive information you've entered.  I don't know how you can tell if the logfiles have been uploaded.

There may be other places on your system where this bastard hides, according to the security experts.  If you find you've been infected, get  your system wiped and reloaded.  Nuking it from orbit is the only way to be sure.