Magekíd's guide: How to CLEAN your PC from keyloggers.

Hi all, this guide will help you on how to clean your pc from keyloggers.
Please take a look.

Screenshots have now been added!!!
Please also take a look at the Unofficial Helper's Forum (with IRC!)
> http://forum.anayra.info/ < (Thanks to Anayra for running this!)


English is not my mother tongue, so some things are hard for me to explain, but I think i'm doing a good job, in general ^^

First of all, [b]a note: Hijackthis is a tool, used for finding infections in your computer. Please note: THIS IS NOT A SCANNER. It shows both malicous rules, but also LEGIT rules. Do not fix rules in Hijackthis yourself!
You can find a list of forums that are qualified to look at your Hijackthis log here: http://asap.maddoktor2.com
In addition, here’s a list of forums where you can post your hijackthis logfile. – If you know any others, please let me know in a comment/reply!
Dutch/Belgium:
www.hijackthis.nl/forum
www.minatica.be/forum.php
http://www.antispywareoffensief.nl/forum/

English:
http://www.spywareinfoforum.com/
http://forums.techguy.org/
http://www.techsupportforum.com/


Before posting a Hijackthis log, please do the following steps upfront. I know this is alot of work, but that way most malware is already deleted and your logfile can be looked at faster.
Please remember: Follow ALL steps, including step 7

Note: Vista Users must run installations and the downloaded programs as Administrator. You can do this by right-clicking the program and select Run as Administrator (The screenshot shows it for Hijackthis, You must use this for every program we use here)
http://img408.imageshack.us/img408/6665/guide1bb5.jpg <-- Screenshot

1. Download ATF Cleaner here: http://www.atribune.org/ccount/click.php?id=1 - and save it somewhere (Desktop for example)

- Start ATF Cleaner and check everything except "Prefetch" at the tab "Main". Then press "Empty Selected"
http://img510.imageshack.us/img510/5641/guide2xo7.jpg <-- screenshot

- If you use Firefox as your browser, go to the Firefox tab and check everything except "Firefox Saved passwords". Then press "Empty Selected"
http://img220.imageshack.us/img220/9761/guide2qu7.jpg <-- Screenshot

- If you use Opera as your browser, go to the Opera tab and check everything except "Saved Passwords". Then press Empty Selected.

2. Download Ad-aware 2008 Free here: http://www.download.com/Ad-Aware-2008/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5&cdlPid=10903602 - and install it. If you get an license note during the installation, press Use Free After the installation, start Ad-Aware and press Update.
http://img67.imageshack.us/img67/3198/guide3po0.jpg <-- screenshot
When Ad-Aware is finished updating, press Scan and do a Full system scan
When the scanning is completed, You'll see two tabs with infected objects. The first tab contains Critical Objects and the second tab Privacy Objects Check everything at both tabs and press Remove At the top of both tabs you see a number which says the amount of infections found. Please wait until both numbers say "0" and then press Complete.
http://img90.imageshack.us/img90/2029/guide4pg7.jpg <-- screenshot
Close Ad-Aware

3. Download Spybot Search & Destroy here: http://www.safer-networking.org/en/mirrors/index.html - and install it. During the installation, uncheck "Use Internet Explorer protection (SDHelper)" and "Use system settings Protection (TeaTimer)"

When the installation is completed, start Spybot S&D and press OK at the notice you get about Ad-Aware. It may also notify you about deleting temporary files. Just select yes Follow the Wizard, and when the wizard is done press Update in Spybot. Search for updates, check all available updates and install the updates. After that press the Immunize tab and Immunize your system. When the Immunization is done, press the Search & Destroy tab and start scanning your computer.
http://img520.imageshack.us/img520/7301/guide5br0.jpg <-- screenshot

When Spybot S&D is done scanning. Check all found objects and press Fix Selected Problems.
If Spybot S&D cannot delete all found objects, it will ask if it can scan at the next reboot to fix the problems. Press Yes.
http://img70.imageshack.us/img70/439/guide6uc1.gif <-- screenshot
Now close Spybot S&D.

4. Download MBAM (MalwareBytes' Anti-Malware) here: http://www.besttechie.net/tools/mbam-setup.exe - and install it. Make sure that at the end of the installation, Update MalwareBytes' Anti-Malware and Start MalwareBytes' Anti-Malware is checked.
http://img218.imageshack.us/img218/9350/guide7bi9.jpg <-- screenshot
When MBAM is started. Go to the Scanner tab and do a Full scan
http://img512.imageshack.us/img512/9767/guide8iv5.jpg <-- screenshot
Once MBAM is done scanning, press Show Results and make sure all found objects are selected. After that press Remove Selected
http://img255.imageshack.us/img255/5509/guide9sm1.jpg <-- screenshot
When MBAM is done deleting objects a logfile will open. You can close this logfile.
The Logfile will automatically be saved at the Logs tab in MBAM.

If MBAM found objects that can't be deleted, it will ask to reboot your computer. Allow this and restart your computer.

4. If you didn't restart your computer after running MBAM, restart it now anyway.

5. Do a full system scan with your virusscanner and remove all found infections.
If you do not have a virusscanner, you can scan online with one of these scanners. (Use Internet Explorer to scan)

BitDefender: http://www.bitdefender.com/scan8/ie.html
Panda: http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Kaspersky: http://www.kaspersky.nl/scanner

Remove all infections found.

6. Restart your computer.

7. Download Hijackthis here: http://download.bleepingcomputer.com/hijackthis/HJTInstall.exe - and install it. After the installation Hijackthis will open. Press Do a systemscan and save a logfile.
http://img165.imageshack.us/img165/4533/guide10pz1.jpg <-- screenshot
A notepad file will open. In the Notepad file, press CTRL + A to select everything, CTRL + C to Copy everything. Then press CTRL + V in a new topic at the forum you want to post the log.

Also paste the MBAM log on the forum you place the Hijackthis logfile.


Many thanks for reading, if you have questions or problems, please ask :)

Also: Please note: Doing this all, is NOT A GUARANTEE your computer is not infected. There is no scanner that has a 100% detection rate.

- Magekid

Thank you both ;) I hope the people who need it also find it useful :)

- Magekíd

AD-Aware is rather rubbish. Spybot is much better, by far.

Just use linux :)

---

Q u o t e:
Just use linux :)

---

Or shoot yourself in the head, same effect :)

You could have posted it a lot shorter by just saying use Hitman Pro, which uses all the tools described above.


More info: http://www.hitmanpro.nl/hitmanpro/content/view/3/9/lang,en/

* Downloads and installs automatically well-known anti-spyware programs, such as CWShredder, Ad-Aware, Spybot S&D, Spy Sweeper, Ewido Micro, Spyware Doctor, Spyware Blaster, NOD32, Windows security updates, hotfixes against unpatched security leaks, etc.
* Downloads automatically the latest updates (this is often a manual task without Hitman Pro).
* Controls automatically the third-party anti-spyware programs. Scans and removes found threats and protects against malicious ActiveX components.
* Makes use of (if applicable) purchased versions of commercial anti-spyware programs (such as NOD32, Ad-Aware, Spy Sweeper, Spyware Doctor).
* Configures the anti-spyware software for optimal results.
* Generates one comprehensive report and presents the user with a clear picture on contamination and protection.
* Expert-function for advanced users for full control over the found objects (files, registry keys)

The version of Hitman Pro you are talking about is rubbish imo ;) Generally, it's not being recommended by Anti-Malware forums. Uses alot of software with trials, having bugs (suddenly stops, or doesnt delete infections found and just continue). The newer version of Hitman Pro doesn't use these scanners, and that one is nice. However it doesn't use NOD32, Ad-Aware etc... just a standalone scanner from Hitman Pro itself.

- Magekíd

Huge amount? 3 scanners, 1 trash cleaner (like ccleaner), online scanners (no software installation) and Hijackthis, (which is no scanner, only generates a report from/about your computer)

Not that much imo ^^

Careless? If you manage to keep ur pc 99% clean that way, nah, but if you download pr0n, torrents, and whatever, yes :)

Well if it turns out you DO get infected, here's what to do :)

---

Q u o t e:
Blue tagged as well :-)

This should be very useful for those who were looking for attractive legs ;-)

---

Vaneras you are the best Blizzard Poster there is, have my sex legs.

---

Q u o t e:
Hi everybody,

---

Hi Dr Nick!

If you get curious about your posting being reported, I'm responsible for that. This deserves some sticky goodness.

I can finally have sex legs without a threat of keylogger! Thanks!

Nice idea

today someone posted this link about warlcok t7 ( was the picture for pink coloured boa paladin t5?? ) and had the link wowinsidAr i just clicked it since everyone was makeing a funny about it, when 2 people sharted shouting keylogzor etc.

i just did these scans and nothing turnes up. it was funny to see tho, that the scans i used where exactly the same as you posted here, just 1 little difference, i also use a free scanner(spyeraser), that cannot remove the files ( need to pay for that ). i found that this particular scanner would find more files then any of my other scanners, including problems in my registry keys ( which can be deleted manually ).

i was happy none of the scans did show up something, just shows how people are quick to call out keylogger, and might get innocent posters banned.