OT: Removing keyloggerFollow

ad-aware from lavasoft has detected and removed the 2 keyloggers ive had on my comp, it seems you inevitabley get a keylogger now matter how safe you are.

I would format my drive, there's just the small problem of my XP cd being at my mothers house, so it'll be a few days at least before I can get it. And if I could remove it without, that'd be for the best for me.

About the internet access; I'm not so worried about that, because I'm not writing anything that anybody can use for anything. My allakhazam account is always logged in, so there's no need to enter any info there.

I have also deleted all cookies, except for the one from allakhazam.

Could firefox have stopped the keylogger from being installed, without informing me?

I'll try and get xoftspy, and run that and ad-aware some times. Thanks.

I know because I was in warlock forum at Oboards, and there was a thread about druids, with some pictures. I, dumb@ss, clicked on one of them. It was not from a domain that I know, yet the link showed up as wowwiki. And it turned out from the comments that it is indeed a keylogger. Don't ask me why I clicked. I am usually rather paranoid about protecting my computer and clicking weird links, *bangs head into table for the 27th time*.

Edit: Ebonspine, is it this program you mean: http://paretologic.com/products/xoftspyse/index.aspx ? I just want to be sure :p

Edited, Oct 10th 2007 1:30pm by KhamulDB

If you have gotten nailed by a keylogger, there is only one 100% effective way to ensure it was completely removed. That way it to reformat your drive and reinstall the OS to the way it was out of the box.

Yes, I realize its a pin in the @ss, but isn't it worth it to protect your accounts, Credit cards and other personal information?

Yes Khamul that is the program I was referring to :) It's sweet.

Hmm, that XoftspySE did find a few things, no keylogger though. And, in order to actually remove what it found, you'll have to get a license, which I won't, especially not with a keylogger somewhere. So, it's off to the shop for a reformat tomorrow.

Again, thanks for all the help :).

A last question: before I format the computer, I'd really like to do backups of some of my files. I have nothing really important, but especially my bookmark folder and musik collection would be a mess to recreate. I'm pretty sure that the keylogger won't be in the documents folder, nor in the firefox profile folder, but does anybody know for sure if there's a risk of it?

Really? That would be awesome. Not that I doubt you, but do you have any reference to where it says this? I'd rather err on the safe side, as I'm using this computer to access my bank account.

Download and install Process Explorer V11. LINK (if you want to use, or just google it).

It is a Microsoft application (actually a SysInternals app, until MS bought them). Think of it as task manager ^ 100. Once you have it installed and running you will be able to see every running process on your machine. You will also be able to see every file (including DLL's, where most spyware and nasty stuff lives) that the process has open. A neat feature of this app is that you can right click any file, or process and tell it to search the internet for information on its name. This is handy if you see an odd named file that you are not sure what it is. Unfortunately, because the software now belongs to MS, it will send you to live search, instead of google, like it did when it was owned by SysInternals. The live search results seem to always have what Im looking for, so its not that big of a deal.

If you find a process or DLL that looks like it might be a problem, you can kill the process, or just the running thread using the DLL. Even if it is a system process.

A few notes:
1. This is a very in depth tool, might be a learning curve on usage, depending on your skill. This tool can be used to manually remove spyware and/or a virus. There is more too it then just killing processes and deleting .exe or .dll files. Most of them time it will require some registry edits too. If you don't feel comfortable using the registry editor, DO NOT USE IT.
2. If you find a running process or DLL that is known to be a spyware, or virus, find a tool made to remove it specifically.
3. Remember to view the lower pane for more process information (CTRL-L)
4. There is an option (options > replace task manager) that replace the standard task manager with process explorer. I use it, its very handy.


Edit:
To anyone else that did not know about this utility, it has a ton of features I did not list here. Think like being able to see what processes are using what TCP/UDP ports, and the address of the other machine they are talking too(another good way to check for spyware). You can also manage each running thread in a process, and start a debug session on a running process. All very handy stuff when trying to diagnose a problems with your machine.

Edited, Oct 11th 2007 12:40pm by JasonAkkerman

That sounds really good, Neesh! Thank you very much for all the info! And the program you speak of there, JasonAkkerman, sounds very nice as well. I'll try that out when I get home (am on another computer now). :)