J
JAM
I suspect I have a keylogger on my XP computer. What are good ways to
discover and remove it?
discover and remove it?
- Status
L
Leonard Grey
Make sure that your anti-malware software is running, then download the
latest signatures and run a full scan.
If you don't have comprehensive anti-malware software, that's like
driving a car without seats belts or air bags. Either way, you're
eventually going to get hammered. Install comprehensive anti-malware
software and learn how to use its features. A 'comprehensive' solution
scans for all types of malicious software in the background, on demand
and on schedule.
For now try scanning your system with /several/ of the better online
scanners, such as:
Kaspersky Antivirus (http://www.kaspersky.com/virusscanner)
Panda ActiveScan (http://www.pandasoftware.com/activescan)
Download HijackThis from www.trendsecure.com. Run it, save a log, and
post the log at one of the many sites that support HJT, such as
spywarewarrior.com, bleepingcomputer.com, and temerc.com -- but not
here. Within a day, sometimes within an hour, you'll have one-on-one
step-by-step advice from a security expert on cleaning up any
infestations—or you'll have a clean bill of health from the volunteer
expert.
Even the best detection and removal software can't fix every malware
infection. If none of the above remove the infection, you may want to
show the computer to a professional.
---
Leonard Grey
Errare Humanum Est
Security Tips for Everyone, from PC Magazine
http://www.pcmag.com/article2/0,2817,2334856,00.asp
latest signatures and run a full scan.
If you don't have comprehensive anti-malware software, that's like
driving a car without seats belts or air bags. Either way, you're
eventually going to get hammered. Install comprehensive anti-malware
software and learn how to use its features. A 'comprehensive' solution
scans for all types of malicious software in the background, on demand
and on schedule.
For now try scanning your system with /several/ of the better online
scanners, such as:
Kaspersky Antivirus (http://www.kaspersky.com/virusscanner)
Panda ActiveScan (http://www.pandasoftware.com/activescan)
Download HijackThis from www.trendsecure.com. Run it, save a log, and
post the log at one of the many sites that support HJT, such as
spywarewarrior.com, bleepingcomputer.com, and temerc.com -- but not
here. Within a day, sometimes within an hour, you'll have one-on-one
step-by-step advice from a security expert on cleaning up any
infestations—or you'll have a clean bill of health from the volunteer
expert.
Even the best detection and removal software can't fix every malware
infection. If none of the above remove the infection, you may want to
show the computer to a professional.
---
Leonard Grey
Errare Humanum Est
Security Tips for Everyone, from PC Magazine
http://www.pcmag.com/article2/0,2817,2334856,00.asp
K
Kayman
Clear the (IE) temporary Internet files and the history cache.
Click Start==>Run... then type (or copy/paste) "inetcpl.cpl" (w/out
quotation marks) into the box, then click the 'OK' button.
In Internet Properties panel 'General' tab, under 'Browsing history', click
'Delete...'button, in 'Delete Browsing History' panel, click the 'Delete
all...'button then place a checkmark into the box beside 'Also delete files
and settings stored by add-ons', Click 'Yes' and exit the Internet
Properties panel by clicking the 'OK' button.
Clean HDD
Click Start==>Run... then type (or copy/paste) "cleanmgr" (w/out quotation
marks into the box, then click the 'OK' button. Select your drive
(presumably WinXP (C
and click OK.There aren't any 'good' on-line scanners out there! On-line scanners are
the most unsafe and next to useless. Because by the time you've started
your infected Windows and connected to the
Internet via this infected code base, and start to look for scanning sites
through infected DNS, you are almost certain to have the malware
perfectly positioned to overrule your attempts to clean it.
What happens if active malware is found? Don't expect that the on-line
scanner will do anything about it. Most of them are just just marketing
tools for selling you their products. Quite often, malware removal on the
NT based OS (Win 2K and XP) is far from easy. Sometimes a (good) resident
AV can deal with it in Safe Mode.
Other reasons to stay away from on-line scanners are:
1. You have to use IE on very low security setting - ActiveX is required.
2. Many users will lower security in the Internet Zone to use the service
and then forget to set the Internet Zone back to highest possible security
- which is the only way that IE should be set.
3.Scanning should be performed while off-line.
David H. Lipman's Multi-AV and some other 'stand-alone' AV tools are
*impressively better and safer*, because you don't have to be on-line to
use them (they have no dependencies on using a web browser to perform their
function), and they also can be used in Safe Mode.
Download David's MULTI_AV.EXE directly:
http://www.pctip.ch/ds/28400/28470/Multi_AV.exe
Additional Instructions:
http://pcdid.com/Multi_AV.htm
Other quality Standalone Malware Scanners are:
Kaspersky® AVPTool
http://avptool.virusinfo.info/en/
Direct:
http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/
--and--
Dr.Web CureIt!® Utility - FREE
http://www.freedrweb.com/cureit/
--and--
Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
--and--
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
NOTE:
Multi-AV, Kaspersky® Virus Removal Tool, Dr.Web CureIt!® and the free
version of Malwarebytes© and SuperAntispyware are not capable for real-time
protection of your computer.
Kaspersky® AVPTool, Dr.Web CureIt!® have no update feature (so they don't
turn into full blown scanners). As soon as your computer is cleaned you are
supposed to remove these tools from your operating system.
Re: K/AVPTool; To uninstall/move this program 'enable self-defense' must be
unchecked!
After the software is updated, it is suggested scanning the system in Safe
Mode (this does not apply to MBAM).
How do you boot to Safe Mode?
By pressing/tabbing F8 (or F5 on some keyboards) during re-boot.
A description of the Safe Mode Boot options in Windows XP
http://support.microsoft.com/default.aspx?scid=315222
Start your computer in safe mode (Vista)
http://windowshelp.microsoft.com/Windows/en-us/help/323ef48f-7b93-4079-a48a-5c58eec904a11033.mspx
http://www.bleepingcomputer.com/tutorials/tutorial61.html
Alternatively:
Click Start==>Run... then type (or copy/paste) "msconfig" (without
quotation marks), click OK. Then click onto BOOT.INI tab and 'check'
/SAFEBOOT then OK and click Restart. To go back to Normal Mode, you must
access the System Configuration utility again and click the General tab
then click/check the radio button 'Normal Startup'- load all device drivers
and services'.
Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
Please, do not post HJT logs to this newsgroup.
Fora where you can get expert advice for HiJack This! (HJT) logs.
http://www.thespykiller.co.uk/index.php?board=3.0
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.tomcoyote.org/index.php?showforum=27
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29
NOTE:
Registration is required in any of the above mentioned fora before posting
a HJT log and read the 'stickies' (instructions/guidelines) for the
respective HJT forum.
Good luck
- Status