Malicious Software Removal (in Off-topic)


{Wookie}-Jir.Vr- July 6 2010 3:35 AM EDT

I recently got hit with a keylogger in one of my WoW add-ons from curse.(Or at least that is what I think, considering I don't share my password, and I don't fall for phishing) Lost pretty everything in-game.

I was wondering what programs would be proficient in cleaning this thing from my system. I'm running Windows 7, and 'Microsoft Security Essentials'

Womp July 6 2010 3:49 AM EDT

:( sad panda, losing WoW stuff sucks.
If you're looking for free options, try AVG.

TheShazbot July 6 2010 4:08 AM EDT

One word: Authenticator.

PoisoN July 6 2010 4:59 AM EDT

Switching your AV program won't help you. I recommend reading a few security guides. Don't download anything from suspicious sources and start it asap.

Eliteofdelete [Battle Royale] July 6 2010 5:42 AM EDT

Malwarebytes Anti-Malware 1.46 or Adware windows 7 would probably do the trick but I can't promise anything since I have never acquired a key logger. Or you could try a few other things they have on download.com.

Phoenix [The Forgehood] July 6 2010 8:00 AM EDT

Anti-virus Free Avast! - www.avast.com Microsoft Security essentials - www.microsoft.com/Security_essentials Comodo - antivirus.comodo.com AVG - From download.cnet.com. Avira (Shows an ad) - From download.cnet.com. ClamWin - www.clamwin.com Paid Kaspersky - www.kaspersky.com NOD32 - www.eset.com Bitdefender - www.bitdefender.com F-Secure - www.f-secure.com Trend Micro - www.trendmicro.com Spyware scanner Free MalwareBytes - www.malwarebytes.org SUPERAntiSpyware - www.superantispyware.com Spybot S&D - www.safer-networking.org AdAware - www.lavasoft.com Good luck... (dam keyloggers...)

Ankou July 6 2010 8:44 AM EDT

My vote is for AVG. The free version if great and will do most anything you need. But, the best thing in the world you can ever use is common sense and a little education about what you download and do online.

Demigod July 6 2010 9:09 AM EDT

Guys, he already has an anti-virus program.

You can either wait until this keylogger reaches the detection libraries or you can try to nuke it yourself. If you're comfortable screwing with your computer, I suggest "HijackThis!"

Admindudemus [jabberwocky] July 6 2010 9:43 AM EDT

hijack this would be the best way to determine if it was a logger.

{Wookie}-Jir.Vr- July 6 2010 10:34 AM EDT

I've ran several scans online, BitDefender's online scan, Trend Micro's housecall scan, I've installed Hijack this, and generated a log file, but don't know how to decipher it. Downloaded malwarebytes, still can't find anything.

The most frustrating thing is that it's Tuesday so the WoW servers are down, so I have to sit here for 4-5 more hours before I get the pleasure of calling their customer service in hopes of getting this situation taken care of. This sucks lol.

{Wookie}-Jir.Vr- July 6 2010 10:44 AM EDT

It's funny to me because I'm not like some hardcore player or anything, they maybe got all in all like 100g off of me, and that's from selling gear >_<. ./fail

Admindudemus [jabberwocky] July 6 2010 10:48 AM EDT

i think you just post your hijack log in the hijack this forums and someone will help you.

AdminQBnovice [Cult of the Valaraukar] July 6 2010 10:52 AM EDT

bleepingcomputer.com has the best tools being used by the best folks as far as help forums go

It's a long and involved process, if you spend the time to go through it with them you'll come out knowing something. However if you're like most people you should likely just reformat and reinstall, make sure you read up on how to nuke MBR based viri though.

Admindudemus [jabberwocky] July 6 2010 11:06 AM EDT

^that's the place to post your log as instructed here:

http://www.bleepingcomputer.com/tutorials/tutorial94.html

AdminQBnovice [Cult of the Valaraukar] July 6 2010 12:34 PM EDT

MSE is certainly an awesome program, however having a second file scanner (not real time protection) wouldn't be a bad idea.

http://www.clamwin.com/

Also helpful is doing a scan with the operating system out of the way

http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk10/
The above is an ISO file, you'll want to burn it to a disk and boot from it. Once booted you'll need to update the def files and run a scan. If it can't detect your network card it may fail to update.

Demigod July 6 2010 1:00 PM EDT

A quick note on that:

If it tries to run from safe mode, and you have a monitor running off of your graphics card, you'll lose your monitor as you won't have a graphics driver enabled. Expect to swap it over to the motherboard if applicable.

It's normally not a problem, but my old crappy MB doesn't have the proper connection. Thanks, Dell!

AdminTitan [The Sky Forge] July 6 2010 1:06 PM EDT

SAS usually gets rid of keyloggers.

AdminQBnovice [Cult of the Valaraukar] July 6 2010 1:18 PM EDT

good point Titan, superantispyware and malwarebytes are both must run applications for almost any infected machine

AdminNightStrike July 6 2010 2:22 PM EDT

So you think you have a keylogger, but you don't know which one. You assume that simply because your account was hacked. Methinks you need a little more information gathering.

AdminQBnovice [Cult of the Valaraukar] July 6 2010 2:28 PM EDT

true, could be someone snooping the network you're on...
isn't cleartext authentication wonderful!

Phoenix [The Forgehood] July 6 2010 8:17 PM EDT

I use www.hijackthis.de for quick analyzation. Copy and paste the log file from the hijackthis scan into the text box to analyze. You should check up on everything that's not a green check.

moskel July 6 2010 8:33 PM EDT

Bummer :( Getting rid of of a keylogger if it is a good one isn't easy. Getting the 2-factor authenticator for WoW will fix WoW but it won't fix anything else you have a username/password authentication for. I'm not active anymore or I'd spot you what you lost :(

That wouldn't be the first keylogger from an add-on sadly enough. With the value of even unused accounts going for $10 each hackers are very focused on them as a target.

Your best bet would be to backup critical files and re-install your OS. I know this sucks but it is the safest route.
This thread is closed to new posts. However, you are welcome to reference it from a new thread; link this with the html <a href="/bboard/q-and-a-fetch-msg.tcl?msg_id=0034Dj">Malicious Software Removal</a>