Malicious Software Removal (in Off-topic)

I recently got hit with a keylogger in one of my WoW add-ons from curse.(Or at least that is what I think, considering I don't share my password, and I don't fall for phishing) Lost pretty everything in-game.

I was wondering what programs would be proficient in cleaning this thing from my system. I'm running Windows 7, and 'Microsoft Security Essentials'

:( sad panda, losing WoW stuff sucks.
If you're looking for free options, try AVG.

One word: Authenticator.

Switching your AV program won't help you. I recommend reading a few security guides. Don't download anything from suspicious sources and start it asap.

Malwarebytes Anti-Malware 1.46 or Adware windows 7 would probably do the trick but I can't promise anything since I have never acquired a key logger. Or you could try a few other things they have on download.com.

Anti-virus Free Avast! - www.avast.com Microsoft Security essentials - www.microsoft.com/Security_essentials Comodo - antivirus.comodo.com AVG - From download.cnet.com. Avira (Shows an ad) - From download.cnet.com. ClamWin - www.clamwin.com Paid Kaspersky - www.kaspersky.com NOD32 - www.eset.com Bitdefender - www.bitdefender.com F-Secure - www.f-secure.com Trend Micro - www.trendmicro.com Spyware scanner Free MalwareBytes - www.malwarebytes.org SUPERAntiSpyware - www.superantispyware.com Spybot S&D - www.safer-networking.org AdAware - www.lavasoft.com Good luck... (dam keyloggers...)

My vote is for AVG. The free version if great and will do most anything you need. But, the best thing in the world you can ever use is common sense and a little education about what you download and do online.

Guys, he already has an anti-virus program.

You can either wait until this keylogger reaches the detection libraries or you can try to nuke it yourself. If you're comfortable screwing with your computer, I suggest "HijackThis!"

hijack this would be the best way to determine if it was a logger.

I've ran several scans online, BitDefender's online scan, Trend Micro's housecall scan, I've installed Hijack this, and generated a log file, but don't know how to decipher it. Downloaded malwarebytes, still can't find anything.

The most frustrating thing is that it's Tuesday so the WoW servers are down, so I have to sit here for 4-5 more hours before I get the pleasure of calling their customer service in hopes of getting this situation taken care of. This sucks lol.

It's funny to me because I'm not like some hardcore player or anything, they maybe got all in all like 100g off of me, and that's from selling gear >_<. ./fail

i think you just post your hijack log in the hijack this forums and someone will help you.

bleepingcomputer.com has the best tools being used by the best folks as far as help forums go

It's a long and involved process, if you spend the time to go through it with them you'll come out knowing something. However if you're like most people you should likely just reformat and reinstall, make sure you read up on how to nuke MBR based viri though.

^that's the place to post your log as instructed here:

http://www.bleepingcomputer.com/tutorials/tutorial94.html

MSE is certainly an awesome program, however having a second file scanner (not real time protection) wouldn't be a bad idea.

http://www.clamwin.com/

Also helpful is doing a scan with the operating system out of the way

http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk10/
The above is an ISO file, you'll want to burn it to a disk and boot from it. Once booted you'll need to update the def files and run a scan. If it can't detect your network card it may fail to update.

A quick note on that:

If it tries to run from safe mode, and you have a monitor running off of your graphics card, you'll lose your monitor as you won't have a graphics driver enabled. Expect to swap it over to the motherboard if applicable.

It's normally not a problem, but my old crappy MB doesn't have the proper connection. Thanks, Dell!

SAS usually gets rid of keyloggers.

good point Titan, superantispyware and malwarebytes are both must run applications for almost any infected machine

So you think you have a keylogger, but you don't know which one. You assume that simply because your account was hacked. Methinks you need a little more information gathering.

true, could be someone snooping the network you're on...
isn't cleartext authentication wonderful!

I use www.hijackthis.de for quick analyzation. Copy and paste the log file from the hijackthis scan into the text box to analyze. You should check up on everything that's not a green check.

Bummer :( Getting rid of of a keylogger if it is a good one isn't easy. Getting the 2-factor authenticator for WoW will fix WoW but it won't fix anything else you have a username/password authentication for. I'm not active anymore or I'd spot you what you lost :(

That wouldn't be the first keylogger from an add-on sadly enough. With the value of even unused accounts going for $10 each hackers are very focused on them as a target.

Your best bet would be to backup critical files and re-install your OS. I know this sucks but it is the safest route.