Pixtus - Photography Forum, Photographers, Photo Tips

dbphotos · **Key logger help -** 04-07-2010, 10:09 PM

My son's computer obviously has a key logger infesting it. He plays WOW and has gotten hacked several times in the last 2 days after chaning his password to a very secure string of characters. I have ran a full scan with Mcafee and it hasn't found it. Is there a program that all of you IT gurus would recommend to isolate and delete a key logger?

Thanks!

dryicerx · 04-07-2010, 10:13 PM

Try StartupCPL to see and disable any startup programs that seem suspicious or unwanted, as one of them can be the (goes a bit beyond msconfig)

Another possibility is someone has access to his email, so change the password to those and also the associated security questions.

CaptainTom · 04-07-2010, 10:14 PM

Can he change his password without using the keyboard? This would eliminate any keystroke hacking.
He'd then have to sign in that way as well.

Windows has an on screen keyboard that would be mouse controlled. I don't know where it is, but I've heard that as a way to get around the key logging.

Rson · 04-07-2010, 10:22 PM

Hijackthis is great for that.....you can post the log here and we can dissect it

Nocturnus · 04-08-2010, 09:47 PM

Anytime I ever suspected I had a issue like that, I would just reinstall.

There is a free software out there that is like Norton Ghost. I'm going to start using this on my comptuers. Just install your OS, install all programs you want to have, then you run the software and it will clone your install. Then if you have a issue, you can just reimage your drive.

lscottpht · 04-08-2010, 09:48 PM

ugh, my ex put that on my old laptop. took awhile to get rid of it, and i dont remember exactly how we did it...sorry!

groovyone · 04-08-2010, 09:49 PM

MalwareBytes is my weapon of choice. It found a mess of stuff Norton missed. The scan software is FREE too.

Dobick · 04-08-2010, 10:19 PM

if you install malwarebytes, get it updated, and then reboot into safemode to run it it is very effective.

not sure if it will find keyloggers or not though.

Lots of keyloggers run very stealth. You may not be able to find it through conventional means.

If you have a large external disk to move important files and pictures over, you might consider very seriously reformatting and doing a reload. Might be the lesser of evils

ngoduyviet · 04-08-2010, 10:51 PM

Unfortunately it doesn't matter if you remove it. If your son plays WoW, you gotta tell him to stop downloading questionable / unknown plugins, and also not to buy / sell gold or virtual items online or from farmers. Those are the two main reason WoW players got keylogger on their computer. You can clean it, but it'll come right back.

BTW, McAfee & Norton are the two biggest waste of time. Get Avira, or Kaperski, or AVG and Malwarebyte, as well as what Rich suggested if you know what you are doing.

Best option is wipe it clean and reinstall WoW.

TxLerman · 04-09-2010, 07:54 AM

Quote:

Originally Posted by Nocturnus

Anytime I ever suspected I had a issue like that, I would just reinstall.

+1

This is a difficult situation. They only sure way to remove it, is to reformat the hard drive and then reinstall all of the software from the original disks. This can be a long painstaking process, but it will solve the problem.

Another potential problem is that if your son's computer is on a home network and his computer is connected to other computers on the network, then it is possible that those computers are infected as well. I hate to raise an alarm if un-necessary, but our firm has a digital forensics lab and we have run into this in the past with our clients' computers. I would make sure that your son's computer did not have the other harddrives mapped to it from other computers and/or network storage devices.

After you remove the problem software, remember to the best defense are passwords that are alpa-numeric strings, that use lower and upper case, letters and numbers and are at least 20 characters long. The advantage here is that a brute force attack would require a network of computers and years of time to crack the password.

In the future if you are going to play online games like WOW, I would set-up a dedicated gaming computer that is completley isolated from any other computer and is not used for any other purpose. Think of it as a gaming cut-out. If it is hacked, all they will find are games and no personal information.

Murph · 04-09-2010, 07:58 AM

Two things: AVAST Anti-Virus avast! - Download Free Antivirus Software or Internet Security and Spybot S&D The home of Spybot-S&D!

If not see above to reformat/reinstall.

Coogie · 04-09-2010, 09:18 AM

+1 for what David said. Only sure fire way is to wipe everything off your computer and reinstall everything again. It's a pain in the ass but if you have a keylogger, who knows what else is on that computer too.

TimmyTheTag · 04-09-2010, 10:39 AM

+1 for newest updates/versions of Malwarebytes and Avast.
-1 on SpyBot, Norton and Mcafee

I use them all the time at work and they are the only ones I have found that find more real things than anything else and less false ones also. Norton and Mcafee aren't what they used to be and have to much BS built into them. Plus, the ones mentioned are better programs and free. They will also help stop future problems as well.

dbphotos · 04-09-2010, 04:16 PM

Thanks guys I'm going to try the malware program several have recommended just to see if it finds it and then I'm going to reformat anyway. Its my son's computer and there is nothing important on it, so it will just take time.

kennyt · 04-09-2010, 05:39 PM

Get him a Blizzard Authenticator. Keyloggers wont matter then for the WoW account then. Also tell him after the reformat to not click on any links he receives ingame or by email. The gold farmers love to scam people that way

Pixtus - Photography Forum, Photographers, Photo Tips

Key logger help