How to detect and remove keylogger from my PC

[garg.divya]

Hi,
I think i have a key logger installed in my system. I ran key log detector on my system and it gave warning that there might be some malicious programs running on the system.
please help me remove the keylogger.

 

[Kazi]

* Please download SuperAntiSpyware from https://www.techspot.com/downloads/2695-superantispyware.html
* Launch SuperAntiSpyware and click on 'Check for updates'.
* Wait for the updates to be installed
* On the main screen click on 'Scan your computer'.
* Check: 'Perform Complete Scan then Click 'Next' to start the scan.
* Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
* Make sure everything found has a checkmark next to it,then press 'Next'.
* Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Attach the notepad file here on your reply


you can try Keyscrambler to protect yourselve from keylogging itself

http://www.qfxsoftware.com/

 

[garg.divya]

Hi,

I have attached my Super Antispyware log and Malware Bytes' anti-malware log for you.
Please check and suggest the needful.

 

[Kazi]

Download HJT http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

When download is completed run and install

Then double click the new executable and press on "Do a system scan and save a log file"

This log file is saved to the folder you installed HJT

In your next post. attach the Hijackthis log

to know how to attach go to this link https://www.techspot.com/vb/topic19133.html

 

[aquamarine2164]

Trying to detect and remove keylogger & remote user

Kazi:

When I go to shut down my computer, I get a dialogue box that says that "there is another user logged onto my computer and if I shut down it will cause them to lose work", etc. (This is my home computer.) It happens most times I go to shut down. So after reading your post about keylogging, I ran SUPERAntispyware. I've attached the log. I am hoping that you can look at it to see if maybe someone else is on my computer. There is a very real possibility that someone is spying remotely. How can I shut that down? Also, is it possible for someone to download "invisible" keylogging software onto my computer remotely or would they have to be at my computer to do it and can I take it off? I would appreciate any help you could give to take steps to insure this invasion of privacy ends. Not sure what to do next. I've tried everthing I know.

Thank you for your help.

 

[Kazi]

aquamarine:
Please make your own thread and try not to answer in somebody elses post however i'll try to help you
It is possible for people to download Keylogging software to your computer.
However to do this, they have to be able to have a semi like control over you (know your ip address and can hack you easily)
Most of the times, trojans download keylogging software to your computer.
For you and the starter of this thread please run Malwarebytes

* Please download Malwarebytes' Anti-Malware from from https://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to
o Update Malwarebytes' Anti-Malware
o and Launch Malwarebytes' Anti-Malware
* then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. please attach this log with your reply
o If you accidently close it, the log file is saved here and will be named like this:
o C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

If you are absolutely SURE you aren't infected by backdoor trojans try http://qfxsoftware.com/ for there program called keyscrambler

If you are infected by trojans read this thread https://www.techspot.com/vb/topic65943.html

 

[garg.divya]

Hi,
I have attached my hijack this log for you.. please see.

 

[dronc0der]

Spyware on my PC I Need HELP http://www.speedyshare.com/519377466.htm

I just check my Pc with you software....Thankks for tit I just ana know if this info i attached to know if ma PC is safe...

 

[Kazi]

Garg

Before malwarebyte tell me why you think you have a keylogger because the program you used in the beginning. I have no idea what it is

Also you have bittorrent, Know that this software WILL bring malicious programs to your computer. Once you know this, the decision to uninstall or continue using it is up to you. When visiting torrent sites, make SURE you read the comments before downloading

* Please download Malwarebytes' Anti-Malware from https://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to
o Update Malwarebytes' Anti-Malware
o and Launch Malwarebytes' Anti-Malware
* then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. please attach this log with your reply
o If you accidently close it, the log file is saved here and will be named like this:
o C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

After that is done
Remove these from Hijackthis

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3753E987-9B6D-4AD5-8BCB-DCE6C66C4B0B}: NameServer = 202.56.215.54,202.56.215.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{3753E987-9B6D-4AD5-8BCB-DCE6C66C4B0B}: NameServer = 202.56.215.54,202.56.215.55
O17 - HKLM\System\CS2\Services\Tcpip\..\{3753E987-9B6D-4AD5-8BCB-DCE6C66C4B0B}: NameServer = 202.56.215.54,202.56.215.55
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.aajtak.com/wfplayer/tdserver.cab

And Confirm these, do not remove them yet

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activatemydsl.airtelbroadband.in/AirtelDSL/dslchoice/html/downloads/tgctlcm.cab

dronc0der

I am not gonna help anyone else but the creator of this thread.
Make a thread if you have a problem.
Tools someone suggest have different outcomes then to the one who has a problem