NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  
February 13, 2012, 10:48:56 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: SMF - Just Installed!
 
   Home   Help Search Login Register  

Remove Keyloggers


AddThis Social Bookmark Button AddThis Feed Button
Pages: [1]
« previous next »
  Print  
Author Topic: Remove Keyloggers  (Read 3122 times)
brunix
Newbie
*
Posts: 1


View Profile
« on: July 08, 2009, 12:17:44 PM »
Hello everyone! A real N00b here Smiley

I am curious to know what software you guys recommend for removing and detecting keyloggers? Recently I've had a suspicion that someone I know may have put a legal keylogger on my computer.

I've heard that most scanners do not detect key loggers because it's legitimate software? Is this true?

I've looked at the following products:
1) Spy Reveal - http://www.spyreveal.com/
2) SpyWare Doctor - http://www.pctools.com/
3) Privacy Keyboard- http://www.privacykeyboard.com/

Privacy keyboard looks cool, but it looks like you can't actually scan your computer it more or less encrypts your keyboard. SpyReveal looks like it has the biggest database, but can't find much information on it.  And SpyWare Doctor looks like it's the most reputable but not sure how big of a focus they have on keyloggers.

Any feedback would be appreciated, or suggestions to other scanners.
Logged
rodi
Administrator
Newbie
*****
Posts: 245


View Profile
« Reply #1 on: July 09, 2009, 12:17:30 AM »
Hi brunix,

yes, that's true. Some scanners may not find keyloggers, because it is legitimate software. If you think that there is a keylogger installed on your computer, I recommend you to use Trend Micro HijackThis tool which will display all running processes:

http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

You may post your HijackThis log here, we will check it.

However, it might be that HijackThis won't find dome Start Up entries, in such case download Spybot - Search & Destroy from:

http://www.safer-networking.org/en/home/index.html

Spybot S&D has most of the well known keyloggers in its database, so it is a great chance that Spybot will detect key logging software (both legitimate and malicious)

As for Spyware Doctor, it may not detect some keyloggers, especially if it's legitimate software.

Good luck
Logged
Eddie
Newbie
*
Posts: 4


View Profile
« Reply #2 on: March 01, 2010, 12:41:26 AM »
Depends if the keylogger is FUD or not. Try using spybot s&d.
Logged
kristain
Newbie
*
Posts: 29


View Profile
« Reply #3 on: July 05, 2010, 09:30:55 PM »
Most keyloggers work in the same manner as the computer viruses and therefore can be found and removed with the help of effective antivirus products like Symantec Norton AntiVirus, Kaspersky Anti-Virus, McAfee VirusScan, eTrust EZ Antivirus, Panda Titanium Antivirus, AVG Anti-Virus. Some advanced spyware removers, which are able to scan the system in a similar way antivirus software does and have extensive parasite signature databases can also detect and remove keyloggers and related components. Powerful anti-spyware solutions such as Microsoft AntiSpyware Beta, Spyware Doctor, Ad-Aware SE, SpyHunter, eTrust PestPatrol or Spybot - Search & Destroy are well-known for perfect keylogger detection and removal capabilities.

In some cases even an antivirus or spyware remover can fail to get rid of a particular keylogger. That is why there are Internet resources such as 2-Spyware.com, which provide manual malware removal instructions. These instructions allow the user to manually delete all the files, directories, registry entries and other objects that belong to a parasite. However, manual removal requires fair system knowledge and therefore can be a quite difficult and tedious task for novices.
Logged
whitaker
Newbie
*
Posts: 1


View Profile
« Reply #4 on: July 16, 2011, 09:52:11 AM »
Hi

I have downloaded the hijackThis software.  Would someone be able to check the file as suggested?  Thanks

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:30:47, on 2011-07-16
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program\Glocalnet\Glocalnet Mobilt Bredband\GtDetectSc.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\CNAC4RPK.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program\Glocalnet\Glocalnet Mobilt Bredband\Glocalnet Mobilt Bredband.exe
C:\Program\Com Hem\Com Hem\AutoUpdateSrv.exe
C:\Program\Windows Desktop Search\WindowsSearch.exe
C:\Användare\Marit\Application Data\Dropbox\bin\Dropbox.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
C:\Program\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\lxcfcoms.exe
C:\Program\Com Hem\Com Hem\Wilog.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BroadcomWireless] C:\Program\Broadcom\Wireless\Utility\WlanUtil.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSC] "c:\Program\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\Program\DELADE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\Program\DELADE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Dropbox.lnk = ?
O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Glocalnet Mobilt Bredband.lnk = C:\Program\Glocalnet\Glocalnet Mobilt Bredband\Glocalnet Mobilt Bredband.exe
O4 - Global Startup: Uppdateringsagent.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Skicka till &Bluetooth-enhet... - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1291548190192
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C5220D7-1B17-4A34-B004-DD01D0E6C1D4}: NameServer = 80.251.201.177 80.251.201.178
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C5220D7-1B17-4A34-B004-DD01D0E6C1D4}: NameServer = 80.251.201.177 80.251.201.178
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GtDetectSc - OptionNV - C:\Program\Glocalnet\Glocalnet Mobilt Bredband\GtDetectSc.exe
O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe
O23 - Service: Tjänsten Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: lxcf_device -   - C:\WINDOWS\system32\lxcfcoms.exe

--
End of file - 9031 bytes
Logged
Famine25
Newbie
*
Posts: 2


View Profile Email
« Reply #5 on: November 14, 2011, 07:27:21 AM »
Exclusiveness keyboard looks unemotional, but it looks equivalent you can't actually skim your computer it more or less encrypts your keyboard. SpyReveal looks equivalent it has the biggest database, but can't feel such content on it.  And Spy Ware Adulterate looks suchlike it's the most prestigious but not trustworthy how big of a engrossment they acquire on key loggers.
Logged
Computer Store
Online Computer Store
Pages: [1]
  Print  
« previous next »
 
Jump to:  




Recommended software:
STOPzilla
(90/100)
STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses,...
Malwarebytes Anti Malware
(88/100)
There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t...
Spyware Doctor
(87/100)
Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and...
SpyHunter
(86/100)
SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are...
XoftSpySE Anti Spyware
(84/100)
XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to...
Encyclopedia of parasites:

Spreading the knowledge:

It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.
add text box
rss feed
help other
Latest Spyware Threats: Internet Security 2012 | Win 7 Total security 2012 | System Check | Win 7 Internet Security 2012 | Win 7 Home Security 2012 | Win 7 Antivirus 2012 | Win 7 Antispyware 2012 | Vista Security 2012 | Vista Antivirus 2012 | Vista Antispyware 2012 | XP Antispyware 2012 | XP Antivirus 2012 | XP Security 2012 | XP Home Security 2012 | Security Shield
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2011 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.