Post new topic   Reply to topic    Steadfast Forum Index -> Public Discussion
View previous topic :: View next topic  
Hunter Angellis
Champion

user avatar

Joined: 03 Jul 2008
Posts: 858

Send private message
Reply with quote

re: Keyloggers and How to Get Rid of Them.

This is something I found awhile back on the world of warcraft official forums. I was plagued with keyloggers to the point my account was getting banned several times a week. It seemed no matter what scan I ran it never fully took care of the problem. These steps helped me enormously and only took 3 hours which was largely unattended! Beats doing a complete reformat.

    These steps are very long and laborious. Unfortunately such steps are necessary when removing malware.

    Read through all the instructions at least once BEFORE following each step completely and carefully. If necessary , you may wish to save these instructions to a text file and print them out.

    ****Make sure you are logged in as Administrator on your system previous to any and all of the following.****

    MAKE SURE TO HAVE SYSTEM RESTORE DISABLED WHEN DOING A VIRUS SCAN AND/OR MALWARE REMOVAL. Many, many , many viruses ( or virii. LOL!) will hide in your restore files.

    Steps to turn off System Restore in Windows XP:
    Right click My Computer
    Click Properties.
    In the System Properties dialog box, click the System Restore tab.
    Select Turn off System Restore on all drives check box.
    Click OK.

    When you receive the following message, click Yes to confirm that you want to turn off System Restore:
    You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted,and you will not be able to track or undo changes to your computer.

    Do you want to turn off System Restore?
    After a few moments, the System Properties dialog box closes.

    Steps to turn off System Restore in Windows Vista:
    Open System by clicking the Start button Picture of the Start button, clicking Control Panel, clicking
    System and Maintenance, and then clicking System.

    In the left pane, click System Protection. Administrator permission required If you are prompted for an
    administrator password or confirmation, type the password or provide confirmation.

    To turn off System Protection for a hard disk, unselect the check box next to the disk(s).
    A Prompt Screen will appear asking you if you wish to disable system restore.
    Do so.
    Press Apply.

    This **MAY** take several minutes.

    ***********************************************************************************************************
    All of the following programs are Freeware. If you wish, after reading through one time, you can
    download all them and THEN follow the subsequent steps. Please make sure to follow the steps in order though.

    First step is to remove all temporary files:
    http://www.stevengould.org/software/cleanup/
    Or a direct link:
    http://www.stevengould.org/index.php?option=com_content&task=view&id=28&Itemid=70
    CleanUp!, is a quick and easy way to delete temporary files from your system. Simply deleting these temp files may clear some infections, and will make running the following scans faster.
    Install and run. Click on the button labeled CleanUp!.
    When it finishes it will prompt you to restart Windows - there will be one or two files it cannot delete when Windows is running - however, they will be deleted next time Windows starts up.

    Please download Malwarebytes' Anti-Malware to your desktop.
    http://www.malwarebytes.org/mbam.php

    Double-click mbam-setup.exe and follow the prompts to install the program.
    At the end, be sure a checkmark is placed next to

    Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware

    Then click Finish.
    If an update is found, it will download and install the latest version.

    Once the program has loaded, select Perform full scan, then click Scan.
    When the scan is complete, click OK, then Show Results to view the results.
    Be sure that everything is checked, and click Remove Selected.
    Exit the Program

    Download and run the Malicious Software Removal Tool from MicroSoft.

    http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

    Click Download then you must accept the Microsoft Software License Terms. The license terms are only
    displayed for the first time that you access Automatic Updates.

    Dowload and install the latest version of Spybot Search and Destroy from here:
    http://www.safer-networking.org/en/download/index.html

    Start Spybot and select Update, Search For Updates, check the box next to each update and then select
    Download Updates. Next, select Search and Destroy, Check for problems and after scanning is complete, Fix selected problems. Finally, select Immunize and then the Immunize button to block common Spyware programs from installing.
    Exit the Program

    Next run Ad-Aware:
    http://www.download.com/Ad-Aware-2007/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5&cdlPid=10837062

    Install the program and launch it.
    Exit the Program when finished.

    Please download and install SmitFraudfix.
    See here:
    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

    You MUST be logged in on your computer as the Admin to download and use this.
    Download it to desktop
    Reboot in Safe Mode -F8
    Double-click smitfraudfix.exe
    Select 2 and hit Enter to delete infect files.
    You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove
    the Desktop background and clean registry keys associated with the infection.
    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
    A reboot may be needed to finish the cleaning process.

    Delete SmitFraudfix.
    Empty the Recycle bin.

    Then run your UPDATED Anti Virus program of choice. I'm not going to start a thread war over
    which is better. Blizzard lists some free ones in their Support Pages and stickies if you do not already
    have one. MAKE SURE TO HAVE SYSTEM RESTORE DISABLED WHEN DOING A VIRUS SCAN. Many, many , many viruses ( or virii. LOL!) will hide in your restore files.

    Now do a Scan Disc and Defrag of your system. They are listed under System Tools in your Start Menu.
    I recommend that you disable all programs running in the background prior to defragging. Including
    disabling your internet connection. Usually you can right click and exit the programs that run in the Notification area of your task bar. Next to the clock.
    If you do not have your Internet Icon there please use the following method:
    Windows XP:
    Start
    Control Panel
    Network Connections
    See the Icon that says "Local Area Connection"?
    Right click and chose disable

    Windows Vista:
    Start
    Control Panel
    Network and Sharing Center
    View Status
    Disable

    Defrag your system and reboot your computer.
    You will need to re-enable your Local Area Connection after reboot.
    Windows XP:
    Start
    Control Panel
    Network Connections
    See the Icon that says "Local Area Connection"?
    Right click and chose enable

    Windows Vista:
    Start
    Control Panel
    Network and Sharing Center
    View Status
    Enable

    One last thing to do is to visit http://windowsupdate.microsoft.com/
    and make sure you have all the recent security updates.


Let me also mention: Buy a Blizzard Authenticator the first chance you get!


_________________
Darren Tereos
Guardian - Charter Master

user avatar

Joined: 14 Jul 2008
Posts: 1520

Send private message
Reply with quote

re: Keyloggers and How to Get Rid of Them.

This is important information and, even if you've not had yourself hacked, it's not a bad idea to do this every once and a while.

Also: Get an Authenticator. Yes there are cases where people have been hacked while owning an Authenticator, but having one dramatically reduces the risk of your account farming in Hellfire Ramparts, advertising gold selling sites in trade, or being used to spell names of sites out of corpses in Orgrimmar.

Buy an Authenticator
Download the mobile Authenticator


_________________
/join SteadfastRP
/join Watchtower
Baranthore
Cathrinia
Champion

user avatar

Joined: 03 Jun 2010
Posts: 182

Send private message
Reply with quote

re: Keyloggers and How to Get Rid of Them.

bump
Darren Tereos
Guardian - Charter Master

user avatar

Joined: 14 Jul 2008
Posts: 1520

Send private message
Reply with quote

re: Keyloggers and How to Get Rid of Them.

And a video guide from the Blizzard EU:



_________________
/join SteadfastRP
/join Watchtower
Posts from:   
Post new topic   Reply to topic    Steadfast Forum Index -> Public Discussion All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
 
 
Who's Online
None