How to CLEAN your PC from Keyloggers

By
Wildchild
October 17, 2009Posted in: Guide

Account security is a major concern for all wow players, some are more conscious then others, but each day there are hundreds of compromised accounts. This guide is written by Magekíd of Turalyon on wow-europe forums and approved by a blue poster. We edited it a bit, and with the screen shots visible, it should be easier to read and perform the actions. Feel free to check out the original forum post by clicking on the link.

Quote from: Vaneras

Blue tagged as well :-)

This should be very useful for those who were looking for attractive legs ;-)

(Source)

Hijackthis is a utility tool (not a scanner),  for any user who needs to root out a serious malware infestation. It shows both malicious rules, and LEGIT rules. Do not fix rules in Hijackthis yourself! Use it with caution.

You can find a list of forums that are qualified to look at your Hijackthis log here:

http://asap.maddoktor2.com

In addition, here is a list of forums where you can post your hijackthis logs. – If you know any others, please let me know in a comment/reply!

Dutch/Belgium:

http://www.hijackthis.nl/forum
http://www.minatica.be/forum.php
http://www.antispywareoffensief.nl/forum/

English:

http://www.spywareinfoforum.com/
http://forums.techguy.org/
http://www.techsupportforum.com/

Before posting a Hijackthis log, you need to follow ALL the steps from the guide. It is a lot of work, but it’s necessary. It helps people on the forums to help YOU. So, keep it clean.

Note: Vista Users must run installations and the downloaded programs as Administrator.

You can do this by right-clicking the program and select Run as Administrator (you must use this for every program we use here)

1. Download ATF Cleaner here – and save it somewhere (Desktop for example)

  • Start ATF Cleaner and check everything except “Prefetch” at the tab “Main”. Then press “Empty Selected”

atfcleaner

  • If you use Firefox as your browser, go to the Firefox tab and check everything except “Firefox Saved passwords”. Then press “Empty Selected”
  • If you use Opera as your browser, go to the Opera tab and check everything except “Saved Passwords”. Then press Empty Selected.

2. Download Ad-aware 2008 Free from lavasoft.com or from download.com – and install it. If you get an license note during the installation, press Use Free After the installation, start Ad-Aware and press Update.

adaware2008

  • When updating finishes, press Scan and do a Full system scan.
  • When the scanning is completed, You’ll see two tabs with infected objects. The first tab contains Critical Objects and the second tab Privacy Objects Check everything at both tabs and press Remove.
  • At the top of both tabs you see a number which says the amount of infections found. Please wait until both numbers say “0″ and then press Complete.

adaware2008scanningcomplete

Close Ad-Aware

3. Download Spybot Search & Destroy here: – and install it. During the installation, uncheck “Use Internet Explorer protection (SDHelper)” and “Use system settings Protection (TeaTimer)”

  • When the installation is completed, start Spybot S&D and press OK at the notice you get about Ad-Aware.
  • It may also notify you about deleting temporary files. Just select yes
  • Follow the Wizard, and when the wizard is done press Update in Spybot. Search for updates, check all available updates and install the updates.
  • After that press the Immunize tab and Immunize your system. When the Immunization is done, press the Search & Destroy tab and start scanning your computer.

spybotsearchanddestroy

  • When Spybot S&D is done scanning. Check all found objects and press Fix Selected Problems.
  • If Spybot S&D cannot delete all found objects, it will ask if it can scan at the next reboot to fix the problems. Press Yes.

  • Now close Spybot S&D.

4. Download MBAM (MalwareBytes’ Anti-Malware) here: – and install it.

  • Make sure that  Update MalwareBytes’ Anti-Malware and Start MalwareBytes’ Anti-Malware  options are checked at the end of installation.

  • When MBAM is started. Go to the Scanner tab and do a Full scan.

  • Once MBAM is done scanning, press Show Results and make sure all found objects are selected. After that press Remove Selected.
  • When MBAM is done deleting objects a logfile will open. You can close this logfile.
  • The Logfile will automatically be saved at the Logs tab in MBAM.
  • If MBAM found objects that can’t be deleted, it will ask to reboot your computer. Allow this and restart your computer.

4. If you didn’t restart your computer after running MBAM, restart it now anyway.

5. Do a full system scan with your virus scanner and remove all found infections.
If you do not have a virus scanner, you can scan online with one of these scanners. (Use Internet Explorer to scan)

BitDefender: http://www.bitdefender.com/scan8/ie.html
Panda:http://www.pandasoftware.com
Kaspersky: http://www.kaspersky.nl/scanner

  • Remove all infections found.

6. Restart your computer.

7. Download Hijackthis here: and install it. After the installation Hijackthis will open. Press Do a systemscan and save a logfile.

  • A notepad file will open.  In the Notepad file, press CTRL + A to select everything, CTRL + C to Copy everything. Then press CTRL + V in a new topic at the forum you want to post the log.
  • Also paste the MBAM log on the forum you place the Hijackthis logfile.

Many thanks for reading, if you have questions or problems, please ask :)

Also: Please note: Doing this all, is NOT A GUARANTEE your computer is not infected. There is no scanner that has a 100% detection rate.

- Magekid

————————————————————————————————-

And advice from WoW-track:

:::> Use Both Anti Virus and Firewall. <:::

Also, try Firefox with an addon called NoScript. (Better safe then sorry)
Feel free to post comments, your experiences and, report broken links if you find any.

Stay safe.

Tags: , , , , ,