Helping people with computers... one answer at a time.
Once a keylogger has control of your machine, it is very difficult to remove completely. Trying to do it without reformatting might be a long road.
I have an HP, AIO running Windows 7 as its operating system. I clicked on a link from what I thought was a trusted source, but got a hijacker/keylogger. I ran Malwarebytes and it said it was removed, but days later someone tried to steal my credit card number for a purchase while I was online. I ran a KL detector and it described all sorts of program changes in my Start menu and registry that said my keystrokes are being followed along with snapshots of my web pages. Without wiping clean the entire system, is there anything I can do to make sure my privacy is safe online once again?
In this excerpt from Answercast #46, I look at a machine that has a persistent keylogger. It's going to take some work to clean this machine up!
Unfortunately, the reality of this situation is that the answer is no.
One of the maxims of computer security is that:
Once your machine has been compromised;
Once you have malware that is known to have infected your machine;
It's not your machine anymore.
It's best thought of as the hacker's machine as the person who created the malware is now in control of your machine.
And that applies even if you think you've removed the malware. The fact is that, as you've seen, all anti-malware tools cannot remove all malware. So that means that:
Malware A, B, and C might be get removed by program 1;
But program 2 may actually only recognize B and C;
But also may be able to remove D.
It's just too complex. That's one of the reason we often suggest running more than one anti-malware tool.
I'm not sure what additional anti-malware tools you happen to be running. Malwarebytes is absolutely a good one and one that I recommend often. That's one approach:
If you can't stand the thought of reformatting and reinstalling your machine:
Go out and try several different additional anti-malware tools.
They don't have to be installed as services to run continuously.
What you're looking for are static and complete scans of your machine from several different products.
The other thing to do is to do a reboot from a live CD, or a standalone CD, that has anti-malware software on it. For example, Windows Defender Offline is effectively a version of Microsoft's Security Essentials that boots from CD. This is important because it allows the anti-malware software to scan and delete files that might not otherwise be deletable while Windows is running.
Those are the kinds of things that are the road that we go down, if you will, if you can't reformat and reinstall.
Given your situation, given what you've described, where you've already attempted to remove some malware and yet you still have malware that remains, I really, honestly, in your shoes would:
Backup the machine so that you don't lose any data,
Reinstall all of your applications,
And restore your data.
That's the only way you're going to know that you are going to be secure as
you move forward online.
Next from Answercast 46 – How did someone in another town login to my Facebook account?
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.