[Guide] How to CLEAN your PC from Keyloggers

by MagekĂ­d | 20/08/2008 15:50:25


FORUMS READ-ONLY NOTICE: Shammoz and I have decided that the guide will be posted under his name on the new forums. This is because we like the colour green and we want to assure people that the guide can be trusted.

We do have some plans to improve the guide, hopefully this'll make the process of cleaning your PC easier.

The guide on the new forums is placed at the General Forums at the moment, it will be moved to the In-Game Customer support section when the forums are ready.

Link: http://eu.battle.net/wow/en/forum/topic/900641537
Note: If the thread gets moved, the link might change and no longer work. Since the forums will be in read-only mode, I cannot adjust this. The title of the thread is "[Guide] How to SCAN and SECURE your PC" - and is posted by Shammoz.

Logicaly’s guide: How to CLEAN your PC from keyloggers.

Hi all, this guide will help you clean up your PC. Not just keyloggers, but also other malicious software.
Last update: August 4, 2010

Screenshots have now been added!!!
Please also take a look at the Unofficial Helper's Forum (with IRC!)
> http://www.bamboobix.info < (Thanks to Anayra for running this!)

First of all, a note:
Hijackthis is a tool, used for finding infections in your computer. Please note: THIS IS NOT A SCANNER. It shows both malicious rules, but also LEGIT rules. Do not fix rules in Hijackthis yourself!
You can find a list of forums that are qualified to look at your Hijackthis log here: http://asap.maddoktor2.com
In addition, here’s a list of forums where you can post your hijackthis logfile. – If you know any others, please let me know in a comment/reply!


You are also permitted to post your logfile in this thread. Please not that whatever you choose to do, please post your logfile at only one place. Posting it on multiple places is a waste of time for the helpers.

Before posting a Hijackthis log, please do the following steps upfront. I know this is a lot of work, but that way most malware is already deleted and your logfile can be looked at faster.
Please remember: Follow ALL steps, including step 7

Note: Vista/Win. 7 users must run installations and the downloaded programs as Administrator. You can do this by right-clicking the program and select Run as Administrator (The screenshot shows it for Hijackthis, You must use this for every program we use here)
http://img408.imageshack.us/img408/6665/guide1bb5.jpg <-- Screenshot

  • Download CCleaner here: http://www.piriform.com/ccleaner/download - and install it.

  • Once it’s booted, press the button to Clean up your system.
  • This can take a few minutes, depending on how much trash there is on your PC. Please read what is being removed, you might not want the program to remove your Internet History or saved passwords.
    Note: CCleaner can ask you to install Yahoo Toolbar during the installation. Uncheck this option if you do not want the toolbar!
    Screenshot: http://www.plaatjesupload.nl/bekijk/2010/02/08/1265647242-080.jpg

    2. Download SUPERAntiSpyware (http://downloads.superantispyware.com/downloads/SUPERAntiSpyware.exe )and install it.
    Afterwards, open the scanner and make sure it’s up-to-date. Press Scan Your Computer and then select Perform Complete Scan. Wait until the scan is complete. Once done, make sure everything is checked and press Next until everything is deleted/fixed. If it asks you to reboot, do so.
    Screenshot: http://www.plaatjesupload.nl/bekijk/2010/08/04/1280913154-790.jpg

  • Download Spybot Search & Destroy ( http://www.safer-networking.org/nl/mirrors/index.html ) and install it.

  • During the installation, uncheck "Use Internet Explorer protection (SDHelper)" and "Use system settings Protection (TeaTimer)"

  • After the installation, boot Spybot S & D. Search for updates first, and download them all.

  • Click on the Immunize tab afterwards, followed by clicking the Immunize button.
  • Wait until the operation has been completed.
  • Then go to the Search and Destroy tab. Click on Check All after that and wait until things are done.
  • Select all problems found, and repair the problems.
  • Close Spybot afterwards.
    Screenshot: http://www.plaatjesupload.nl/bekijk/2010/02/08/1265650645-650.jpg

  • Download MBAM (MalwareBytes' Anti-Malware) (http://www.malwarebytes.org/mbam-download.php ) - and install it. Make sure that at the end of the installation, Update MalwareBytes' Anti-Malware and Start MalwareBytes' Anti-Malware is checked.

  • Select Full Scan and start scanning. When it is done, select everything and delete the found objects.

  • A logfile will also open automatically. Save this logfile and post it together with your Hijackthis logfile.

  • The Logfile will automatically be saved at the Logs tab in MBAM.
    If MBAM found objects that can't be deleted, it will ask to reboot your computer. Allow this and restart your computer.
    Screenshot: http://www.plaatjesupload.nl/bekijk/2010/02/08/1265650977-740.jpg

    5. Do a full system scan with your virusscanner and remove all found infections.
    If you do not have a virusscanner – GET ONE ASAP!!- , you can scan online with one of these scanners. (Use Internet Explorer to scan)

    BitDefender: http://www.bitdefender.com/scan8/ie.html
    Panda: http://www.pandasoftware.com/activescan/com/activescan_principal.htm
    Kaspersky: http://www.kaspersky.nl/scanner

    Remove all infections found.

    6. Restart your computer.

  • Download Hijackthis http://go.trendmicro.com/free-tools/hijackthis/HijackThisInstaller.exe - and install it.

  • After the installation Hijackthis will open. Press Do a systemscan and save a logfile.
    A notepad file will open. In the Notepad file, press CTRL + A to select everything, CTRL + C to Copy everything. Then press CTRL + V in a new topic at the forum you want to post the log.

  • Screenshot: http://www.plaatjesupload.nl/bekijk/2010/02/08/1265651202-490.jpg

    Also paste the MBAM log on the forum you place the Hijackthis logfile.

    Many thanks for reading, if you have questions or problems, please ask :)

    Also: Please note: Doing this all, is NOT A GUARANTEE your computer is not infected. There is no scanner that has a 100% detection rate.

    - Logicaly
    PS. Logicaly is my new main. The old one was MagekĂ­d. It’s still me :D
    PS2. To that sneaky person posting in the US forums: WTB credits-link!
    PS3. Last update: Removed Ad-Aware, added SUPERAntiSpyware, changed a few lines :)

    [ Post edited by MagekĂ­d ]

    Anything that can go wrong, will go wrong.
    Life's one big game.

    by Vaneras | 20/08/2008 15:54:28


    Blue tagged as well :-)

    This should be very useful for those who were looking for attractive legs ;-)

    Behold! The glorious Epic Mug of Vaneras... More commonly known as The Alebringer:

    by Nephadne | 06/06/2010 19:48:45


    CS Forum Representative

    "This jam was made with fruit that agreed to be jam in the first place... volunteer fruit, also known as free-range fruit, allowed to casually chat to chickens."

    by Irylinne | 16/10/2009 16:39:24


    To save a little bit of space, all of our guides were collated into this sticky:

    [Guides] Our collection of How To Guides
    [Guides] Our collection of How To Guides

    Game Master // CS Forum Representative - EN
    Everybody stand back! I know regular expressions!

    by Natryndon | 20/03/2010 09:37:48


    Hello Pallidwarf. If the investigation into your account is now complete you are free to delete any characters created by the intruders.

    Keep up the good work in here guys.

    Natryndon - IGCS Forum Representative

    5 hanaka?! That only gives us 28 hours!

    by Nephadne | 03/05/2010 19:37:59


    Q u o t e:
    You're really helping people out with your work.. I would like to thank you for that.

    I’d like to second that also – this thread is an excellent resource for players, and we really appreciate its continued presence and all the hard work. <3

    CS Forum Representative

    "Toasters are good. I like toast. You've got a toaster and it's got a turny-dial on the side. And it lies to us...
    For it has numbers from 1 to 6 and they lie."

    by Natryndon | 18/05/2010 15:51:25


    Mmmm...large logs.

    Natryndon - IGCS Forum Representative

    5 hanaka?! That only gives us 28 hours!

    by Natryndon | 16/07/2010 16:27:14


    Q u o t e:

    Just want to say thank you again to you two for taking time out to check all of these, not just for me but for everyone that comes to you with a problem. I am a total Computer noob and none of this makes the tiniest bit of sense. I really hope Blizzard takes on board all this you do and rewards you appropriately.

    We take notice, yes. We offered them free /pandahugs, but they replied; “serving the greater good of the community is all the reward that a true gentleman needs.”

    It brought a tear to my eye.

    Natryndon - CS Forum Representative
    5 hanaka?! That only gives us 28 hours!

    by Natryndon | 16/11/2010 12:10:41


    Aye, they are doing an incredible job and we are hoping to transfer this excellent resource through to our new forums too.

    CS Forum Representative

    Serge is very happy...

    by Natryndon | 18/11/2010 12:34:05


    Hey Arthemea, sorry to hear about this, but I am glad to see that this fantastic resource is helping you out during this difficult time.

    It looks like the damage caused has already been rectified by our seemingly psychic in-game support team, but I just wanted to remind everyone to report any losses to one of our support agents as soon as possible. The more time that passes, the harder it becomes for us to reclaim and refund everything.

    Good luck my friend.

    CS Forum Representative

    Serge is very happy...

    by Natryndon | 23/11/2010 17:28:55


    And now, the end is near,
    And so I face the final curtain.
    My friends, I'll say it clear;
    I'll state my case of which I'm certain.

    I've lived a life that's full -
    I've travelled each and every hijackthisway.
    And more, much more than this,
    I did it my way.


    So long.

    [ Post edited by Natryndon ]

    CS Forum Representative

    New Customer Support forum can be found here;

    Blizzard Announcement Recent Blizzard Announcements


    Loaded in 0.16070 seconds